From: Yunjin Lee <yunjin-.lee@samsung.com>
Date: Mon, 20 Jul 2020 10:05:17 +0000 (+0900)
Subject: Fix potential memory leak
X-Git-Tag: submit/tizen/20200720.104233~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ddf22cb0fe3e70d10747c7de6e0d5e5a2182c8dc;p=platform%2Fcore%2Fsecurity%2Fprivilege-checker.git

Fix potential memory leak

- If TRY_INIT_DB fails, string allocated by __make_privilege_list_str()
will be lost.

Change-Id: I2d7e3b9ccb6b1cf3bd4d1e18a33d6e60f9acbaeb
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
---

diff --git a/capi/src/privilege_db_manager.c b/capi/src/privilege_db_manager.c
index cb3eebf..39fe2f1 100755
--- a/capi/src/privilege_db_manager.c
+++ b/capi/src/privilege_db_manager.c
@@ -243,15 +243,12 @@ int privilege_db_manager_check_black_list(uid_t uid, privilege_manager_package_t
 	int ret = 0;
 	int count = 0;
 
-	char *privilege_list_str = NULL;
-	ret = __make_privilege_list_str(privilege_list, &privilege_list_str);
-	if (ret == -1) {
-		_LOGE("__make_privilege_list_str() failed.");
-		return PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY;
-	}
-
 	TRY_INIT_DB(PRIVILEGE_DB_TYPE_POLICY_RO, &db);
 
+	char *privilege_list_str = NULL;
+    ret = __make_privilege_list_str(privilege_list, &privilege_list_str);
+    TryReturn(ret == 0 && privilege_list_str != NULL, sqlite3_close(db), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] making privilege_list_str for where in query is failed.");
+
 	char *sql = sqlite3_mprintf("select distinct privilege_name from prevent_list where privilege_name in(%s)and (uid=%d or uid=%d) and package_type=%d", privilege_list_str, uid, GLOBAL_USER, package_type);
 	sqlite3_free(privilege_list_str);
 
@@ -314,19 +311,18 @@ int privilege_db_manager_get_mapped_privilege_list(const char *api_version, priv
 	sqlite3_stmt *stmt = NULL;
 	int ret;
 
-	GList *temp_privilege_list = NULL;
+	TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
 
 	char *privilege_list_str = NULL;
 	ret = __make_privilege_list_str(privilege_list, &privilege_list_str);
 	TryReturn(ret == 0 && privilege_list_str != NULL, sqlite3_close(db), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] making privilege_list_str for where in query is failed.");
 
-	TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
-
 	char *sql =  sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where package_type_id=%d and privilege_name in(%s) and from_api_version<=%Q and to_api_version>%Q", package_type, privilege_list_str, api_version, api_version, package_type);
 	sqlite3_free(privilege_list_str);
 
 	TRY_PREPARE_STMT(db, sql, &stmt);
 
+	GList *temp_privilege_list = NULL;
 	do {
 		ret = sqlite3_step(stmt);
 		if (ret == SQLITE_ROW) {
@@ -575,6 +571,7 @@ int privilege_db_manager_is_disabled_privilege(uid_t uid, const char* privilege)
 {
 	sqlite3 *db = NULL;
 	sqlite3_stmt *stmt = NULL;
+
 	TRY_INIT_DB(PRIVILEGE_DB_TYPE_POLICY_RO, &db);
 
 	char *sql = sqlite3_mprintf("select * from disable_list where privilege_name=%Q and (uid=%d or uid=%d)", privilege, uid, GLOBAL_USER);
@@ -680,6 +677,7 @@ int privilege_db_manager_get_same_privacy_grouped_privileges(const char* privile
 	sqlite3 *db = NULL;
 	sqlite3_stmt *stmt = NULL;
 	int ret;
+
 	TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
 
 	char *sql = sqlite3_mprintf("select distinct privilege_name from privilege_info where privacy_name=(select distinct privacy_name from privilege_info where privilege_name=%Q and is_privacy=1)", privilege);
diff --git a/capi/src/privilege_info.c b/capi/src/privilege_info.c
index 45bc379..8f284fa 100755
--- a/capi/src/privilege_info.c
+++ b/capi/src/privilege_info.c
@@ -530,10 +530,10 @@ static privilege_manager_visibility_e __get_pkg_cert_level(uid_t uid, const char
 	CertSvcVisibility visibility = CERTSVC_VISIBILITY_PUBLIC;
 
 	ret = certsvc_instance_new(&instance);
-	TryReturn(ret == CERTSVC_SUCCESS, , PRVMGR_PACKAGE_VISIBILITY_NONE, "certsvc_instance_new() failed. ret = %d", ret);
+	TryReturn(ret == CERTSVC_SUCCESS, g_free(temp_cert), PRVMGR_PACKAGE_VISIBILITY_NONE, "certsvc_instance_new() failed. ret = %d", ret);
 
 	ret = certsvc_certificate_new_from_memory(instance, (const unsigned char *)temp_cert, strlen(temp_cert), CERTSVC_FORM_DER_BASE64, &certificate);
-	TryReturn(ret == CERTSVC_SUCCESS, certsvc_instance_free(instance), PRVMGR_PACKAGE_VISIBILITY_NONE, "certsvc_certificate_new_from_memory() failed. ret = %d", ret);
+	TryReturn(ret == CERTSVC_SUCCESS, g_free(temp_cert); certsvc_instance_free(instance), PRVMGR_PACKAGE_VISIBILITY_NONE, "certsvc_certificate_new_from_memory() failed. ret = %d", ret);
 
 	g_free(temp_cert);