| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1507482683-22651-4-git-send-email-ulfalizer@gmail.com>
Date: Sun, 8 Oct 2017 19:11:20 +0200
From: Ulf Magnusson <ulfalizer@...il.com>
To: yann.morin.1998@...e.fr, linux-kbuild@...r.kernel.org
Cc: sam@...nborg.org, zippel@...ux-m68k.org, nicolas.pitre@...aro.org,
michal.lkml@...kovi.net, dirk@...ders.net,
yamada.masahiro@...ionext.com, lacombar@...il.com,
walch.martin@....de, JBeulich@...e.com,
linux-kernel@...r.kernel.org, Ulf Magnusson <ulfalizer@...il.com>
Subject: [PATCH 3/6] kconfig: Don't leak 'option' arguments during parsing
The following strings would leak before this change:
- option env="LEAKED"
- option defconfig_list="LEAKED"
These come in the form of T_WORD tokens and are always allocated on the
heap in zconf.l. Free them.
Summary from Valgrind on 'menuconfig' (ARCH=x86) before the fix:
LEAK SUMMARY:
definitely lost: 344,616 bytes in 14,355 blocks
...
Summary after the fix:
LEAK SUMMARY:
definitely lost: 344,568 bytes in 14,352 blocks
...
Signed-off-by: Ulf Magnusson <ulfalizer@...il.com>
---
scripts/kconfig/zconf.y | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scripts/kconfig/zconf.y b/scripts/kconfig/zconf.y
index a770117..ea6ae16 100644
--- a/scripts/kconfig/zconf.y
+++ b/scripts/kconfig/zconf.y
@@ -236,8 +236,10 @@ symbol_option_list:
| symbol_option_list T_WORD symbol_option_arg
{
const struct kconf_id *id = kconf_id_lookup($2, strlen($2));
- if (id && id->flags & TF_OPTION)
+ if (id && id->flags & TF_OPTION) {
menu_add_option(id->token, $3);
+ free($3);
+ }
else
zconfprint("warning: ignoring unknown option %s", $2);
free($2);
--
2.7.4
Powered by blists - more mailing lists