nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone
468bd4
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
468bd4
From: Darren Kenny <darren.kenny@oracle.com>
468bd4
Date: Thu, 26 Nov 2020 12:48:07 +0000
468bd4
Subject: [PATCH] affs: Fix memory leaks
468bd4
468bd4
The node structure reference is being allocated but not freed if it
468bd4
reaches the end of the function. If any of the hooks had returned
468bd4
a non-zero value, then node would have been copied in to the context
468bd4
reference, but otherwise node is not stored and should be freed.
468bd4
468bd4
Similarly, the call to grub_affs_create_node() replaces the allocated
468bd4
memory in node with a newly allocated structure, leaking the existing
468bd4
memory pointed by node.
468bd4
468bd4
Finally, when dir->parent is set, then we again replace node with newly
468bd4
allocated memory, which seems unnecessary when we copy in the values
468bd4
from dir->parent immediately after.
468bd4
468bd4
Fixes: CID 73759
468bd4
468bd4
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
468bd4
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
468bd4
---
468bd4
 grub-core/fs/affs.c | 18 ++++++++----------
468bd4
 1 file changed, 8 insertions(+), 10 deletions(-)
468bd4
468bd4
diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
f6e916
index 91073795f..e4615c743 100644
468bd4
--- a/grub-core/fs/affs.c
468bd4
+++ b/grub-core/fs/affs.c
468bd4
@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
468bd4
 {
468bd4
   unsigned int i;
468bd4
   struct grub_affs_file file;
468bd4
-  struct grub_fshelp_node *node = 0;
468bd4
+  struct grub_fshelp_node *node, *orig_node;
468bd4
   struct grub_affs_data *data = dir->data;
468bd4
   grub_uint32_t *hashtable;
468bd4
 
468bd4
   /* Create the directory entries for `.' and `..'.  */
468bd4
-  node = grub_zalloc (sizeof (*node));
468bd4
+  node = orig_node = grub_zalloc (sizeof (*node));
468bd4
   if (!node)
468bd4
     return 1;
468bd4
     
468bd4
@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
468bd4
     return 1;
468bd4
   if (dir->parent)
468bd4
     {
468bd4
-      node = grub_zalloc (sizeof (*node));
468bd4
-      if (!node)
468bd4
-	return 1;
468bd4
       *node = *dir->parent;
468bd4
       if (hook ("..", GRUB_FSHELP_DIR, node, hook_data))
468bd4
 	return 1;
468bd4
@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
468bd4
 
468bd4
 	  if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable,
468bd4
 				     next, &file))
468bd4
-	    return 1;
468bd4
+	    {
468bd4
+	      /* Node has been replaced in function. */
468bd4
+	      grub_free (orig_node);
468bd4
+	      return 1;
468bd4
+	    }
468bd4
 
468bd4
 	  next = grub_be_to_cpu32 (file.next);
468bd4
 	}
468bd4
     }
468bd4
 
468bd4
-  grub_free (hashtable);
468bd4
-  return 0;
468bd4
-
468bd4
  fail:
468bd4
-  grub_free (node);
468bd4
+  grub_free (orig_node);
468bd4
   grub_free (hashtable);
468bd4
   return 0;
468bd4
 }