samples/landlock: Fix incorrect free in populate_ruleset_net

Pointer env_port_name changes after strsep(). Memory allocated via
strdup() will not be freed if landlock_add_rule() returns non-zero value.

Fixes: 5e990dcef12e ("samples/landlock: Support TCP restrictions")
Signed-off-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Reviewed-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Link: https://lore.kernel.org/r/20240326095625.3576164-1-ivanov.mikhail1@huawei-partners.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>

diff --git a/samples/landlock/sandboxer.c b/samples/landlock/sandboxer.c
index 32e930c853bba4d160aa0760ff0c9279e5470477..8b8ecd65c28c4205cf4a006685f4a5e5b302d31b 100644 (file)
--- a/samples/landlock/sandboxer.c
+++ b/samples/landlock/sandboxer.c
@@ -153,7 +153,7 @@ static int populate_ruleset_net(const char *const env_var, const int ruleset_fd,
                                const __u64 allowed_access)
 {
        int ret = 1;
-       char *env_port_name, *strport;
+       char *env_port_name, *env_port_name_next, *strport;
        struct landlock_net_port_attr net_port = {
                .allowed_access = allowed_access,
                .port = 0,
@@ -165,7 +165,8 @@ static int populate_ruleset_net(const char *const env_var, const int ruleset_fd,
        env_port_name = strdup(env_port_name);
        unsetenv(env_var);
 
-       while ((strport = strsep(&env_port_name, ENV_DELIMITER))) {
+       env_port_name_next = env_port_name;
+       while ((strport = strsep(&env_port_name_next, ENV_DELIMITER))) {
                net_port.port = atoi(strport);
                if (landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT,
                                      &net_port, 0)) {