[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 037/117] zfs: Fix resource leaks while constructing path
From: |
Daniel Kiper |
Subject: |
[SECURITY PATCH 037/117] zfs: Fix resource leaks while constructing path |
Date: |
Tue, 2 Mar 2021 19:00:44 +0100 |
From: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
There are several exit points in dnode_get_path() that are causing possible
memory leaks.
In the while(1) the correct exit mechanism should not be to do a direct return,
but to instead break out of the loop, setting err first if it is not already
set.
The reason behind this is that the dnode_path is a linked list, and while doing
through this loop, it is being allocated and built up - the only way to
correctly unravel it is to traverse it, which is what is being done at the end
of the function outside of the loop.
Several of the existing exit points correctly did a break, but not all so this
change makes that more consistent and should resolve the leaking of memory as
found by Coverity.
Fixes: CID 73741
Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/zfs/zfs.c | 30 +++++++++++++++++++++---------
1 file changed, 21 insertions(+), 9 deletions(-)
diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
index 695e6ea30..ca82eb878 100644
--- a/grub-core/fs/zfs/zfs.c
+++ b/grub-core/fs/zfs/zfs.c
@@ -2839,8 +2839,8 @@ dnode_get_path (struct subvolume *subvol, const char
*path_in, dnode_end_t *dn,
if (dnode_path->dn.dn.dn_type != DMU_OT_DIRECTORY_CONTENTS)
{
- grub_free (path_buf);
- return grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory"));
+ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory"));
+ break;
}
err = zap_lookup (&(dnode_path->dn), cname, &objnum,
data, subvol->case_insensitive);
@@ -2882,11 +2882,18 @@ dnode_get_path (struct subvolume *subvol, const char
*path_in, dnode_end_t *dn,
<< SPA_MINBLOCKSHIFT);
if (blksz == 0)
- return grub_error(GRUB_ERR_BAD_FS, "0-sized block");
+ {
+ err = grub_error (GRUB_ERR_BAD_FS, "0-sized block");
+ break;
+ }
sym_value = grub_malloc (sym_sz);
if (!sym_value)
- return grub_errno;
+ {
+ err = grub_errno;
+ break;
+ }
+
for (block = 0; block < (sym_sz + blksz - 1) / blksz; block++)
{
void *t;
@@ -2896,7 +2903,7 @@ dnode_get_path (struct subvolume *subvol, const char
*path_in, dnode_end_t *dn,
if (err)
{
grub_free (sym_value);
- return err;
+ break;
}
movesize = sym_sz - block * blksz;
@@ -2906,6 +2913,8 @@ dnode_get_path (struct subvolume *subvol, const char
*path_in, dnode_end_t *dn,
grub_memcpy (sym_value + block * blksz, t, movesize);
grub_free (t);
}
+ if (err)
+ break;
free_symval = 1;
}
path = path_buf = grub_malloc (sym_sz + grub_strlen (oldpath) + 1);
@@ -2914,7 +2923,8 @@ dnode_get_path (struct subvolume *subvol, const char
*path_in, dnode_end_t *dn,
grub_free (oldpathbuf);
if (free_symval)
grub_free (sym_value);
- return grub_errno;
+ err = grub_errno;
+ break;
}
grub_memcpy (path, sym_value, sym_sz);
if (free_symval)
@@ -2952,11 +2962,12 @@ dnode_get_path (struct subvolume *subvol, const char
*path_in, dnode_end_t *dn,
err = zio_read (bp, dnode_path->dn.endian, &sahdrp, NULL, data);
if (err)
- return err;
+ break;
}
else
{
- return grub_error (GRUB_ERR_BAD_FS, "filesystem is corrupt");
+ err = grub_error (GRUB_ERR_BAD_FS, "filesystem is corrupt");
+ break;
}
hdrsize = SA_HDR_SIZE (((sa_hdr_phys_t *) sahdrp));
@@ -2977,7 +2988,8 @@ dnode_get_path (struct subvolume *subvol, const char
*path_in, dnode_end_t *dn,
if (!path_buf)
{
grub_free (oldpathbuf);
- return grub_errno;
+ err = grub_errno;
+ break;
}
grub_memcpy (path, sym_value, sym_sz);
path [sym_sz] = 0;
--
2.11.0
- [SECURITY PATCH 027/117] gnulib/regcomp: Fix uninitialized re_token, (continued)
- [SECURITY PATCH 027/117] gnulib/regcomp: Fix uninitialized re_token, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 031/117] disk/ldm: Make sure comp data is freed before exiting from make_vg(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 034/117] disk/cryptodisk: Fix potential integer overflow, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 035/117] hfsplus: Check that the volume name length is valid, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 036/117] zfs: Fix possible negative shift operation, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 028/117] io/lzopio: Resolve unnecessary self-assignment errors, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 039/117] zfsinfo: Correct a check for error allocating memory, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 032/117] disk/ldm: If failed then free vg variable too, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 040/117] affs: Fix memory leaks, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 038/117] zfs: Fix possible integer overflows, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 037/117] zfs: Fix resource leaks while constructing path,
Daniel Kiper <=
- [SECURITY PATCH 041/117] libgcrypt/mpi: Fix possible unintended sign extension, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 044/117] normal/completion: Fix leaking of memory when processing a completion, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 043/117] syslinux: Fix memory leak while parsing, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 045/117] commands/hashsum: Fix a memory leak, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 042/117] libgcrypt/mpi: Fix possible NULL dereference, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 046/117] commands/probe: Fix a resource leak when probing disks, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 047/117] video/efi_gop: Remove unnecessary return value of grub_video_gop_fill_mode_info(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 050/117] video/fb/video_fb: Fix possible integer overflow, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 048/117] video/fb/fbfill: Fix potential integer overflow, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 051/117] video/readers/jpeg: Test for an invalid next marker reference from a jpeg file, Daniel Kiper, 2021/03/02