Headline
CVE-2021-42523: potential memory leak: forgetting to free error message of libsqlite3 API 'sqlite3_exec' -1 · Issue #110 · hughsie/colord
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the ‘err_msg’ of ‘sqlite3_exec’ is not releasing after use, while libxml2 emphasizes that the caller needs to release it.
According to libsqlite3 API document, “To avoid memory leaks, the application should invoke sqlite3_free() on error message strings returned through the 5th parameter of sqlite3_exec() after the error message string is no longer needed.”
rc = sqlite3_exec (priv->db, "SELECT * FROM properties_v2 LIMIT 1",
NULL, NULL, &error_msg);
if (rc != SQLITE_OK) {
statement = "CREATE TABLE properties_v2 ("
“device_id TEXT,”
“property TEXT,”
“value TEXT,”
"PRIMARY KEY (device_id, property));";
sqlite3_exec (priv->db, statement, NULL, NULL, NULL);
}
return TRUE;