|
 |
80913e |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
80913e |
From: Darren Kenny <darren.kenny@oracle.com>
|
|
|
80913e |
Date: Thu, 26 Nov 2020 12:48:07 +0000
|
|
|
80913e |
Subject: [PATCH] affs: Fix memory leaks
|
|
|
80913e |
|
|
|
80913e |
The node structure reference is being allocated but not freed if it
|
|
|
80913e |
reaches the end of the function. If any of the hooks had returned
|
|
|
80913e |
a non-zero value, then node would have been copied in to the context
|
|
|
80913e |
reference, but otherwise node is not stored and should be freed.
|
|
|
80913e |
|
|
|
80913e |
Similarly, the call to grub_affs_create_node() replaces the allocated
|
|
|
80913e |
memory in node with a newly allocated structure, leaking the existing
|
|
|
80913e |
memory pointed by node.
|
|
|
80913e |
|
|
|
80913e |
Finally, when dir->parent is set, then we again replace node with newly
|
|
|
80913e |
allocated memory, which seems unnecessary when we copy in the values
|
|
|
80913e |
from dir->parent immediately after.
|
|
|
80913e |
|
|
|
80913e |
Fixes: CID 73759
|
|
|
80913e |
|
|
|
80913e |
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
|
|
|
80913e |
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
|
80913e |
---
|
|
|
80913e |
grub-core/fs/affs.c | 18 ++++++++----------
|
|
|
80913e |
1 file changed, 8 insertions(+), 10 deletions(-)
|
|
|
80913e |
|
|
|
80913e |
diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
|
|
|
b32e65 |
index 91073795f..e4615c743 100644
|
|
|
80913e |
--- a/grub-core/fs/affs.c
|
|
|
80913e |
+++ b/grub-core/fs/affs.c
|
|
|
80913e |
@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
|
|
|
80913e |
{
|
|
|
80913e |
unsigned int i;
|
|
|
80913e |
struct grub_affs_file file;
|
|
|
80913e |
- struct grub_fshelp_node *node = 0;
|
|
|
80913e |
+ struct grub_fshelp_node *node, *orig_node;
|
|
|
80913e |
struct grub_affs_data *data = dir->data;
|
|
|
80913e |
grub_uint32_t *hashtable;
|
|
|
80913e |
|
|
|
80913e |
/* Create the directory entries for `.' and `..'. */
|
|
|
80913e |
- node = grub_zalloc (sizeof (*node));
|
|
|
80913e |
+ node = orig_node = grub_zalloc (sizeof (*node));
|
|
|
80913e |
if (!node)
|
|
|
80913e |
return 1;
|
|
|
80913e |
|
|
|
80913e |
@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
|
|
|
80913e |
return 1;
|
|
|
80913e |
if (dir->parent)
|
|
|
80913e |
{
|
|
|
80913e |
- node = grub_zalloc (sizeof (*node));
|
|
|
80913e |
- if (!node)
|
|
|
80913e |
- return 1;
|
|
|
80913e |
*node = *dir->parent;
|
|
|
80913e |
if (hook ("..", GRUB_FSHELP_DIR, node, hook_data))
|
|
|
80913e |
return 1;
|
|
|
80913e |
@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
|
|
|
80913e |
|
|
|
80913e |
if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable,
|
|
|
80913e |
next, &file))
|
|
|
80913e |
- return 1;
|
|
|
80913e |
+ {
|
|
|
80913e |
+ /* Node has been replaced in function. */
|
|
|
80913e |
+ grub_free (orig_node);
|
|
|
80913e |
+ return 1;
|
|
|
80913e |
+ }
|
|
|
80913e |
|
|
|
80913e |
next = grub_be_to_cpu32 (file.next);
|
|
|
80913e |
}
|
|
|
80913e |
}
|
|
|
80913e |
|
|
|
80913e |
- grub_free (hashtable);
|
|
|
80913e |
- return 0;
|
|
|
80913e |
-
|
|
|
80913e |
fail:
|
|
|
80913e |
- grub_free (node);
|
|
|
80913e |
+ grub_free (orig_node);
|
|
|
80913e |
grub_free (hashtable);
|
|
|
80913e |
return 0;
|
|
|
80913e |
}
|