Issue
What were you trying to do that didn't work?
Error: RESOURCE_LEAK (CWE-772):
dnsmasq-2.85/src/option.c:1790: alloc_fn: Storage is returned from allocation function "opt_malloc".
dnsmasq-2.85/src/option.c:1790: var_assign: Assigning: "path" = storage returned from "opt_malloc(strlen(directory) + len + 2UL)".
dnsmasq-2.85/src/option.c:1791: noescape: Resource "path" is not freed or pointed-to in "strcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
dnsmasq-2.85/src/option.c:1792: noescape: Resource "path" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
dnsmasq-2.85/src/option.c:1793: noescape: Resource "path" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
dnsmasq-2.85/src/option.c:1796: noescape: Resource "path" is not freed or pointed-to in "stat".
dnsmasq-2.85/src/option.c:1790: overwrite_var: Overwriting "path" in "path = opt_malloc(strlen(directory) + len + 2UL)" leaks the storage that "path" points to.
# 1788|
continue;
# 1789|
# 1790|->
path = opt_malloc(strlen(directory) + len + 2);
# 1791|
strcpy(path, directory);
# 1792|
strcat(path, "/");
#
Please provide the package NVR for which bug is seen:
How reproducible:
Steps to reproduce
Expected results
Fixed initialization.
Actual results
Fix. Existing leak, but done only when conf-dir points to non-regular files. Not usable for attack, but should be fixed
