9723a8
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
9723a8
From: Darren Kenny <darren.kenny@oracle.com>
9723a8
Date: Thu, 26 Nov 2020 12:48:07 +0000
9723a8
Subject: [PATCH] affs: Fix memory leaks
9723a8
9723a8
The node structure reference is being allocated but not freed if it
9723a8
reaches the end of the function. If any of the hooks had returned
9723a8
a non-zero value, then node would have been copied in to the context
9723a8
reference, but otherwise node is not stored and should be freed.
9723a8
9723a8
Similarly, the call to grub_affs_create_node() replaces the allocated
9723a8
memory in node with a newly allocated structure, leaking the existing
9723a8
memory pointed by node.
9723a8
9723a8
Finally, when dir->parent is set, then we again replace node with newly
9723a8
allocated memory, which seems unnecessary when we copy in the values
9723a8
from dir->parent immediately after.
9723a8
9723a8
Fixes: CID 73759
9723a8
9723a8
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
9723a8
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
9723a8
---
9723a8
 grub-core/fs/affs.c | 18 ++++++++----------
9723a8
 1 file changed, 8 insertions(+), 10 deletions(-)
9723a8
9723a8
diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
b71686
index 91073795f..e4615c743 100644
9723a8
--- a/grub-core/fs/affs.c
9723a8
+++ b/grub-core/fs/affs.c
9723a8
@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
9723a8
 {
9723a8
   unsigned int i;
9723a8
   struct grub_affs_file file;
9723a8
-  struct grub_fshelp_node *node = 0;
9723a8
+  struct grub_fshelp_node *node, *orig_node;
9723a8
   struct grub_affs_data *data = dir->data;
9723a8
   grub_uint32_t *hashtable;
9723a8
 
9723a8
   /* Create the directory entries for `.' and `..'.  */
9723a8
-  node = grub_zalloc (sizeof (*node));
9723a8
+  node = orig_node = grub_zalloc (sizeof (*node));
9723a8
   if (!node)
9723a8
     return 1;
9723a8
     
9723a8
@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
9723a8
     return 1;
9723a8
   if (dir->parent)
9723a8
     {
9723a8
-      node = grub_zalloc (sizeof (*node));
9723a8
-      if (!node)
9723a8
-	return 1;
9723a8
       *node = *dir->parent;
9723a8
       if (hook ("..", GRUB_FSHELP_DIR, node, hook_data))
9723a8
 	return 1;
9723a8
@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
9723a8
 
9723a8
 	  if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable,
9723a8
 				     next, &file))
9723a8
-	    return 1;
9723a8
+	    {
9723a8
+	      /* Node has been replaced in function. */
9723a8
+	      grub_free (orig_node);
9723a8
+	      return 1;
9723a8
+	    }
9723a8
 
9723a8
 	  next = grub_be_to_cpu32 (file.next);
9723a8
 	}
9723a8
     }
9723a8
 
9723a8
-  grub_free (hashtable);
9723a8
-  return 0;
9723a8
-
9723a8
  fail:
9723a8
-  grub_free (node);
9723a8
+  grub_free (orig_node);
9723a8
   grub_free (hashtable);
9723a8
   return 0;
9723a8
 }