Fix one-off memory leak when build with Linux capability support.

* src/secmem.c (lock_pool, secmem_init): Use cap_free.  Reported by
Mike Crowe <mac@mcrowe.com>.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 21 insertions, 6 deletions

diff --git a/src/secmem.c b/src/secmem.c
index c350bc93..fd2cdf4b 100644
--- a/src/secmem.c
+++ b/src/secmem.c
@@ -243,11 +243,20 @@ lock_pool (void *p, size_t n)
 #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK)
   int err;
 
-  cap_set_proc (cap_from_text ("cap_ipc_lock+ep"));
-  err = no_mlock? 0 : mlock (p, n);
-  if (err && errno)
-    err = errno;
-  cap_set_proc (cap_from_text ("cap_ipc_lock+p"));
+  {
+    cap_t cap;
+
+    cap = cap_from_text ("cap_ipc_lock+ep");
+    cap_set_proc (cap);
+    cap_free (cap);
+    err = no_mlock? 0 : mlock (p, n);
+    if (err && errno)
+      err = errno;
+    cap_set_proc (cap_from_text ("cap_ipc_lock+p"));
+    cap = cap_from_text ("cap_ipc_lock+p");
+    cap_set_proc (cap);
+    cap_free(cap);
+  }
 
   if (err)
     {
@@ -474,7 +483,13 @@ secmem_init (size_t n)
     {
 #ifdef USE_CAPABILITIES
       /* drop all capabilities */
-      cap_set_proc (cap_from_text ("all-eip"));
+      {
+        cap_t cap;
+
+        cap = cap_from_text ("all-eip");
+        cap_set_proc (cap);
+        cap_free (cap);
+      }
 
 #elif !defined(HAVE_DOSISH_SYSTEM)
       uid_t uid;