Fix coverity-reported leak in virSecurityManagerGenLabel

Coverity complains about a possible leak of seclabel if
!sec_managers[i]->drv->domainGenSecurityLabel is true
and the seclabel might be overwritten by the next iteration
of the loop.

This leak should never happen, because every security driver
has domainGenSecurityLabel defined.

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index d68c7e949e0e40273a4ee595e8aeeb681830313c..79edb07e91bfc4df2ec95be9cb9bdf5366b822ed 100644 (file)
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -514,6 +514,8 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
 
         if (!sec_managers[i]->drv->domainGenSecurityLabel) {
             virReportUnsupportedError();
+            virSecurityLabelDefFree(seclabel);
+            seclabel = NULL;
         } else {
             /* The seclabel must be added to @vm prior calling domainGenSecurityLabel
              * which may require seclabel to be presented already */