From 77747a36a9afd4b9e27af608301487b44d681b4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 6 Nov 2024 11:49:06 +0100
Subject: [PATCH] checkpolicy: avoid leak of identifier on required attribute
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Example policy generated by fuzzer:

    class s
    sid k
    class s { i }
    optional{
      require{
        attribute i;
      }
    }
    type m;
    typealias m alias i;

    typeai

Reported-by: oss-fuzz (issue 377576480)
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
 policy_define.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy_define.c b/policy_define.c
index dc404530..9ae8c4d4 100644
--- a/policy_define.c
+++ b/policy_define.c
@@ -1287,6 +1287,7 @@ static int add_aliases_to_type(type_datum_t * type)
 				aliasdatum->primary = type->s.value;
 				aliasdatum->flavor = TYPE_ALIAS;
 
+				free(id);
 				break;
 			}
 		default:{
-- 
2.33.0