From 440b9d85b4c2dee855c845c7a1c25f3e444e320a Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 4 Dec 2014 17:18:54 +0100
Subject: [PATCH] libnm: fix leak in nm_utils_uuid_generate_from_strings()

Did not free the GString instance @str. Thereby,
also don't use GString. Just malloc() the temporary
buffer.

Fixes: e7661c9b525e5a4cd3bafe605b4fc464a4d5f620
---
 libnm-core/nm-utils.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/libnm-core/nm-utils.c b/libnm-core/nm-utils.c
index e4b3519c70..22804b7b30 100644
--- a/libnm-core/nm-utils.c
+++ b/libnm-core/nm-utils.c
@@ -1985,19 +1985,20 @@ nm_utils_uuid_generate_from_string (const char *s, gssize slen, int uuid_type, g
 		break;
 	case NM_UTILS_UUID_TYPE_VARIANT3: {
 		uuid_t ns_uuid = { 0 };
-		GString *str;
+		char *str;
 
 		if (type_args) {
 			/* type_args can be a name space UUID. Interpret it as (char *) */
 			if (uuid_parse ((char *) type_args, ns_uuid) != 0)
 				g_return_val_if_reached (NULL);
 		}
-		str = g_string_sized_new (sizeof (ns_uuid) + slen + 1);
-		g_string_append_len (str, (const char *) ns_uuid, sizeof (ns_uuid));
-		g_string_append_len (str, s, slen);
-		crypto_md5_hash (NULL, 0, str->str, str->len, (char *) uuid, sizeof (uuid));
+		str = g_new (char, sizeof (ns_uuid) + slen);
+		memcpy (&str[0], ns_uuid, sizeof (ns_uuid));
+		memcpy (&str[sizeof (ns_uuid)], s, slen);
+		crypto_md5_hash (NULL, 0, str, sizeof (ns_uuid) + slen, (char *) uuid, sizeof (uuid));
 		uuid[6] = (uuid[6] & 0x0F) | 0x30;
 		uuid[8] = (uuid[8] & 0x3F) | 0x80;
+		g_free (str);
 		break;
 	}
 	default: