seccomp: fix resource leak

Fix coverity reported resource leaks:

CID 1446217:    (RESOURCE_LEAK)
   Variable "filter" going out of scope leaks the storage it points to.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

diff --git a/jail/seccomp.c b/jail/seccomp.c
index fae08f98ee2f4efa47171db7566a2a3eb257e008..a00250c7342f99fb11c85b79095cab0fc295c6f1 100644 (file)
--- a/jail/seccomp.c
+++ b/jail/seccomp.c
@@ -126,7 +126,7 @@ int install_syscall_filter(const char *argv, const char *file)
 
        if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
                ERROR("%s: prctl(PR_SET_NO_NEW_PRIVS) failed: %m\n", argv);
-               return errno;
+               goto errout;
        }
 
        prog.len = (unsigned short) idx + 1;
@@ -134,7 +134,11 @@ int install_syscall_filter(const char *argv, const char *file)
 
        if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
                ERROR("%s: prctl(PR_SET_SECCOMP) failed: %m\n", argv);
-               return errno;
+               goto errout;
        }
        return 0;
+
+errout:
+       free(filter);
+       return errno;
 }