From ff60ec227d8bff68104c2a060c84bdedc451018c Mon Sep 17 00:00:00 2001
From: Albert S <mail@quitesimple.org>
Date: Sun, 23 Oct 2022 19:48:33 +0200
Subject: [PATCH] perform_mounts(): Fix potential leak and fix iteration

We would not free 'concat_path' in all potential paths.
Also, the iteration would not continue potentially.

This was case unlikely to be hit in practise.
---
 exile.c | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/exile.c b/exile.c
index 2674170..1f31804 100644
--- a/exile.c
+++ b/exile.c
@@ -870,18 +870,18 @@ static int perform_mounts(const char *chroot_target_path, struct exile_path_poli
 {
 	while(path_policy != NULL)
 	{
-		int mount_flags = get_policy_mount_flags(path_policy);
-
-		char *path_inside_chroot = concat_path(chroot_target_path, path_policy->path);
-		if(path_inside_chroot == NULL)
-		{
-			return 1;
-		}
-		//all we do is bind mounts
-		mount_flags |= MS_BIND;
-
 		if(path_policy->policy & EXILE_FS_ALLOW_ALL_READ || path_policy->policy & EXILE_FS_ALLOW_ALL_WRITE)
 		{
+			int mount_flags = get_policy_mount_flags(path_policy);
+
+			char *path_inside_chroot = concat_path(chroot_target_path, path_policy->path);
+			if(path_inside_chroot == NULL)
+			{
+				return 1;
+			}
+			//all we do is bind mounts
+			mount_flags |= MS_BIND;
+
 			int ret = mount(path_policy->path, path_inside_chroot,  NULL, mount_flags, NULL);
 			if(ret < 0 )
 			{
@@ -898,9 +898,10 @@ static int perform_mounts(const char *chroot_target_path, struct exile_path_poli
 				free(path_inside_chroot);
 				return ret;
 			}
-			path_policy = path_policy->next;
+
 			free(path_inside_chroot);
 		}
+		path_policy = path_policy->next;
 	}
 	return 0;
 }