From 2c628e4762aa6bd97304d3fcca66cc99dee62e34 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 6 May 2021 21:35:55 +0200
Subject: [PATCH] libnmc-base:fix leak in NMSecretAgentSimple's
 request_secrets_from_ui()

Found by Coverity:

  Error: RESOURCE_LEAK (CWE-772): [#def271] [important]
  NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:874: alloc_fn: Storage is returned from allocation function "nm_utils_ssid_to_utf8".
  NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:874: var_assign: Assigning: "ssid_utf8" = storage returned from "nm_utils_ssid_to_utf8(g_bytes_get_data(ssid, NULL), g_bytes_get_size(ssid))".
  NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:877: noescape: Resource "ssid_utf8" is not freed or pointed-to in "g_strdup_printf".
  NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:882: leaked_storage: Variable "ssid_utf8" going out of scope leaks the storage it points to.
  #  880|
  #  881|           if (!add_wireless_secrets(request, secrets))
  #  882|->             goto out_fail;
  #  883|       } else if (nm_connection_is_type(request->connection, NM_SETTING_WIRED_SETTING_NAME)) {
  #  884|           title = _("Wired 802.1X authentication");

  Error: RESOURCE_LEAK (CWE-772): [#def272] [important]
  NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:874: alloc_fn: Storage is returned from allocation function "nm_utils_ssid_to_utf8".
  NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:874: var_assign: Assigning: "ssid_utf8" = storage returned from "nm_utils_ssid_to_utf8(g_bytes_get_data(ssid, NULL), g_bytes_get_size(ssid))".
  NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:877: noescape: Resource "ssid_utf8" is not freed or pointed-to in "g_strdup_printf".
  NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:883: leaked_storage: Variable "ssid_utf8" going out of scope leaks the storage it points to.
  #  881|           if (!add_wireless_secrets(request, secrets))
  #  882|               goto out_fail;
  #  883|->     } else if (nm_connection_is_type(request->connection, NM_SETTING_WIRED_SETTING_NAME)) {
  #  884|           title = _("Wired 802.1X authentication");
  #  885|           msg   = g_strdup_printf(_("Secrets are required to access the wired network %s"),

Fixes: 3fbabde4c3b9 ('libnm-core: replace GByteArray with pointer + length in some APIs')
---
 src/libnmc-base/nm-secret-agent-simple.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libnmc-base/nm-secret-agent-simple.c b/src/libnmc-base/nm-secret-agent-simple.c
index 69617d0fee..419a9a6ebf 100644
--- a/src/libnmc-base/nm-secret-agent-simple.c
+++ b/src/libnmc-base/nm-secret-agent-simple.c
@@ -867,7 +867,7 @@ request_secrets_from_ui(RequestData *request)
     if (nm_connection_is_type(request->connection, NM_SETTING_WIRELESS_SETTING_NAME)) {
         NMSettingWireless *s_wireless;
         GBytes *           ssid;
-        char *             ssid_utf8;
+        gs_free char *     ssid_utf8 = NULL;
 
         s_wireless = nm_connection_get_setting_wireless(request->connection);
         ssid       = nm_setting_wireless_get_ssid(s_wireless);