|
 |
604589 |
From d477b6e21915d5099018f4fc4b60f257bb593d72 Mon Sep 17 00:00:00 2001
|
|
|
604589 |
From: Cathy Avery <cavery@redhat.com>
|
|
|
604589 |
Date: Thu, 25 Jul 2019 12:32:33 +0200
|
|
|
604589 |
Subject: [PATCH 10/16] Fix Coverity-reported double memory free errors.
|
|
|
604589 |
|
|
|
604589 |
RH-Author: Cathy Avery <cavery@redhat.com>
|
|
|
604589 |
Message-id: <20190725123239.18274-11-cavery@redhat.com>
|
|
|
604589 |
Patchwork-id: 89725
|
|
|
604589 |
O-Subject: [RHEL8.1 open-vm-tools PATCH 10/16] Fix Coverity-reported double memory free errors.
|
|
|
604589 |
Bugzilla: 1602648
|
|
|
604589 |
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
604589 |
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
604589 |
|
|
|
604589 |
commit 801df14f0e2b32aea17771bbd33d65140ff2361c
|
|
|
604589 |
Author: Oliver Kurth <okurth@vmware.com>
|
|
|
604589 |
Date: Wed May 8 15:27:19 2019 -0700
|
|
|
604589 |
|
|
|
604589 |
Fix Coverity-reported double memory free errors.
|
|
|
604589 |
|
|
|
604589 |
Similar double memory free errors were reported in each of two
|
|
|
604589 |
functions, VixToolsListAuthAliases and VixToolsListMappedAliases.
|
|
|
604589 |
The fixes for each function are similar: be consistent in using
|
|
|
604589 |
tmpBuf2 (renamed tmpBuf) as the pointer to the overall buffer being
|
|
|
604589 |
computed and tmpBuf (renamed nextBuf) as the "next" version of the
|
|
|
604589 |
buffer. Specifically, in the computation of recordBuf following exit
|
|
|
604589 |
from the for loop, use the variable formerly known as tmpBuf2 rather
|
|
|
604589 |
than the one formerly known as tmpBuf.
|
|
|
604589 |
|
|
|
604589 |
The variables were renamed in an attempt to distinguish more clearly
|
|
|
604589 |
between them and how they are used. Also, with these changes in
|
|
|
604589 |
place, it's evident that there's no need to free nextBuf in the abort
|
|
|
604589 |
case and as a result its scope can be limited.
|
|
|
604589 |
|
|
|
604589 |
Signed-off-by: Cathy Avery <cavery@redhat.com>
|
|
|
604589 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
604589 |
---
|
|
|
604589 |
open-vm-tools/services/plugins/vix/vixTools.c | 88 ++++++++++++++-------------
|
|
|
604589 |
1 file changed, 45 insertions(+), 43 deletions(-)
|
|
|
604589 |
|
|
|
604589 |
diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c
|
|
|
604589 |
index 2355beb..ef26742 100644
|
|
|
604589 |
--- a/services/plugins/vix/vixTools.c
|
|
|
604589 |
+++ b/services/plugins/vix/vixTools.c
|
|
|
604589 |
@@ -9616,7 +9616,6 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN
|
|
|
604589 |
char *destPtr;
|
|
|
604589 |
char *endDestPtr;
|
|
|
604589 |
char *tmpBuf = NULL;
|
|
|
604589 |
- char *tmpBuf2 = NULL;
|
|
|
604589 |
char *recordBuf;
|
|
|
604589 |
size_t recordSize;
|
|
|
604589 |
char *escapedStr = NULL;
|
|
|
604589 |
@@ -9681,15 +9680,17 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN
|
|
|
604589 |
err = VIX_E_OUT_OF_MEMORY;
|
|
|
604589 |
goto abort;
|
|
|
604589 |
}
|
|
|
604589 |
- tmpBuf2 = Str_Asprintf(NULL, "<record><pemCert>%s</pemCert>",
|
|
|
604589 |
- escapedStr);
|
|
|
604589 |
+ tmpBuf = Str_Asprintf(NULL, "<record><pemCert>%s</pemCert>",
|
|
|
604589 |
+ escapedStr);
|
|
|
604589 |
free(escapedStr);
|
|
|
604589 |
escapedStr = NULL;
|
|
|
604589 |
- if (tmpBuf2 == NULL) {
|
|
|
604589 |
+ if (tmpBuf == NULL) {
|
|
|
604589 |
err = VIX_E_OUT_OF_MEMORY;
|
|
|
604589 |
goto abort;
|
|
|
604589 |
}
|
|
|
604589 |
for (j = 0; j < uaList[i].numInfos; j++) {
|
|
|
604589 |
+ char *nextBuf;
|
|
|
604589 |
+
|
|
|
604589 |
if (uaList[i].infos[j].comment) {
|
|
|
604589 |
escapedStr = VixToolsEscapeXMLString(uaList[i].infos[j].comment);
|
|
|
604589 |
if (escapedStr == NULL) {
|
|
|
604589 |
@@ -9704,25 +9705,26 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN
|
|
|
604589 |
goto abort;
|
|
|
604589 |
}
|
|
|
604589 |
}
|
|
|
604589 |
- tmpBuf = Str_Asprintf(NULL,
|
|
|
604589 |
- "%s"
|
|
|
604589 |
- "<alias>"
|
|
|
604589 |
- "<type>%d</type>"
|
|
|
604589 |
- "<name>%s</name>"
|
|
|
604589 |
- "<comment>%s</comment>"
|
|
|
604589 |
- "</alias>",
|
|
|
604589 |
- tmpBuf2,
|
|
|
604589 |
- (uaList[i].infos[j].subject.type == VGAUTH_SUBJECT_NAMED)
|
|
|
604589 |
- ? VIX_GUEST_AUTH_SUBJECT_TYPE_NAMED :
|
|
|
604589 |
- VIX_GUEST_AUTH_SUBJECT_TYPE_ANY,
|
|
|
604589 |
- escapedStr2 ? escapedStr2 : "",
|
|
|
604589 |
- escapedStr ? escapedStr : "");
|
|
|
604589 |
- if (tmpBuf == NULL) {
|
|
|
604589 |
+ nextBuf = Str_Asprintf(NULL,
|
|
|
604589 |
+ "%s"
|
|
|
604589 |
+ "<alias>"
|
|
|
604589 |
+ "<type>%d</type>"
|
|
|
604589 |
+ "<name>%s</name>"
|
|
|
604589 |
+ "<comment>%s</comment>"
|
|
|
604589 |
+ "</alias>",
|
|
|
604589 |
+ tmpBuf,
|
|
|
604589 |
+ (uaList[i].infos[j].subject.type ==
|
|
|
604589 |
+ VGAUTH_SUBJECT_NAMED) ?
|
|
|
604589 |
+ VIX_GUEST_AUTH_SUBJECT_TYPE_NAMED :
|
|
|
604589 |
+ VIX_GUEST_AUTH_SUBJECT_TYPE_ANY,
|
|
|
604589 |
+ escapedStr2 ? escapedStr2 : "",
|
|
|
604589 |
+ escapedStr ? escapedStr : "");
|
|
|
604589 |
+ if (nextBuf == NULL) {
|
|
|
604589 |
err = VIX_E_OUT_OF_MEMORY;
|
|
|
604589 |
goto abort;
|
|
|
604589 |
}
|
|
|
604589 |
- free(tmpBuf2);
|
|
|
604589 |
- tmpBuf2 = tmpBuf;
|
|
|
604589 |
+ free(tmpBuf);
|
|
|
604589 |
+ tmpBuf = nextBuf;
|
|
|
604589 |
free(escapedStr);
|
|
|
604589 |
escapedStr = NULL;
|
|
|
604589 |
free(escapedStr2);
|
|
|
604589 |
@@ -9732,7 +9734,7 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN
|
|
|
604589 |
"%s</record>",
|
|
|
604589 |
tmpBuf);
|
|
|
604589 |
free(tmpBuf);
|
|
|
604589 |
- tmpBuf = tmpBuf2 = NULL;
|
|
|
604589 |
+ tmpBuf = NULL;
|
|
|
604589 |
if (recordBuf == NULL) {
|
|
|
604589 |
err = VIX_E_OUT_OF_MEMORY;
|
|
|
604589 |
goto abort;
|
|
|
604589 |
@@ -9752,7 +9754,6 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN
|
|
|
604589 |
|
|
|
604589 |
abort:
|
|
|
604589 |
free(tmpBuf);
|
|
|
604589 |
- free(tmpBuf2);
|
|
|
604589 |
free(escapedStr);
|
|
|
604589 |
free(escapedStr2);
|
|
|
604589 |
VGAuth_FreeUserAliasList(num, uaList);
|
|
|
604589 |
@@ -9812,7 +9813,6 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN
|
|
|
604589 |
char *destPtr;
|
|
|
604589 |
char *endDestPtr;
|
|
|
604589 |
char *tmpBuf = NULL;
|
|
|
604589 |
- char *tmpBuf2 = NULL;
|
|
|
604589 |
char *recordBuf;
|
|
|
604589 |
char *escapedStr = NULL;
|
|
|
604589 |
char *escapedStr2 = NULL;
|
|
|
604589 |
@@ -9876,19 +9876,21 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN
|
|
|
604589 |
err = VIX_E_OUT_OF_MEMORY;
|
|
|
604589 |
goto abort;
|
|
|
604589 |
}
|
|
|
604589 |
- tmpBuf2 = Str_Asprintf(NULL, "<record><pemCert>%s</pemCert>"
|
|
|
604589 |
- "<userName>%s</userName>",
|
|
|
604589 |
- escapedStr,
|
|
|
604589 |
- escapedStr2);
|
|
|
604589 |
+ tmpBuf = Str_Asprintf(NULL, "<record><pemCert>%s</pemCert>"
|
|
|
604589 |
+ "<userName>%s</userName>",
|
|
|
604589 |
+ escapedStr,
|
|
|
604589 |
+ escapedStr2);
|
|
|
604589 |
g_free(escapedStr2);
|
|
|
604589 |
g_free(escapedStr);
|
|
|
604589 |
escapedStr = NULL;
|
|
|
604589 |
escapedStr2 = NULL;
|
|
|
604589 |
- if (tmpBuf2 == NULL) {
|
|
|
604589 |
+ if (tmpBuf == NULL) {
|
|
|
604589 |
err = VIX_E_OUT_OF_MEMORY;
|
|
|
604589 |
goto abort;
|
|
|
604589 |
}
|
|
|
604589 |
for (j = 0; j < maList[i].numSubjects; j++) {
|
|
|
604589 |
+ char *nextBuf;
|
|
|
604589 |
+
|
|
|
604589 |
if (maList[i].subjects[j].type == VGAUTH_SUBJECT_NAMED) {
|
|
|
604589 |
escapedStr = VixToolsEscapeXMLString(maList[i].subjects[j].val.name);
|
|
|
604589 |
if (escapedStr == NULL) {
|
|
|
604589 |
@@ -9896,23 +9898,24 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN
|
|
|
604589 |
goto abort;
|
|
|
604589 |
}
|
|
|
604589 |
}
|
|
|
604589 |
- tmpBuf = Str_Asprintf(NULL,
|
|
|
604589 |
- "%s"
|
|
|
604589 |
- "<alias>"
|
|
|
604589 |
- "<type>%d</type>"
|
|
|
604589 |
- "<name>%s</name>"
|
|
|
604589 |
- "</alias>",
|
|
|
604589 |
- tmpBuf2,
|
|
|
604589 |
- (maList[i].subjects[j].type == VGAUTH_SUBJECT_NAMED)
|
|
|
604589 |
- ? VIX_GUEST_AUTH_SUBJECT_TYPE_NAMED :
|
|
|
604589 |
- VIX_GUEST_AUTH_SUBJECT_TYPE_ANY,
|
|
|
604589 |
+ nextBuf = Str_Asprintf(NULL,
|
|
|
604589 |
+ "%s"
|
|
|
604589 |
+ "<alias>"
|
|
|
604589 |
+ "<type>%d</type>"
|
|
|
604589 |
+ "<name>%s</name>"
|
|
|
604589 |
+ "</alias>",
|
|
|
604589 |
+ tmpBuf,
|
|
|
604589 |
+ (maList[i].subjects[j].type ==
|
|
|
604589 |
+ VGAUTH_SUBJECT_NAMED) ?
|
|
|
604589 |
+ VIX_GUEST_AUTH_SUBJECT_TYPE_NAMED :
|
|
|
604589 |
+ VIX_GUEST_AUTH_SUBJECT_TYPE_ANY,
|
|
|
604589 |
escapedStr ? escapedStr : "");
|
|
|
604589 |
- if (tmpBuf == NULL) {
|
|
|
604589 |
+ if (nextBuf == NULL) {
|
|
|
604589 |
err = VIX_E_OUT_OF_MEMORY;
|
|
|
604589 |
goto abort;
|
|
|
604589 |
}
|
|
|
604589 |
- free(tmpBuf2);
|
|
|
604589 |
- tmpBuf2 = tmpBuf;
|
|
|
604589 |
+ free(tmpBuf);
|
|
|
604589 |
+ tmpBuf = nextBuf;
|
|
|
604589 |
free(escapedStr);
|
|
|
604589 |
escapedStr = NULL;
|
|
|
604589 |
}
|
|
|
604589 |
@@ -9920,7 +9923,7 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN
|
|
|
604589 |
"%s</record>",
|
|
|
604589 |
tmpBuf);
|
|
|
604589 |
free(tmpBuf);
|
|
|
604589 |
- tmpBuf = tmpBuf2 = NULL;
|
|
|
604589 |
+ tmpBuf = NULL;
|
|
|
604589 |
if (recordBuf == NULL) {
|
|
|
604589 |
err = VIX_E_OUT_OF_MEMORY;
|
|
|
604589 |
goto abort;
|
|
|
604589 |
@@ -9940,7 +9943,6 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN
|
|
|
604589 |
|
|
|
604589 |
abort:
|
|
|
604589 |
free(tmpBuf);
|
|
|
604589 |
- free(tmpBuf2);
|
|
|
604589 |
free(escapedStr);
|
|
|
604589 |
free(escapedStr2);
|
|
|
604589 |
VGAuth_FreeMappedAliasList(num, maList);
|
|
|
604589 |
--
|
|
|
604589 |
1.8.3.1
|
|
|
604589 |
|