lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1291206772.1684.26.camel@leonhard>
Date:	Wed, 01 Dec 2010 21:32:52 +0900
From:	Namhyung Kim <namhyung@...il.com>
To:	Lukas Czerner <lczerner@...hat.com>
Cc:	Theodore Tso <tytso@....edu>, linux-ext4@...r.kernel.org
Subject: Re: [PATCH 13/15] mke2fs: fix potential memory leak in
 mke2fs_setup_tdb()

2010-11-30 (화), 14:02 +0100, Lukas Czerner:
> On Mon, 29 Nov 2010, Namhyung Kim wrote:
> 
> > 'tmp_name' allocated by strdup() should also be freed if error.
> > Also check return value of set_undo_io_backup_file() for possible
> > memory failure. A whitespace fix is added too.
> > 
> > Signed-off-by: Namhyung Kim <namhyung@...il.com>
> > ---
> >  misc/mke2fs.c |   11 +++++++----
> >  1 files changed, 7 insertions(+), 4 deletions(-)
> > 
> > diff --git a/misc/mke2fs.c b/misc/mke2fs.c
> > index 6e2092d..644b287 100644
> > --- a/misc/mke2fs.c
> > +++ b/misc/mke2fs.c
> > @@ -1882,15 +1882,17 @@ static int mke2fs_setup_tdb(const char *name, io_manager *io_ptr)
> >  
> >  	tmp_name = strdup(name);
> >  	if (!tmp_name) {
> > -	alloc_fn_fail:
> > -		com_err(program_name, ENOMEM, 
> > +alloc_fn_fail:
> > +		com_err(program_name, ENOMEM,
> >  			_("Couldn't allocate memory for tdb filename\n"));
> >  		return ENOMEM;
> >  	}
> 
> What about putting the alloc_fn_fail at the end of the function ? after return
> retval?
> 

No problem.


> >  	device_name = basename(tmp_name);
> >  	tdb_file = malloc(strlen(tdb_dir) + 8 + strlen(device_name) + 7 + 1);
> > -	if (!tdb_file)
> > +	if (!tdb_file) {
> > +		free(tmp_name);
> 
> What about adding
> 
> if (tmp_name)
> 	free(tmp_name);
> 
> in alloc_fs_fail context ?

I guess just free(tmp_name) is enough.


> >  		goto alloc_fn_fail;
> > +	}
> >  	sprintf(tdb_file, "%s/mke2fs-%s.e2undo", tdb_dir, device_name);
> >  
> >  	if (!access(tdb_file, F_OK)) {
> > @@ -1899,6 +1901,7 @@ static int mke2fs_setup_tdb(const char *name, io_manager *io_ptr)
> >  			com_err(program_name, retval,
> >  				_("while trying to delete %s"),
> >  				tdb_file);
> > +			free(tmp_name);
> >  			free(tdb_file);
> >  			return retval;
> >  		}
> > @@ -1906,7 +1909,7 @@ static int mke2fs_setup_tdb(const char *name, io_manager *io_ptr)
> >  
> >  	set_undo_io_backing_manager(*io_ptr);
> >  	*io_ptr = undo_io_manager;
> > -	set_undo_io_backup_file(tdb_file);
> > +	retval = set_undo_io_backup_file(tdb_file);
> 
> You should probably return ENOMEM when this fails, moreover when
> set_undo_io_backup() you'll try to free not allocated space.
> 

Its only user doesn't check the actual return value and simply does
exit(1). And confusingly, tdb_file here is a local variable and
allocated successully so there will be no problem. Also AFAIK C permits
to pass NULL to free(), means no operation.

-- 
Regards,
Namhyung Kim


--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ