From 3772cacce10e2fc621a7f4f935c465e00baf0728 Mon Sep 17 00:00:00 2001 From: Jerome Marchand Date: Jul 10 2024 09:53:37 +0000 Subject: Fix SAST vulnerabilities Resolves: RHEL-40413 Signed-off-by: Jerome Marchand --- diff --git a/libtracefs-Call-va_end-before-exiting-tracefs_hist_s.patch b/libtracefs-Call-va_end-before-exiting-tracefs_hist_s.patch new file mode 100644 index 0000000..f2857e6 --- /dev/null +++ b/libtracefs-Call-va_end-before-exiting-tracefs_hist_s.patch @@ -0,0 +1,41 @@ +From aecc0b7b4d5ba986517fb86fb0a87a110ad0c816 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:15 +0200 +Subject: [PATCH 01/15] libtracefs: Call va_end() before exiting + tracefs_hist_set_sort_key() + +Each invocation of va_start() must be matched by a corresponding +invocation of va_end() in the same function. If add_sort_key() fails, +tracefs_hist_set_sort_key() exits without calling it. Call va_end +after add_sort_key() fails. + +Fixes a VARARGS error (CWE-237) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-2-jmarchan@redhat.com + +Fixes: 5d1c2ea2d6a7b ("libtracefs: Implement API to create / modify and display histograms") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-hist.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/tracefs-hist.c b/src/tracefs-hist.c +index 2b4f17f..87287b5 100644 +--- a/src/tracefs-hist.c ++++ b/src/tracefs-hist.c +@@ -596,8 +596,10 @@ int tracefs_hist_set_sort_key(struct tracefs_hist *hist, + if (!sort_key) + break; + tmp = add_sort_key(hist, sort_key, list); +- if (!tmp) ++ if (!tmp) { ++ va_end(ap); + goto fail; ++ } + list = tmp; + } + va_end(ap); +-- +2.45.2 + diff --git a/libtracefs-Close-dir-in-the-error-path-in-tracefs_ev.patch b/libtracefs-Close-dir-in-the-error-path-in-tracefs_ev.patch new file mode 100644 index 0000000..0ae101c --- /dev/null +++ b/libtracefs-Close-dir-in-the-error-path-in-tracefs_ev.patch @@ -0,0 +1,36 @@ +From 590e45220531201e09c9a4292bded25d7c941ab8 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:28 +0200 +Subject: [PATCH 14/15] libtracefs: Close dir in the error path in + tracefs_event_systems() + +In tracefs_event_systems, we don't close dir if add_list_string() +fails. At this point, just breaking out of the loop fixes that. + +Fixes a RESSOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-15-jmarchan@redhat.com + +Fixes: 056a177e1d686 ("libtracefs: Restructure how string lists work") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-events.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tracefs-events.c b/src/tracefs-events.c +index 1fa3f2f..83069aa 100644 +--- a/src/tracefs-events.c ++++ b/src/tracefs-events.c +@@ -858,7 +858,7 @@ char **tracefs_event_systems(const char *tracing_dir) + free(sys); + if (ret >= 0) { + if (add_list_string(&systems, name) < 0) +- goto out_free; ++ break; + } + } + +-- +2.45.2 + diff --git a/libtracefs-Close-dir-in-the-error-path-in-tracefs_sy.patch b/libtracefs-Close-dir-in-the-error-path-in-tracefs_sy.patch new file mode 100644 index 0000000..ccd1994 --- /dev/null +++ b/libtracefs-Close-dir-in-the-error-path-in-tracefs_sy.patch @@ -0,0 +1,36 @@ +From 0309a876ba3ac13f7a436f292a6bdc0927213a76 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:27 +0200 +Subject: [PATCH 13/15] libtracefs: Close dir in the error path in + tracefs_system_events() + +In tracefs_system_events(), we don't close dir if add_list_string() +fails. At this point, just breaking out of the loop fixes that. + +Fixes a RESSOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-14-jmarchan@redhat.com + +Fixes: 056a177e1d686 ("libtracefs: Restructure how string lists work") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-events.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tracefs-events.c b/src/tracefs-events.c +index 88325e1..1fa3f2f 100644 +--- a/src/tracefs-events.c ++++ b/src/tracefs-events.c +@@ -922,7 +922,7 @@ char **tracefs_system_events(const char *tracing_dir, const char *system) + free(event); + + if (add_list_string(&events, name) < 0) +- goto out_free; ++ break; + } + + closedir(dir); +-- +2.45.2 + diff --git a/libtracefs-Don-t-leak-socket-file-descriptor-in-open.patch b/libtracefs-Don-t-leak-socket-file-descriptor-in-open.patch new file mode 100644 index 0000000..ced91ab --- /dev/null +++ b/libtracefs-Don-t-leak-socket-file-descriptor-in-open.patch @@ -0,0 +1,38 @@ +From a01d0ba2d810336870deb8fd4f5366fee45865fe Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:20 +0200 +Subject: [PATCH 06/15] libtracefs: Don't leak socket file descriptor in + open_vsock() + +Close the socket file descriptor if connect() fails. + +Fixes a RESSOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-7-jmarchan@redhat.com + +Fixes: 5ea41283fa071 ("libtracefs: Add tracefs_find_cid_pid() API") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-vsock.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/tracefs-vsock.c b/src/tracefs-vsock.c +index e171382..9171321 100644 +--- a/src/tracefs-vsock.c ++++ b/src/tracefs-vsock.c +@@ -19,8 +19,10 @@ static int open_vsock(unsigned int cid, unsigned int port) + if (sd < 0) + return -1; + +- if (connect(sd, (struct sockaddr *)&addr, sizeof(addr))) ++ if (connect(sd, (struct sockaddr *)&addr, sizeof(addr))) { ++ close(sd); + return -1; ++ } + + return sd; + } +-- +2.45.2 + diff --git a/libtracefs-Initialize-val-in-build_filter.patch b/libtracefs-Initialize-val-in-build_filter.patch new file mode 100644 index 0000000..8c8da4e --- /dev/null +++ b/libtracefs-Initialize-val-in-build_filter.patch @@ -0,0 +1,35 @@ +From e6737d4ee9de9af86061de58cbb3fcb14fd0ffbc Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:29 +0200 +Subject: [PATCH 15/15] libtracefs: Initialize val in build_filter() + +In build_filter(), val is only initialized if filter->rval->type is +either EXPR_NUMBER or EXPR_STRING. AS far as I can understand that is +expected at that point. Howvever, it doesn't cost much to initialize +it in case the parser let some bogus request pass by and it should +prevent the static analyser to complain. + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-16-jmarchan@redhat.com + +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-sqlhist.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tracefs-sqlhist.c b/src/tracefs-sqlhist.c +index 0f678c1..08bd0fa 100644 +--- a/src/tracefs-sqlhist.c ++++ b/src/tracefs-sqlhist.c +@@ -1109,7 +1109,7 @@ static int build_filter(struct tep_handle *tep, struct sqlhist_bison *sb, + const char *val); + struct filter *filter = &expr->filter; + enum tracefs_compare cmp; +- const char *val; ++ const char *val = NULL; + int and_or = TRACEFS_FILTER_AND; + char num[64]; + int ret; +-- +2.45.2 + diff --git a/libtracefs-Prevent-a-memory-leak-in-add_func_str.patch b/libtracefs-Prevent-a-memory-leak-in-add_func_str.patch new file mode 100644 index 0000000..667a0d1 --- /dev/null +++ b/libtracefs-Prevent-a-memory-leak-in-add_func_str.patch @@ -0,0 +1,37 @@ +From 7fcd8d27ff95670ffb0478486d408162f5299e89 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:21 +0200 +Subject: [PATCH 07/15] libtracefs: Prevent a memory leak in add_func_str() + +Free func_list if strdup() fails. + +Fixes a RESSOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-8-jmarchan@redhat.com + +Fixes: c1606fb72264a ("libtracefs: Implement tracefs_filter_functions()") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-tools.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/tracefs-tools.c b/src/tracefs-tools.c +index 8e7b46d..74cfe91 100644 +--- a/src/tracefs-tools.c ++++ b/src/tracefs-tools.c +@@ -559,8 +559,10 @@ static int add_func_str(struct func_list ***next_func_ptr, const char *func) + if (!func_list) + return -1; + func_list->func = strdup(func); +- if (!func_list->func) ++ if (!func_list->func) { ++ free(func_list); + return -1; ++ } + *next_func = func_list; + return 0; + } +-- +2.45.2 + diff --git a/libtracefs-Prevent-a-memory-leak-in-open_cpu_files.patch b/libtracefs-Prevent-a-memory-leak-in-open_cpu_files.patch new file mode 100644 index 0000000..b8327bd --- /dev/null +++ b/libtracefs-Prevent-a-memory-leak-in-open_cpu_files.patch @@ -0,0 +1,57 @@ +From 8f2593fbbad2a549b854645acde7b11f5e02a924 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:23 +0200 +Subject: [PATCH 09/15] libtracefs: Prevent a memory leak in open_cpu_files() + +In open_cpu_files(), if realloc() fails, the latest allocated tcpu +isn't freed. Rearrange the loop to prevent that. + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-10-jmarchan@redhat.com + +Fixes: 564bffddcb117 ("libtracefs: Use tracefs_cpu_read() for tracefs_iterate_raw_events()") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-events.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/tracefs-events.c b/src/tracefs-events.c +index d65837e..88325e1 100644 +--- a/src/tracefs-events.c ++++ b/src/tracefs-events.c +@@ -275,9 +275,12 @@ static int open_cpu_files(struct tracefs_instance *instance, cpu_set_t *cpus, + tcpu = tracefs_cpu_snapshot_open(instance, cpu, true); + else + tcpu = tracefs_cpu_open_mapped(instance, cpu, true); ++ if (!tcpu) ++ goto error; ++ + tmp = realloc(*all_cpus, (i + 1) * sizeof(*tmp)); + if (!tmp) { +- i--; ++ tracefs_cpu_close(tcpu); + goto error; + } + +@@ -285,9 +288,6 @@ static int open_cpu_files(struct tracefs_instance *instance, cpu_set_t *cpus, + + memset(tmp + i, 0, sizeof(*tmp)); + +- if (!tcpu) +- goto error; +- + tmp[i].tcpu = tcpu; + tmp[i].cpu = cpu; + i++; +@@ -296,7 +296,7 @@ static int open_cpu_files(struct tracefs_instance *instance, cpu_set_t *cpus, + return 0; + error: + tmp = *all_cpus; +- for (; i >= 0; i--) { ++ for (i--; i >= 0; i--) { + tracefs_cpu_close(tmp[i].tcpu); + } + free(tmp); +-- +2.45.2 + diff --git a/libtracefs-Prevent-a-memory-leak-in-tracefs_synth_ad.patch b/libtracefs-Prevent-a-memory-leak-in-tracefs_synth_ad.patch new file mode 100644 index 0000000..85f8582 --- /dev/null +++ b/libtracefs-Prevent-a-memory-leak-in-tracefs_synth_ad.patch @@ -0,0 +1,53 @@ +From 2342293f9aac9ce3706eb7ffaab0e5cf11231215 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:18 +0200 +Subject: [PATCH 04/15] libtracefs: Prevent a memory leak in + tracefs_synth_add_end_field() + +Free tmp_var in the error path. + +Fixes a RESSOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-5-jmarchan@redhat.com + +Fixes: f1cdbe9b52b07 ("libtracefs: Have end event variables not be the end event field name") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-hist.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/tracefs-hist.c b/src/tracefs-hist.c +index 87287b5..4f4971e 100644 +--- a/src/tracefs-hist.c ++++ b/src/tracefs-hist.c +@@ -1576,7 +1576,7 @@ int tracefs_synth_add_end_field(struct tracefs_synth *synth, + const struct tep_format_field *field; + const char *hname = NULL; + char *tmp_var = NULL; +- int ret; ++ int ret = -1; + + if (!synth || !end_field) { + errno = EINVAL; +@@ -1594,15 +1594,15 @@ int tracefs_synth_add_end_field(struct tracefs_synth *synth, + tmp_var = new_arg(synth); + + if (!trace_verify_event_field(synth->end_event, end_field, &field)) +- return -1; ++ goto out; + + ret = add_var(&synth->end_vars, name ? hname : tmp_var, end_field, false); + if (ret) + goto out; + + ret = add_synth_fields(synth, field, name, hname ? : tmp_var); +- free(tmp_var); + out: ++ free(tmp_var); + return ret; + } + +-- +2.45.2 + diff --git a/libtracefs-Prevent-a-memory-leak-in-tracefs_system_e.patch b/libtracefs-Prevent-a-memory-leak-in-tracefs_system_e.patch new file mode 100644 index 0000000..6771318 --- /dev/null +++ b/libtracefs-Prevent-a-memory-leak-in-tracefs_system_e.patch @@ -0,0 +1,40 @@ +From 7d77b83ce83c318cb83cf2529f45cc950edb44d5 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:22 +0200 +Subject: [PATCH 08/15] libtracefs: Prevent a memory leak in + tracefs_system_events() + +If add_list_string() fails, event isn't freed. Free event before +calling add_list_string(); + +Fixes a RESSOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-9-jmarchan@redhat.com + +Fixes: 056a177e1d686 ("libtracefs: Restructure how string lists work") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-events.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/tracefs-events.c b/src/tracefs-events.c +index 906dbe8..d65837e 100644 +--- a/src/tracefs-events.c ++++ b/src/tracefs-events.c +@@ -919,11 +919,10 @@ char **tracefs_system_events(const char *tracing_dir, const char *system) + free(event); + continue; + } ++ free(event); + + if (add_list_string(&events, name) < 0) + goto out_free; +- +- free(event); + } + + closedir(dir); +-- +2.45.2 + diff --git a/libtracefs-Prevent-a-memory-leak-in-update_fields.patch b/libtracefs-Prevent-a-memory-leak-in-update_fields.patch new file mode 100644 index 0000000..fdcbe62 --- /dev/null +++ b/libtracefs-Prevent-a-memory-leak-in-update_fields.patch @@ -0,0 +1,38 @@ +From 1c9539491d2440eab01ffc3b7a616502ef22cc1b Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:17 +0200 +Subject: [PATCH 03/15] libtracefs: Prevent a memory leak in update_fields() + +In update_fields() p isn't freed is store_str fails. Since p is to be +freed whatever the result of store_str() might be, move the call to +free() before checking field_name. + +Fixes a RESSOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-4-jmarchan@redhat.com + +Fixes: fa51df99ad21d ("libtracefs: Allow for simple SQL statements to create a histogram") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-sqlhist.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tracefs-sqlhist.c b/src/tracefs-sqlhist.c +index ecf09ce..c7b9eff 100644 +--- a/src/tracefs-sqlhist.c ++++ b/src/tracefs-sqlhist.c +@@ -810,9 +810,9 @@ static int update_fields(struct tep_handle *tep, + if (!p) + return -1; + field_name = store_str(sb, p); ++ free((char *)p); + if (!field_name) + return -1; +- free((char *)p); + } + + tfield = tep_find_any_field(event, field_name); +-- +2.45.2 + diff --git a/libtracefs-Prevent-memory-leak-in-append_filer.patch b/libtracefs-Prevent-memory-leak-in-append_filer.patch new file mode 100644 index 0000000..af2b60c --- /dev/null +++ b/libtracefs-Prevent-memory-leak-in-append_filer.patch @@ -0,0 +1,50 @@ +From 6b356651a3fdbb63531036941dd02fd60da5e52d Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:16 +0200 +Subject: [PATCH 02/15] libtracefs: Prevent memory leak in append_filer() + +The buffer containing the new filter isn't freed if we encounter an +error after it was allocated. Free tmp in the error path. + +Fixes a RESSOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-3-jmarchan@redhat.com + +Fixes: 24b856f0bcf3d ("libtracefs: Add filter creating and verify API") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-filter.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/tracefs-filter.c b/src/tracefs-filter.c +index afe3338..1b1c60e 100644 +--- a/src/tracefs-filter.c ++++ b/src/tracefs-filter.c +@@ -250,12 +250,12 @@ static int append_filter(char **filter, unsigned int *state, + case TRACEFS_COMPARE_NE: tmp = append_string(tmp, NULL, " != "); break; + case TRACEFS_COMPARE_RE: + if (!is_string) +- goto inval; ++ goto free; + tmp = append_string(tmp, NULL, "~"); + break; + default: + if (is_string) +- goto inval; ++ goto free; + } + + switch (compare) { +@@ -277,6 +277,8 @@ static int append_filter(char **filter, unsigned int *state, + *state = S_COMPARE; + + return 0; ++free: ++ free(tmp); + inval: + errno = EINVAL; + return -1; +-- +2.45.2 + diff --git a/libtracefs-Prevent-memory-leak-in-tracefs_dynevent_g.patch b/libtracefs-Prevent-memory-leak-in-tracefs_dynevent_g.patch new file mode 100644 index 0000000..2b0899d --- /dev/null +++ b/libtracefs-Prevent-memory-leak-in-tracefs_dynevent_g.patch @@ -0,0 +1,34 @@ +From f34fb1f29a89196afe3ce793a6395e1687a88a66 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:26 +0200 +Subject: [PATCH 12/15] libtracefs: Prevent memory leak in + tracefs_dynevent_get_all() + +Free events in the error path of tracefs_dynevent_get_all(). + +Fixes a RESSOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-13-jmarchan@redhat.com + +Fixes: b04f18b005c6b ("libtracefs: New APIs for dynamic events") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-dynevents.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/tracefs-dynevents.c b/src/tracefs-dynevents.c +index 7a3c45c..85c1fcd 100644 +--- a/src/tracefs-dynevents.c ++++ b/src/tracefs-dynevents.c +@@ -589,6 +589,7 @@ tracefs_dynevent_get_all(unsigned int types, const char *system) + return all_events; + + error: ++ free(events); + if (all_events) { + for (i = 0; i < all; i++) + free(all_events[i]); +-- +2.45.2 + diff --git a/libtracefs-Prevent-memory-leak-in-tracefs_event_syst.patch b/libtracefs-Prevent-memory-leak-in-tracefs_event_syst.patch new file mode 100644 index 0000000..c732035 --- /dev/null +++ b/libtracefs-Prevent-memory-leak-in-tracefs_event_syst.patch @@ -0,0 +1,42 @@ +From efdf7f7fcb9a4e0a5ccefb805d78123332aa7a23 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:19 +0200 +Subject: [PATCH 05/15] libtracefs: Prevent memory leak in + tracefs_event_systems() + +If an error is encountered in the loop, enable and sys might not get +freed. Move the calls to free() before possibly exiting the loop. + +Fixes a RESSOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-6-jmarchan@redhat.com + +Fixes: 056a177e1d686 ("libtracefs: Restructure how string lists work") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-events.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tracefs-events.c b/src/tracefs-events.c +index 1b1693c..906dbe8 100644 +--- a/src/tracefs-events.c ++++ b/src/tracefs-events.c +@@ -854,12 +854,12 @@ char **tracefs_event_systems(const char *tracing_dir) + enable = trace_append_file(sys, "enable"); + + ret = stat(enable, &st); ++ free(enable); ++ free(sys); + if (ret >= 0) { + if (add_list_string(&systems, name) < 0) + goto out_free; + } +- free(enable); +- free(sys); + } + + closedir(dir); +-- +2.45.2 + diff --git a/libtracefs-Prevent-memory-leak-in-tracefs_instance_c.patch b/libtracefs-Prevent-memory-leak-in-tracefs_instance_c.patch new file mode 100644 index 0000000..ba83059 --- /dev/null +++ b/libtracefs-Prevent-memory-leak-in-tracefs_instance_c.patch @@ -0,0 +1,34 @@ +From 5e5b2a760b13aeecd72da9bda392d2d3510fc409 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:24 +0200 +Subject: [PATCH 10/15] libtracefs: Prevent memory leak in + tracefs_instance_create() + +Free the path of the instance directory in the error path. + +Fixes a RESSOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-11-jmarchan@redhat.com + +Fixes: ebbb8507de560 libtracefs: Combine allocate and create APIs into one +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-instance.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/tracefs-instance.c b/src/tracefs-instance.c +index 9a26708..dd7decd 100644 +--- a/src/tracefs-instance.c ++++ b/src/tracefs-instance.c +@@ -217,6 +217,7 @@ struct tracefs_instance *tracefs_instance_create(const char *name) + return inst; + + error: ++ tracefs_put_tracing_file(path); + tracefs_instance_free(inst); + return NULL; + } +-- +2.45.2 + diff --git a/libtracefs-my_yyinput-should-return-0-when-no-data-c.patch b/libtracefs-my_yyinput-should-return-0-when-no-data-c.patch new file mode 100644 index 0000000..aa751ad --- /dev/null +++ b/libtracefs-my_yyinput-should-return-0-when-no-data-c.patch @@ -0,0 +1,38 @@ +From 48e906bceb8b4770bfcbaf481338c134658ce2c8 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 6 Jun 2024 17:38:25 +0200 +Subject: [PATCH 11/15] libtracefs: my_yyinput() should return 0 when no data + can be read + +YY_INPUT() is redefined in sqlhist.l and basically just call +my_yyinput() to do the work. However, YY_INPUT is supposed to return +YY_NULL (0 on Unix system) when no data can be read, not -1. This can +cause an overflow error in the generated sqlhist-lex.c file. + +Have my_yyinput() returns zero when no buffer is found. + +Link: https://lore.kernel.org/linux-trace-devel/20240606153830.2666120-12-jmarchan@redhat.com + +Fixes: 25446407c5151 ("libtracefs: Added new API tracefs_sql()") +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + src/tracefs-sqlhist.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tracefs-sqlhist.c b/src/tracefs-sqlhist.c +index c7b9eff..0f678c1 100644 +--- a/src/tracefs-sqlhist.c ++++ b/src/tracefs-sqlhist.c +@@ -121,7 +121,7 @@ __hidden int my_yyinput(void *extra, char *buf, int max) + struct sqlhist_bison *sb = extra; + + if (!sb || !sb->buffer) +- return -1; ++ return 0; + + if (sb->buffer_idx + max > sb->buffer_size) + max = sb->buffer_size - sb->buffer_idx; +-- +2.45.2 + diff --git a/libtracefs.spec b/libtracefs.spec index 21b8503..04d3c6f 100644 --- a/libtracefs.spec +++ b/libtracefs.spec @@ -1,11 +1,27 @@ Name: libtracefs Version: 1.8.0 -Release: 4%{?dist} +Release: 5%{?dist} License: LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-2.0-only Summary: Library for access kernel tracefs URL: https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/ Source0: https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/snapshot/libtracefs-%{version}.tar.gz +Patch0: libtracefs-Call-va_end-before-exiting-tracefs_hist_s.patch +Patch1: libtracefs-Prevent-memory-leak-in-append_filer.patch +Patch2: libtracefs-Prevent-a-memory-leak-in-update_fields.patch +Patch3: libtracefs-Prevent-a-memory-leak-in-tracefs_synth_ad.patch +Patch4: libtracefs-Prevent-memory-leak-in-tracefs_event_syst.patch +Patch5: libtracefs-Don-t-leak-socket-file-descriptor-in-open.patch +Patch6: libtracefs-Prevent-a-memory-leak-in-add_func_str.patch +Patch7: libtracefs-Prevent-a-memory-leak-in-tracefs_system_e.patch +Patch8: libtracefs-Prevent-a-memory-leak-in-open_cpu_files.patch +Patch9: libtracefs-Prevent-memory-leak-in-tracefs_instance_c.patch +Patch10: libtracefs-my_yyinput-should-return-0-when-no-data-c.patch +Patch11: libtracefs-Prevent-memory-leak-in-tracefs_dynevent_g.patch +Patch12: libtracefs-Close-dir-in-the-error-path-in-tracefs_sy.patch +Patch13: libtracefs-Close-dir-in-the-error-path-in-tracefs_ev.patch +Patch14: libtracefs-Initialize-val-in-build_filter.patch + BuildRequires: gcc BuildRequires: make BuildRequires: pkgconfig(libtraceevent) >= 1.8.0 @@ -23,7 +39,7 @@ Requires: %{name}%{_isa} = %{version}-%{release} Development headers of %{name} %prep -%setup -q +%autosetup -p1 %build %set_build_flags @@ -46,6 +62,9 @@ rm -rf %{buildroot}/%{_libdir}/libtracefs.a %{_libdir}/%{name}.so %changelog +* Wed Jul 10 2024 Jerome Marchand - 1.8.0-5 +- Fix SAST vulnerabilities (RHEL-40413) + * Tue Jul 09 2024 Jerome Marchand - 1.8.0-4 - Build with LTO (RHEL-46715)