lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 1 Dec 2009 07:31:21 GMT
From:	tip-bot for Masami Hiramatsu <mhiramat@...hat.com>
To:	linux-tip-commits@...r.kernel.org
Cc:	acme@...hat.com, mingo@...hat.com, peterz@...radead.org,
	fweisbec@...il.com, dle-develop@...ts.sourceforge.net,
	rostedt@...dmis.org, jbaron@...hat.com, tglx@...utronix.de,
	mhiramat@...hat.com, systemtap@...rces.redhat.com,
	linux-kernel@...r.kernel.org, hpa@...or.com, fche@...hat.com,
	jkenisto@...ibm.com, hch@...radead.org, ananth@...ibm.com,
	srikar@...ux.vnet.ibm.com, mingo@...e.hu, prasad@...ux.vnet.ibm.com
Subject: [tip:perf/core] trace_kprobes: Fix a memory leak bug and check kstrdup() return value

Commit-ID:  ba8665d7dd95eb6093ee06f8f624b6acb1e73206
Gitweb:     http://git.kernel.org/tip/ba8665d7dd95eb6093ee06f8f624b6acb1e73206
Author:     Masami Hiramatsu <mhiramat@...hat.com>
AuthorDate: Mon, 30 Nov 2009 19:19:20 -0500
Committer:  Ingo Molnar <mingo@...e.hu>
CommitDate: Tue, 1 Dec 2009 08:19:59 +0100

trace_kprobes: Fix a memory leak bug and check kstrdup() return value

Fix a memory leak case in create_trace_probe(). When an argument
is too long (> MAX_ARGSTR_LEN), it just jumps to error path. In
that case tp->args[i].name is not released.
This also fixes a bug to check kstrdup()'s return value.

Signed-off-by: Masami Hiramatsu <mhiramat@...hat.com>
Cc: systemtap <systemtap@...rces.redhat.com>
Cc: DLE <dle-develop@...ts.sourceforge.net>
Cc: Steven Rostedt <rostedt@...dmis.org>
Cc: Jim Keniston <jkenisto@...ibm.com>
Cc: Ananth N Mavinakayanahalli <ananth@...ibm.com>
Cc: Christoph Hellwig <hch@...radead.org>
Cc: Frank Ch. Eigler <fche@...hat.com>
Cc: Frederic Weisbecker <fweisbec@...il.com>
Cc: Jason Baron <jbaron@...hat.com>
Cc: K.Prasad <prasad@...ux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Srikar Dronamraju <srikar@...ux.vnet.ibm.com>
Cc: Arnaldo Carvalho de Melo <acme@...hat.com>
Cc: Frederic Weisbecker <fweisbec@...il.com>
LKML-Reference: <20091201001919.10235.56455.stgit@...usame>
Signed-off-by: Ingo Molnar <mingo@...e.hu>
---
 kernel/trace/trace_kprobe.c |   26 +++++++++++++++++++-------
 1 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
index 72d0c65..aff5f80 100644
--- a/kernel/trace/trace_kprobe.c
+++ b/kernel/trace/trace_kprobe.c
@@ -483,7 +483,8 @@ static int parse_probe_vars(char *arg, struct fetch_func *ff, int is_return)
 	return ret;
 }
 
-static int parse_probe_arg(char *arg, struct fetch_func *ff, int is_return)
+/* Recursive argument parser */
+static int __parse_probe_arg(char *arg, struct fetch_func *ff, int is_return)
 {
 	int ret = 0;
 	unsigned long param;
@@ -543,7 +544,7 @@ static int parse_probe_arg(char *arg, struct fetch_func *ff, int is_return)
 			if (!id)
 				return -ENOMEM;
 			id->offset = offset;
-			ret = parse_probe_arg(arg, &id->orig, is_return);
+			ret = __parse_probe_arg(arg, &id->orig, is_return);
 			if (ret)
 				kfree(id);
 			else {
@@ -560,6 +561,16 @@ static int parse_probe_arg(char *arg, struct fetch_func *ff, int is_return)
 	return ret;
 }
 
+/* String length checking wrapper */
+static int parse_probe_arg(char *arg, struct fetch_func *ff, int is_return)
+{
+	if (strlen(arg) > MAX_ARGSTR_LEN) {
+		pr_info("Argument is too long.: %s\n",  arg);
+		return -ENOSPC;
+	}
+	return __parse_probe_arg(arg, ff, is_return);
+}
+
 /* Return 1 if name is reserved or already used by another argument */
 static int conflict_field_name(const char *name,
 			       struct probe_arg *args, int narg)
@@ -698,13 +709,14 @@ static int create_trace_probe(int argc, char **argv)
 		}
 
 		tp->args[i].name = kstrdup(argv[i], GFP_KERNEL);
-
-		/* Parse fetch argument */
-		if (strlen(arg) > MAX_ARGSTR_LEN) {
-			pr_info("Argument%d(%s) is too long.\n", i, arg);
-			ret = -ENOSPC;
+		if (!tp->args[i].name) {
+			pr_info("Failed to allocate argument%d name '%s'.\n",
+				i, argv[i]);
+			ret = -ENOMEM;
 			goto error;
 		}
+
+		/* Parse fetch argument */
 		ret = parse_probe_arg(arg, &tp->args[i].fetch, is_return);
 		if (ret) {
 			pr_info("Parse error at argument%d. (%d)\n", i, ret);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ