From ad1ff026b0c80fba3de69e2208ef5da375867f6c Mon Sep 17 00:00:00 2001
From: Jaap Eldering <jaap@jaapeldering.nl>
Date: Tue, 25 Feb 2025 22:18:02 +0100
Subject: [PATCH] Free C-string allocard by strdup after use

This resource leak was found by Coverity scan.
---
 judge/runguard.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/judge/runguard.cc b/judge/runguard.cc
index 7bbcf50c1e..c71a2e25b4 100644
--- a/judge/runguard.cc
+++ b/judge/runguard.cc
@@ -806,12 +806,14 @@ void setrestrictions()
 
 	/* Set additional environment variables. */
 	for (const auto &tokens : environment_variables) {
-		char *token = strtok(strdup(tokens.c_str()), ";");
+		char *tokens_dup = strdup(tokens.c_str());
+		char *token = strtok(tokens_dup, ";");
 		while (token != nullptr) {
 			verbose("setting environment variable: %s", token);
 			putenv(token);
 			token = strtok(nullptr, ";");
 		}
+		free(tokens_dup);
 	}
 
 	/* Set resource limits: must be root to raise hard limits.