semanage: disconnect to free libsemanage internals

Destroying the handle does not actually disconnect, see [1].
Also free the key on user removal.

[1]: e9072e7d45/libsemanage/src/direct_api.c (L330)

Example adduser leak:

    Direct leak of 1008 byte(s) in 14 object(s) allocated from:
        #0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
        #1 0x7fb5cfffad09 in dbase_file_init src/database_file.c:170:45

    Direct leak of 392 byte(s) in 7 object(s) allocated from:
        #0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
        #1 0x7fb5cfffc929 in dbase_policydb_init src/database_policydb.c:187:27

    Direct leak of 144 byte(s) in 2 object(s) allocated from:
        #0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
        #1 0x7fb5cfffb519 in dbase_join_init src/database_join.c:249:28

    [...]
This commit is contained in:
Christian Göttsche 2023-04-01 14:11:06 +02:00 committed by Serge Hallyn
parent a8dd8ce6c9
commit 7078ed1e0b

View File

@ -97,6 +97,8 @@ static semanage_handle_t *semanage_init (void)
return handle;
fail:
if (handle)
semanage_disconnect (handle);
semanage_handle_destroy (handle);
return NULL;
}
@ -156,7 +158,7 @@ done:
static int semanage_user_add (semanage_handle_t *handle,
semanage_seuser_key_t *key,
const semanage_seuser_key_t *key,
const char *login_name,
const char *seuser_name,
const char *serange)
@ -279,6 +281,8 @@ int set_seuser (const char *login_name, const char *seuser_name, const char *ser
done:
semanage_seuser_key_free (key);
if (handle)
semanage_disconnect (handle);
semanage_handle_destroy (handle);
return ret;
}
@ -353,6 +357,9 @@ int del_seuser (const char *login_name)
ret = 0;
done:
semanage_seuser_key_free (key);
if (handle)
semanage_disconnect (handle);
semanage_handle_destroy (handle);
return ret;
}