From 74b564d1c9511d85c46e1d263eb94825de4a1157 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 28 Aug 2018 08:46:37 -0400
Subject: memory leaks

---
 src/firecfg/desktop_files.c                 |  8 ++++++++
 src/firejail/cmdline.c                      |  1 +
 src/firejail/fs_whitelist.c                 | 11 +++++++----
 src/fsec-print/main.c                       |  3 ++-
 src/libpostexecseccomp/libpostexecseccomp.c |  2 +-
 5 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
index 71b39390e..de2b8cfa2 100644
--- a/src/firecfg/desktop_files.c
+++ b/src/firecfg/desktop_files.c
@@ -144,6 +144,8 @@ void fix_desktop_files(char *homedir) {
 		perror("opendir");
 		fprintf(stderr, "Warning: cannot access /usr/share/applications directory, desktop files fixing skipped...\n");
 		free(user_apps_dir);
+		if (dir)
+			closedir(dir);
 		return;
 	}
 
@@ -266,12 +268,16 @@ void fix_desktop_files(char *homedir) {
 
 		if (stat(outname, &sb) == 0) {
 			printf("   %s skipped: file exists\n", filename);
+			if (change_exec)
+				free(change_exec);
 			continue;
 		}
 
 		FILE *fpin = fopen(filename, "r");
 		if (!fpin) {
 			fprintf(stderr, "Warning: cannot open /usr/share/applications/%s\n", filename);
+			if (change_exec)
+				free(change_exec);
 			continue;
 		}
 
@@ -279,6 +285,8 @@ void fix_desktop_files(char *homedir) {
 		if (!fpout) {
 			fprintf(stderr, "Warning: cannot open ~/.local/share/applications/%s\n", outname);
 			fclose(fpin);
+			if (change_exec)
+				free(change_exec);
 			continue;
 		}
 		fprintf(fpout, "# converted by firecfg\n");
diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c
index ce1e281a5..1fe5a2398 100644
--- a/src/firejail/cmdline.c
+++ b/src/firejail/cmdline.c
@@ -208,4 +208,5 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc,
 
 	// free strdup
 	free(tmp1);
+	free(command_line_tmp);
 }
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 602985b4e..9b68b6753 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -371,10 +371,13 @@ void fs_whitelist(void) {
 
 		// resolve macros
 		if (is_macro(dataptr)) {
-			char *tmp = resolve_macro(dataptr);
-			if (tmp != NULL)
-				tmp = parse_nowhitelist(nowhitelist_flag, tmp);
-
+			char *tmp = resolve_macro(dataptr); // returns allocated mem
+			if (tmp != NULL) {
+				char *tmp1 = parse_nowhitelist(nowhitelist_flag, tmp);
+				assert(tmp1);
+				free(tmp);
+				tmp = tmp1;
+			}
 			if (tmp) {
 				entry->data = tmp;
 				dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
index 94c60687f..5a1e34080 100644
--- a/src/fsec-print/main.c
+++ b/src/fsec-print/main.c
@@ -74,7 +74,8 @@ printf("\n");
 	close(fd);
 	return 0;
 errexit:
-	close(fd);
+	if (fd != -1)
+		close(fd);
 	fprintf(stderr, "Error: cannot read %s\n", fname);
 	exit(1);
 
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c
index 0ccb74b10..6d2c8c695 100644
--- a/src/libpostexecseccomp/libpostexecseccomp.c
+++ b/src/libpostexecseccomp/libpostexecseccomp.c
@@ -31,7 +31,7 @@ static void load_seccomp(void) {
 	if (fd == -1)
 		return;
 
-	int size = lseek(fd, 0, SEEK_END);
+	off_t size = lseek(fd, 0, SEEK_END);
 	unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);
 	struct sock_filter *filter = MAP_FAILED;
 	if (size != 0)
-- 
cgit v1.2.3-54-g00ecf