From c30b23e3657a2838a99daa8bd2d16909c027a261 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Tue, 11 Feb 2020 09:07:00 +0000 Subject: [PATCH] seccomp: fix resource leak Fix coverity reported resource leaks: CID 1446217: (RESOURCE_LEAK) Variable "filter" going out of scope leaks the storage it points to. Signed-off-by: Kevin Darbyshire-Bryant --- jail/seccomp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/jail/seccomp.c b/jail/seccomp.c index fae08f9..a00250c 100644 --- a/jail/seccomp.c +++ b/jail/seccomp.c @@ -126,7 +126,7 @@ int install_syscall_filter(const char *argv, const char *file) if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { ERROR("%s: prctl(PR_SET_NO_NEW_PRIVS) failed: %m\n", argv); - return errno; + goto errout; } prog.len = (unsigned short) idx + 1; @@ -134,7 +134,11 @@ int install_syscall_filter(const char *argv, const char *file) if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { ERROR("%s: prctl(PR_SET_SECCOMP) failed: %m\n", argv); - return errno; + goto errout; } return 0; + +errout: + free(filter); + return errno; } -- 2.25.1