| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1291206772.1684.26.camel@leonhard>
Date: Wed, 01 Dec 2010 21:32:52 +0900
From: Namhyung Kim <namhyung@...il.com>
To: Lukas Czerner <lczerner@...hat.com>
Cc: Theodore Tso <tytso@....edu>, linux-ext4@...r.kernel.org
Subject: Re: [PATCH 13/15] mke2fs: fix potential memory leak in
mke2fs_setup_tdb()
2010-11-30 (화), 14:02 +0100, Lukas Czerner:
> On Mon, 29 Nov 2010, Namhyung Kim wrote:
>
> > 'tmp_name' allocated by strdup() should also be freed if error.
> > Also check return value of set_undo_io_backup_file() for possible
> > memory failure. A whitespace fix is added too.
> >
> > Signed-off-by: Namhyung Kim <namhyung@...il.com>
> > ---
> > misc/mke2fs.c | 11 +++++++----
> > 1 files changed, 7 insertions(+), 4 deletions(-)
> >
> > diff --git a/misc/mke2fs.c b/misc/mke2fs.c
> > index 6e2092d..644b287 100644
> > --- a/misc/mke2fs.c
> > +++ b/misc/mke2fs.c
> > @@ -1882,15 +1882,17 @@ static int mke2fs_setup_tdb(const char *name, io_manager *io_ptr)
> >
> > tmp_name = strdup(name);
> > if (!tmp_name) {
> > - alloc_fn_fail:
> > - com_err(program_name, ENOMEM,
> > +alloc_fn_fail:
> > + com_err(program_name, ENOMEM,
> > _("Couldn't allocate memory for tdb filename\n"));
> > return ENOMEM;
> > }
>
> What about putting the alloc_fn_fail at the end of the function ? after return
> retval?
>
No problem.
> > device_name = basename(tmp_name);
> > tdb_file = malloc(strlen(tdb_dir) + 8 + strlen(device_name) + 7 + 1);
> > - if (!tdb_file)
> > + if (!tdb_file) {
> > + free(tmp_name);
>
> What about adding
>
> if (tmp_name)
> free(tmp_name);
>
> in alloc_fs_fail context ?
I guess just free(tmp_name) is enough.
> > goto alloc_fn_fail;
> > + }
> > sprintf(tdb_file, "%s/mke2fs-%s.e2undo", tdb_dir, device_name);
> >
> > if (!access(tdb_file, F_OK)) {
> > @@ -1899,6 +1901,7 @@ static int mke2fs_setup_tdb(const char *name, io_manager *io_ptr)
> > com_err(program_name, retval,
> > _("while trying to delete %s"),
> > tdb_file);
> > + free(tmp_name);
> > free(tdb_file);
> > return retval;
> > }
> > @@ -1906,7 +1909,7 @@ static int mke2fs_setup_tdb(const char *name, io_manager *io_ptr)
> >
> > set_undo_io_backing_manager(*io_ptr);
> > *io_ptr = undo_io_manager;
> > - set_undo_io_backup_file(tdb_file);
> > + retval = set_undo_io_backup_file(tdb_file);
>
> You should probably return ENOMEM when this fails, moreover when
> set_undo_io_backup() you'll try to free not allocated space.
>
Its only user doesn't check the actual return value and simply does
exit(1). And confusingly, tdb_file here is a local variable and
allocated successully so there will be no problem. Also AFAIK C permits
to pass NULL to free(), means no operation.
--
Regards,
Namhyung Kim
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists