[SECURITY PATCH 040/117] affs: Fix memory leaks

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY PATCH 040/117] affs: Fix memory leaks

From:	Daniel Kiper
Subject:	[SECURITY PATCH 040/117] affs: Fix memory leaks
Date:	Tue, 2 Mar 2021 19:00:47 +0100

From: Darren Kenny <darren.kenny@oracle.com>

The node structure reference is being allocated but not freed if it
reaches the end of the function. If any of the hooks had returned
a non-zero value, then node would have been copied in to the context
reference, but otherwise node is not stored and should be freed.

Similarly, the call to grub_affs_create_node() replaces the allocated
memory in node with a newly allocated structure, leaking the existing
memory pointed by node.

Finally, when dir->parent is set, then we again replace node with newly
allocated memory, which seems unnecessary when we copy in the values
from dir->parent immediately after.

Fixes: CID 73759

Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 grub-core/fs/affs.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
index 220b3712f..230e26af0 100644
--- a/grub-core/fs/affs.c
+++ b/grub-core/fs/affs.c
@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
 {
   unsigned int i;
   struct grub_affs_file file;
-  struct grub_fshelp_node *node = 0;
+  struct grub_fshelp_node *node, *orig_node;
   struct grub_affs_data *data = dir->data;
   grub_uint32_t *hashtable;
 
   /* Create the directory entries for `.' and `..'.  */
-  node = grub_zalloc (sizeof (*node));
+  node = orig_node = grub_zalloc (sizeof (*node));
   if (!node)
     return 1;
     
@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
     return 1;
   if (dir->parent)
     {
-      node = grub_zalloc (sizeof (*node));
-      if (!node)
-       return 1;
       *node = *dir->parent;
       if (hook ("..", GRUB_FSHELP_DIR, node, hook_data))
        return 1;
@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
 
          if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable,
                                     next, &file))
-           return 1;
+           {
+             /* Node has been replaced in function. */
+             grub_free (orig_node);
+             return 1;
+           }
 
          next = grub_be_to_cpu32 (file.next);
        }
     }
 
-  grub_free (hashtable);
-  return 0;
-
  fail:
-  grub_free (node);
+  grub_free (orig_node);
   grub_free (hashtable);
   return 0;
 }
-- 
2.11.0

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [SECURITY PATCH 029/117] zstd: Initialize seq_t structure fully, (continued)
- [SECURITY PATCH 033/117] disk/ldm: Fix memory leak on uninserted lv references, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 027/117] gnulib/regcomp: Fix uninitialized re_token, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 031/117] disk/ldm: Make sure comp data is freed before exiting from make_vg(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 034/117] disk/cryptodisk: Fix potential integer overflow, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 035/117] hfsplus: Check that the volume name length is valid, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 036/117] zfs: Fix possible negative shift operation, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 028/117] io/lzopio: Resolve unnecessary self-assignment errors, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 039/117] zfsinfo: Correct a check for error allocating memory, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 032/117] disk/ldm: If failed then free vg variable too, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 040/117] affs: Fix memory leaks, Daniel Kiper <=
- [SECURITY PATCH 038/117] zfs: Fix possible integer overflows, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 037/117] zfs: Fix resource leaks while constructing path, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 041/117] libgcrypt/mpi: Fix possible unintended sign extension, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 044/117] normal/completion: Fix leaking of memory when processing a completion, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 043/117] syslinux: Fix memory leak while parsing, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 045/117] commands/hashsum: Fix a memory leak, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 042/117] libgcrypt/mpi: Fix possible NULL dereference, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 046/117] commands/probe: Fix a resource leak when probing disks, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 047/117] video/efi_gop: Remove unnecessary return value of grub_video_gop_fill_mode_info(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 050/117] video/fb/video_fb: Fix possible integer overflow, Daniel Kiper, 2021/03/02

Prev by Date: [SECURITY PATCH 032/117] disk/ldm: If failed then free vg variable too
Next by Date: [SECURITY PATCH 038/117] zfs: Fix possible integer overflows
Previous by thread: [SECURITY PATCH 032/117] disk/ldm: If failed then free vg variable too
Next by thread: [SECURITY PATCH 038/117] zfs: Fix possible integer overflows
Index(es):
- Date
- Thread