Refactored cleanup section of _xccdf_fix_execute.

matejak · matejak · commit a65e2429aee3 · 2018-10-02T16:19:58.000+02:00
`fix_text` is allocated in `_xccdf_fix_decode_xml` and was possibly freed in `_write_text_to_fd_and_free`,
but in meantime could have been be jumped over free, causing a memory leak.
diff --git a/src/XCCDF_POLICY/xccdf_policy_remediate.c b/src/XCCDF_POLICY/xccdf_policy_remediate.c
@@ -378,7 +378,7 @@ static inline int _xccdf_fix_execute(struct xccdf_rule_result *rr, struct xccdf_
 		goto cleanup;
 	}
 
-	if (_write_text_to_fd_and_free(fd, fix_text) != 0) {
+	if (_write_text_to_fd(fd, fix_text) != 0) {
 		_rule_add_info_message(rr, "Could not write to the temp file: %s", strerror(errno));
 		(void) close(fd);
 		goto cleanup;
@@ -440,6 +440,7 @@ static inline int _xccdf_fix_execute(struct xccdf_rule_result *rr, struct xccdf_
 
 cleanup:
 	oscap_acquire_cleanup_dir(&temp_dir);
+	free(fix_text);
 	return result;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -378,7 +378,7 @@ static inline int _xccdf_fix_execute(struct xccdf_rule_result *rr, struct xccdf_`
`378`	`378`	`goto cleanup;`
`379`	`379`	`}`
`380`	`380`
`381`		`- if (_write_text_to_fd_and_free(fd, fix_text) != 0) {`
	`381`	`+ if (_write_text_to_fd(fd, fix_text) != 0) {`
`382`	`382`	`_rule_add_info_message(rr, "Could not write to the temp file: %s", strerror(errno));`
`383`	`383`	`(void) close(fd);`
`384`	`384`	`goto cleanup;`
`@@ -440,6 +440,7 @@ static inline int _xccdf_fix_execute(struct xccdf_rule_result *rr, struct xccdf_`
`440`	`440`
`441`	`441`	`cleanup:`
`442`	`442`	`oscap_acquire_cleanup_dir(&temp_dir);`
	`443`	`+ free(fix_text);`
`443`	`444`	`return result;`
`444`	`445`	`}`
`445`	`446`