diff options
author | Werner Koch <wk@gnupg.org> | 2013-10-22 14:26:53 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2013-12-09 20:27:36 +0100 |
commit | 9a37470c50ee9966cb2652617a404ddd54a9c096 (patch) | |
tree | 53e576a58c607951d9739505a8f5a1de8e9c9c23 /src | |
parent | 2516f0b660b1a7181ad38c44310c627f4f498595 (diff) | |
download | libgcrypt-9a37470c50ee9966cb2652617a404ddd54a9c096.tar.gz |
Fix one-off memory leak when build with Linux capability support.
* src/secmem.c (lock_pool, secmem_init): Use cap_free. Reported by
Mike Crowe <mac@mcrowe.com>.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/secmem.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/src/secmem.c b/src/secmem.c index c350bc93..fd2cdf4b 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -243,11 +243,20 @@ lock_pool (void *p, size_t n) #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK) int err; - cap_set_proc (cap_from_text ("cap_ipc_lock+ep")); - err = no_mlock? 0 : mlock (p, n); - if (err && errno) - err = errno; - cap_set_proc (cap_from_text ("cap_ipc_lock+p")); + { + cap_t cap; + + cap = cap_from_text ("cap_ipc_lock+ep"); + cap_set_proc (cap); + cap_free (cap); + err = no_mlock? 0 : mlock (p, n); + if (err && errno) + err = errno; + cap_set_proc (cap_from_text ("cap_ipc_lock+p")); + cap = cap_from_text ("cap_ipc_lock+p"); + cap_set_proc (cap); + cap_free(cap); + } if (err) { @@ -474,7 +483,13 @@ secmem_init (size_t n) { #ifdef USE_CAPABILITIES /* drop all capabilities */ - cap_set_proc (cap_from_text ("all-eip")); + { + cap_t cap; + + cap = cap_from_text ("all-eip"); + cap_set_proc (cap); + cap_free (cap); + } #elif !defined(HAVE_DOSISH_SYSTEM) uid_t uid; |