alaurie / rpms / plymouth

Forked from rpms/plymouth 19 days ago
Clone

Blame SOURCES/0006-boot-server-free-the-argument-and-triggers.patch

ff210d
From ebb1c642cd62592afc1ece9e0cf5d2ec9dfb84c0 Mon Sep 17 00:00:00 2001
ff210d
From: Ray Strode <rstrode@redhat.com>
ff210d
Date: Mon, 15 Oct 2018 21:56:03 -0400
ff210d
Subject: [PATCH 6/6] boot-server: free the argument and triggers
ff210d
ff210d
coverity found some pervasive leaking of the argument
ff210d
and triggers.
ff210d
ff210d
This commit mops them up.
ff210d
---
ff210d
 src/ply-boot-server.c | 17 +++++++++++++++++
ff210d
 1 file changed, 17 insertions(+)
ff210d
ff210d
diff --git a/src/ply-boot-server.c b/src/ply-boot-server.c
ff210d
index 3c1a268..ff0e6fd 100644
ff210d
--- a/src/ply-boot-server.c
ff210d
+++ b/src/ply-boot-server.c
ff210d
@@ -359,60 +359,61 @@ print_connection_process_identity (ply_boot_connection_t *connection)
ff210d
 
ff210d
 static void
ff210d
 ply_boot_connection_on_request (ply_boot_connection_t *connection)
ff210d
 {
ff210d
         ply_boot_server_t *server;
ff210d
         char *command, *argument;
ff210d
 
ff210d
         assert (connection != NULL);
ff210d
         assert (connection->fd >= 0);
ff210d
 
ff210d
         server = connection->server;
ff210d
         assert (server != NULL);
ff210d
 
ff210d
         if (!ply_boot_connection_read_request (connection,
ff210d
                                                &command, &argument)) {
ff210d
                 ply_trace ("could not read connection request");
ff210d
                 return;
ff210d
         }
ff210d
 
ff210d
         if (ply_is_tracing ())
ff210d
                 print_connection_process_identity (connection);
ff210d
 
ff210d
         if (!ply_boot_connection_is_from_root (connection)) {
ff210d
                 ply_error ("request came from non-root user");
ff210d
 
ff210d
                 if (!ply_write (connection->fd,
ff210d
                                 PLY_BOOT_PROTOCOL_RESPONSE_TYPE_NAK,
ff210d
                                 strlen (PLY_BOOT_PROTOCOL_RESPONSE_TYPE_NAK)))
ff210d
                         ply_trace ("could not finish writing is-not-root nak: %m");
ff210d
 
ff210d
+                free (argument);
ff210d
                 free (command);
ff210d
                 return;
ff210d
         }
ff210d
 
ff210d
         if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_UPDATE) == 0) {
ff210d
                 if (!ply_write (connection->fd,
ff210d
                                 PLY_BOOT_PROTOCOL_RESPONSE_TYPE_ACK,
ff210d
                                 strlen (PLY_BOOT_PROTOCOL_RESPONSE_TYPE_ACK)) &&
ff210d
                     errno != EPIPE)
ff210d
                         ply_trace ("could not finish writing update reply: %m");
ff210d
 
ff210d
                 ply_trace ("got update request");
ff210d
                 if (server->update_handler != NULL)
ff210d
                         server->update_handler (server->user_data, argument, server);
ff210d
                 free (argument);
ff210d
                 free (command);
ff210d
                 return;
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_CHANGE_MODE) == 0) {
ff210d
                 if (!ply_write (connection->fd,
ff210d
                                 PLY_BOOT_PROTOCOL_RESPONSE_TYPE_ACK,
ff210d
                                 strlen (PLY_BOOT_PROTOCOL_RESPONSE_TYPE_ACK)))
ff210d
                         ply_trace ("could not finish writing update reply: %m");
ff210d
 
ff210d
                 ply_trace ("got change mode notification");
ff210d
                 if (server->change_mode_handler != NULL)
ff210d
                         server->change_mode_handler (server->user_data, argument, server);
ff210d
                 free (argument);
ff210d
                 free (command);
ff210d
                 return;
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_SYSTEM_UPDATE) == 0) {
ff210d
@@ -439,105 +440,112 @@ ply_boot_connection_on_request (ply_boot_connection_t *connection)
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_SYSTEM_INITIALIZED) == 0) {
ff210d
                 ply_trace ("got system initialized notification");
ff210d
                 if (server->system_initialized_handler != NULL)
ff210d
                         server->system_initialized_handler (server->user_data, server);
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_ERROR) == 0) {
ff210d
                 ply_trace ("got error notification");
ff210d
                 if (server->error_handler != NULL)
ff210d
                         server->error_handler (server->user_data, server);
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_SHOW_SPLASH) == 0) {
ff210d
                 ply_trace ("got show splash request");
ff210d
                 if (server->show_splash_handler != NULL)
ff210d
                         server->show_splash_handler (server->user_data, server);
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_HIDE_SPLASH) == 0) {
ff210d
                 ply_trace ("got hide splash request");
ff210d
                 if (server->hide_splash_handler != NULL)
ff210d
                         server->hide_splash_handler (server->user_data, server);
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_DEACTIVATE) == 0) {
ff210d
                 ply_trigger_t *deactivate_trigger;
ff210d
 
ff210d
                 ply_trace ("got deactivate request");
ff210d
 
ff210d
                 deactivate_trigger = ply_trigger_new (NULL);
ff210d
 
ff210d
                 ply_trigger_add_handler (deactivate_trigger,
ff210d
                                          (ply_trigger_handler_t)
ff210d
                                          ply_boot_connection_on_deactivated,
ff210d
                                          connection);
ff210d
 
ff210d
                 if (server->deactivate_handler != NULL)
ff210d
                         server->deactivate_handler (server->user_data, deactivate_trigger, server);
ff210d
+                else
ff210d
+                        ply_trigger_free (deactivate_trigger);
ff210d
 
ff210d
                 free (argument);
ff210d
                 free (command);
ff210d
                 return;
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_REACTIVATE) == 0) {
ff210d
                 ply_trace ("got reactivate request");
ff210d
                 if (server->reactivate_handler != NULL)
ff210d
                         server->reactivate_handler (server->user_data, server);
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_QUIT) == 0) {
ff210d
                 bool retain_splash;
ff210d
                 ply_trigger_t *quit_trigger;
ff210d
 
ff210d
                 retain_splash = (bool) argument[0];
ff210d
 
ff210d
                 ply_trace ("got quit %srequest", retain_splash ? "--retain-splash " : "");
ff210d
 
ff210d
                 quit_trigger = ply_trigger_new (NULL);
ff210d
 
ff210d
                 ply_trigger_add_handler (quit_trigger,
ff210d
                                          (ply_trigger_handler_t)
ff210d
                                          ply_boot_connection_on_quit_complete,
ff210d
                                          connection);
ff210d
 
ff210d
                 if (server->quit_handler != NULL)
ff210d
                         server->quit_handler (server->user_data, retain_splash, quit_trigger, server);
ff210d
+                else
ff210d
+                        ply_trigger_free (quit_trigger);
ff210d
 
ff210d
                 free (argument);
ff210d
                 free (command);
ff210d
                 return;
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_PASSWORD) == 0) {
ff210d
                 ply_trigger_t *answer;
ff210d
 
ff210d
                 ply_trace ("got password request");
ff210d
 
ff210d
                 answer = ply_trigger_new (NULL);
ff210d
                 ply_trigger_add_handler (answer,
ff210d
                                          (ply_trigger_handler_t)
ff210d
                                          ply_boot_connection_on_password_answer,
ff210d
                                          connection);
ff210d
 
ff210d
                 if (server->ask_for_password_handler != NULL) {
ff210d
                         server->ask_for_password_handler (server->user_data,
ff210d
                                                           argument,
ff210d
                                                           answer,
ff210d
                                                           server);
ff210d
+                } else {
ff210d
+                        ply_trigger_free (answer);
ff210d
+                        free (argument);
ff210d
                 }
ff210d
                 /* will reply later
ff210d
                  */
ff210d
                 free (command);
ff210d
                 return;
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_CACHED_PASSWORD) == 0) {
ff210d
                 ply_list_node_t *node;
ff210d
                 ply_buffer_t *buffer;
ff210d
                 size_t buffer_size;
ff210d
                 uint32_t size;
ff210d
 
ff210d
                 ply_trace ("got cached password request");
ff210d
 
ff210d
                 buffer = ply_buffer_new ();
ff210d
 
ff210d
                 node = ply_list_get_first_node (server->cached_passwords);
ff210d
 
ff210d
                 ply_trace ("There are %d cached passwords",
ff210d
                            ply_list_get_length (server->cached_passwords));
ff210d
 
ff210d
                 /* Add each answer separated by their NUL terminators into
ff210d
                  * a buffer that we write out to the client
ff210d
                  */
ff210d
                 while (node != NULL) {
ff210d
                         ply_list_node_t *next_node;
ff210d
                         const char *password;
ff210d
 
ff210d
                         next_node = ply_list_get_next_node (server->cached_passwords, node);
ff210d
                         password = (const char *) ply_list_node_get_data (node);
ff210d
 
ff210d
@@ -565,146 +573,155 @@ ply_boot_connection_on_request (ply_boot_connection_t *connection)
ff210d
                                    ply_list_get_length (server->cached_passwords));
ff210d
                         if (!ply_write (connection->fd,
ff210d
                                         PLY_BOOT_PROTOCOL_RESPONSE_TYPE_MULTIPLE_ANSWERS,
ff210d
                                         strlen (PLY_BOOT_PROTOCOL_RESPONSE_TYPE_MULTIPLE_ANSWERS)) ||
ff210d
                             !ply_write_uint32 (connection->fd,
ff210d
                                                size) ||
ff210d
                             !ply_write (connection->fd,
ff210d
                                         ply_buffer_get_bytes (buffer), size))
ff210d
                                 ply_trace ("could not finish writing cached answer reply: %m");
ff210d
                 }
ff210d
 
ff210d
                 ply_buffer_free (buffer);
ff210d
                 free (command);
ff210d
                 return;
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_QUESTION) == 0) {
ff210d
                 ply_trigger_t *answer;
ff210d
 
ff210d
                 ply_trace ("got question request");
ff210d
 
ff210d
                 answer = ply_trigger_new (NULL);
ff210d
                 ply_trigger_add_handler (answer,
ff210d
                                          (ply_trigger_handler_t)
ff210d
                                          ply_boot_connection_on_question_answer,
ff210d
                                          connection);
ff210d
 
ff210d
                 if (server->ask_question_handler != NULL) {
ff210d
                         server->ask_question_handler (server->user_data,
ff210d
                                                       argument,
ff210d
                                                       answer,
ff210d
                                                       server);
ff210d
+                } else {
ff210d
+                        ply_trigger_free (answer);
ff210d
+                        free (argument);
ff210d
                 }
ff210d
                 /* will reply later
ff210d
                  */
ff210d
                 free (command);
ff210d
                 return;
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_SHOW_MESSAGE) == 0) {
ff210d
                 ply_trace ("got show message request");
ff210d
                 if (server->display_message_handler != NULL)
ff210d
                         server->display_message_handler (server->user_data, argument, server);
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_HIDE_MESSAGE) == 0) {
ff210d
                 ply_trace ("got hide message request");
ff210d
                 if (server->hide_message_handler != NULL)
ff210d
                         server->hide_message_handler (server->user_data, argument, server);
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_KEYSTROKE) == 0) {
ff210d
                 ply_trigger_t *answer;
ff210d
 
ff210d
                 ply_trace ("got keystroke request");
ff210d
 
ff210d
                 answer = ply_trigger_new (NULL);
ff210d
                 ply_trigger_add_handler (answer,
ff210d
                                          (ply_trigger_handler_t)
ff210d
                                          ply_boot_connection_on_keystroke_answer,
ff210d
                                          connection);
ff210d
 
ff210d
                 if (server->watch_for_keystroke_handler != NULL) {
ff210d
                         server->watch_for_keystroke_handler (server->user_data,
ff210d
                                                              argument,
ff210d
                                                              answer,
ff210d
                                                              server);
ff210d
+                } else {
ff210d
+                        ply_trigger_free (answer);
ff210d
+                        free (argument);
ff210d
                 }
ff210d
                 /* will reply later
ff210d
                  */
ff210d
                 free (command);
ff210d
                 return;
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_KEYSTROKE_REMOVE) == 0) {
ff210d
                 ply_trace ("got keystroke remove request");
ff210d
                 if (server->ignore_keystroke_handler != NULL)
ff210d
                         server->ignore_keystroke_handler (server->user_data,
ff210d
                                                           argument,
ff210d
                                                           server);
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_PROGRESS_PAUSE) == 0) {
ff210d
                 ply_trace ("got progress pause request");
ff210d
                 if (server->progress_pause_handler != NULL)
ff210d
                         server->progress_pause_handler (server->user_data,
ff210d
                                                         server);
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_PROGRESS_UNPAUSE) == 0) {
ff210d
                 ply_trace ("got progress unpause request");
ff210d
                 if (server->progress_unpause_handler != NULL)
ff210d
                         server->progress_unpause_handler (server->user_data,
ff210d
                                                           server);
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_NEWROOT) == 0) {
ff210d
                 ply_trace ("got newroot request");
ff210d
                 if (server->newroot_handler != NULL)
ff210d
                         server->newroot_handler (server->user_data, argument, server);
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_HAS_ACTIVE_VT) == 0) {
ff210d
                 bool answer = false;
ff210d
 
ff210d
                 ply_trace ("got has_active vt? request");
ff210d
                 if (server->has_active_vt_handler != NULL)
ff210d
                         answer = server->has_active_vt_handler (server->user_data, server);
ff210d
 
ff210d
                 if (!answer) {
ff210d
                         if (!ply_write (connection->fd,
ff210d
                                         PLY_BOOT_PROTOCOL_RESPONSE_TYPE_NAK,
ff210d
                                         strlen (PLY_BOOT_PROTOCOL_RESPONSE_TYPE_NAK)))
ff210d
                                 ply_trace ("could not finish writing nak: %m");
ff210d
 
ff210d
+                        free (argument);
ff210d
                         free (command);
ff210d
                         return;
ff210d
                 }
ff210d
         } else if (strcmp (command, PLY_BOOT_PROTOCOL_REQUEST_TYPE_PING) != 0) {
ff210d
                 ply_error ("received unknown command '%s' from client", command);
ff210d
 
ff210d
                 if (!ply_write (connection->fd,
ff210d
                                 PLY_BOOT_PROTOCOL_RESPONSE_TYPE_NAK,
ff210d
                                 strlen (PLY_BOOT_PROTOCOL_RESPONSE_TYPE_NAK)))
ff210d
                         ply_trace ("could not finish writing ping reply: %m");
ff210d
 
ff210d
+                free (argument);
ff210d
                 free (command);
ff210d
                 return;
ff210d
         }
ff210d
 
ff210d
         if (!ply_write (connection->fd,
ff210d
                         PLY_BOOT_PROTOCOL_RESPONSE_TYPE_ACK,
ff210d
                         strlen (PLY_BOOT_PROTOCOL_RESPONSE_TYPE_ACK)))
ff210d
                 ply_trace ("could not finish writing ack: %m");
ff210d
+        free (argument);
ff210d
         free (command);
ff210d
 }
ff210d
 
ff210d
 static void
ff210d
 ply_boot_connection_on_hangup (ply_boot_connection_t *connection)
ff210d
 {
ff210d
         ply_list_node_t *node;
ff210d
         ply_boot_server_t *server;
ff210d
 
ff210d
         assert (connection != NULL);
ff210d
         assert (connection->server != NULL);
ff210d
 
ff210d
         server = connection->server;
ff210d
 
ff210d
         node = ply_list_find_node (server->connections, connection);
ff210d
 
ff210d
         assert (node != NULL);
ff210d
 
ff210d
         ply_boot_connection_free (connection);
ff210d
         ply_list_remove_node (server->connections, node);
ff210d
 }
ff210d
 
ff210d
 static void
ff210d
 ply_boot_server_on_new_connection (ply_boot_server_t *server)
ff210d
 {
ff210d
         ply_boot_connection_t *connection;
ff210d
         int fd;
ff210d
 
ff210d
         assert (server != NULL);
ff210d
 
ff210d
-- 
ff210d
2.17.1
ff210d