From 686280c0fdc4807676c3e8b896a1816ce62d4457 Mon Sep 17 00:00:00 2001 From: Kyle Evans Date: Mon, 23 Feb 2026 23:55:12 -0600 Subject: [PATCH] libjail: avoid a double-free in the MAC label bits As written, we'll repeatedly jps_free() the first element, which is obviously bogus. Fix it to index appropriately. Fixes: db3b39f063d9f ("libjail: extend struct handlers [...]") --- lib/libjail/jail.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libjail/jail.c b/lib/libjail/jail.c index baabeb4afed..95ba336b62c 100644 --- a/lib/libjail/jail.c +++ b/lib/libjail/jail.c @@ -978,7 +978,7 @@ jailparam_free(struct jailparam *jp, unsigned njp) for (j = 0; j < njp; j++) { free(jp[j].jp_name); if (!(jp[j].jp_flags & JP_RAWVALUE)) { - jps_free(jp); + jps_free(&jp[j]); free(jp[j].jp_value); } }