From cb0d66d55a674b5713c0e334159e4aecab0d4746 Mon Sep 17 00:00:00 2001
From: Georgia Garcia <georgia.garcia@canonical.com>
Date: Mon, 4 Aug 2025 17:28:14 -0300
Subject: [PATCH 1/5] parser: fix leaks in deleted variables

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
---
 parser/parser_variable.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/parser/parser_variable.c b/parser/parser_variable.c
index 857c474d1..fc0c92312 100644
--- a/parser/parser_variable.c
+++ b/parser/parser_variable.c
@@ -188,24 +188,21 @@ cleanup:
 	if (prof->attachment) {
 		tmp = symtab::delete_var(PROFILE_EXEC_VAR);
 		delete tmp;
-		if (saved_exec_path) {
+		if (saved_exec_path)
 			symtab::add_var(*saved_exec_path);
-			delete saved_exec_path;
-		}
 	}
 cleanup_attach:
 	if (prof->attachment) {
 		tmp = symtab::delete_var(PROFILE_ATTACH_VAR);
 		delete tmp;
-		if (saved_attach_path) {
+		if (saved_attach_path)
 			symtab::add_var(*saved_attach_path);
-			delete saved_attach_path;
-		}
 	}
 cleanup_name:
 	tmp = symtab::delete_var(PROFILE_NAME_VARIABLE);
 	delete tmp;
-
+	delete saved_exec_path;
+	delete saved_attach_path;
 out:
 	return error;
 }

From 05458768cf27d5c166521762e5c1223dc6e47ab3 Mon Sep 17 00:00:00 2001
From: Georgia Garcia <georgia.garcia@canonical.com>
Date: Mon, 4 Aug 2025 17:43:51 -0300
Subject: [PATCH 2/5] parser: constify and pass by reference unchanged value

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
---
 parser/variable.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/parser/variable.cc b/parser/variable.cc
index 47dfd6e82..5f535d5f1 100644
--- a/parser/variable.cc
+++ b/parser/variable.cc
@@ -189,7 +189,7 @@ static void trim_trailing_slash(std::string& str)
 		str.clear(); // str is all '/'
 }
 
-int copy_value_to_name(std::string value, char **name)
+int copy_value_to_name(const std::string& value, char **name)
 {
 	free(*name);
 	*name = strdup(value.c_str());

From 3faddfcf46ffb385c2a6e3c296ef953a8f066c23 Mon Sep 17 00:00:00 2001
From: Georgia Garcia <georgia.garcia@canonical.com>
Date: Mon, 4 Aug 2025 18:49:24 -0300
Subject: [PATCH 3/5] parser: fix coverity's "not restoring ostream format"

Save the ostream flags and restore them after the std::hex
modification.

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
---
 parser/mount.cc | 3 +++
 parser/rule.h   | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/parser/mount.cc b/parser/mount.cc
index 31f38c825..c7f11f4aa 100644
--- a/parser/mount.cc
+++ b/parser/mount.cc
@@ -570,6 +570,8 @@ ostream &mnt_rule::dump(ostream &os)
 {
 	prefix_rule_t::dump(os);
 
+	std::ios::fmtflags fmt(os.flags());
+
 	if (perms & AA_MAY_MOUNT)
 		os << "mount";
 	else if (perms & AA_MAY_UMOUNT)
@@ -603,6 +605,7 @@ ostream &mnt_rule::dump(ostream &os)
 	os << " " << "(0x" << hex << perms << "/0x" << (audit != AUDIT_UNSPECIFIED ? perms : 0) << ")";
 	os << ",\n";
 
+	os.flags(fmt);
 	return os;
 }
 
diff --git a/parser/rule.h b/parser/rule.h
index 6a0bec8ae..7d86e3d1d 100644
--- a/parser/rule.h
+++ b/parser/rule.h
@@ -431,11 +431,14 @@ public:
 	ostream &dump(ostream &os) override {
 		class_rule_t::dump(os);
 
+		std::ios::fmtflags fmt(os.flags());
+
 		if (saved)
 			os << "(0x" << std::hex << perms << "/orig " << saved << ") ";
 		else
 			os << "(0x" << std::hex << perms << ") ";
 
+		os.flags(fmt);
 		return os;
 	}
 
@@ -460,7 +463,11 @@ public:
 	ostream &dump(ostream &os) override {
 		class_rule_t::dump(os);
 
+		std::ios::fmtflags fmt(os.flags());
+
 		os << "(0x" << std::hex << perms << ") ";
+
+		os.flags(fmt);
 		return os;
 	}
 

From 8b2e2c3358a167e81495bf365b19149dfcba65f4 Mon Sep 17 00:00:00 2001
From: Georgia Garcia <georgia.garcia@canonical.com>
Date: Mon, 4 Aug 2025 18:50:54 -0300
Subject: [PATCH 4/5] parser: free leaking cod_entry in case of failure in
 do_alias

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
---
 parser/parser_alias.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/parser/parser_alias.c b/parser/parser_alias.c
index 635f8c880..9e840599b 100644
--- a/parser/parser_alias.c
+++ b/parser/parser_alias.c
@@ -133,8 +133,10 @@ static void process_entries(const void *nodep, VISIT value, int level unused)
 		if (entry->link_name &&
 		    strncmp((*t)->from, entry->link_name, len) == 0) {
 			char *n = do_alias(*t, entry->link_name);
-			if (!n)
+			if (!n) {
+				free_cod_entries(dup);
 				return;
+			}
 			if (!dup)
 				dup = copy_cod_entry(entry);
 			free(dup->link_name);

From b8dee97ed3fe21f4db0d20a1c2e7bdd18c920ee6 Mon Sep 17 00:00:00 2001
From: Georgia Garcia <georgia.garcia@canonical.com>
Date: Mon, 4 Aug 2025 18:54:36 -0300
Subject: [PATCH 5/5] parser: fix leaking name in variable expansion

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/533
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
---
 parser/variable.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/parser/variable.cc b/parser/variable.cc
index 5f535d5f1..c17d7e2c6 100644
--- a/parser/variable.cc
+++ b/parser/variable.cc
@@ -307,6 +307,7 @@ int variable::expand_variable()
 		}
 		name = variable::process_var(var.c_str());
 		variable *ref = symtab::lookup_existing_symbol(name);
+		free(name);
 		if (!ref) {
 			PERROR("Failed to find declaration for: %s\n", var.c_str());
 			rc = 1;
@@ -336,7 +337,6 @@ int variable::expand_variable()
 	}
 
 out:
-	free(name);
 	expanding = false;
 	return rc;
 }