|
Zbigniew Jędrzejewski-Szmek |
5d6eed |
From a4ead9514b411945f9525ac33901db2b557ce9d0 Mon Sep 17 00:00:00 2001
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
From: Evgeny Vereshchagin <evvers@ya.ru>
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
Date: Mon, 9 Jan 2017 04:46:11 +0000
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
Subject: [PATCH] shared: fix double free in link
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
Fixes:
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
```
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
touch hola.service
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
systemctl link $(pwd)/hola.service $(pwd)/hola.service
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
```
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
```
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
==1==ERROR: AddressSanitizer: attempting double-free on 0x60300002c560 in thread T0 (systemd):
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#1 0x7fc8c90ebd3b in strv_clear src/basic/strv.c:83
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#2 0x7fc8c90ebdb6 in strv_free src/basic/strv.c:89
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#3 0x55637c758c77 in strv_freep src/basic/strv.h:37
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#4 0x55637c763ba9 in method_enable_unit_files_generic src/core/dbus-manager.c:1960
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#18 0x55637c6a2194 in main src/core/main.c:1920
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#20 0x55637c697339 in _start (/usr/lib/systemd/systemd+0xcd339)
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
0x60300002c560 is located 0 bytes inside of 19-byte region [0x60300002c560,0x60300002c573)
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
freed by thread T0 (systemd) here:
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#1 0x7fc8c90ee320 in strv_remove src/basic/strv.c:630
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#2 0x7fc8c90ee190 in strv_uniq src/basic/strv.c:602
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#3 0x7fc8c9180533 in unit_file_link src/shared/install.c:1996
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#4 0x55637c763b25 in method_enable_unit_files_generic src/core/dbus-manager.c:1985
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#18 0x55637c6a2194 in main src/core/main.c:1920
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
previously allocated by thread T0 (systemd) here:
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#0 0x7fc8c95b0160 in strdup (/lib64/libasan.so.3+0x5a160)
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#1 0x7fc8c90edf32 in strv_extend src/basic/strv.c:552
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#2 0x7fc8c923ae41 in bus_message_read_strv_extend src/libsystemd/sd-bus/bus-message.c:5578
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#3 0x7fc8c923b0de in sd_bus_message_read_strv src/libsystemd/sd-bus/bus-message.c:5600
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#4 0x55637c7639d1 in method_enable_unit_files_generic src/core/dbus-manager.c:1969
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#18 0x55637c6a2194 in main src/core/main.c:1920
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
SUMMARY: AddressSanitizer: double-free (/lib64/libasan.so.3+0xc6b00) in free
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
==1==ABORTING
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
```
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
Closes #5015
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
(cherry picked from commit 8af35ba681116eb79a46e3dbd65b166c1efd6164)
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
---
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
src/shared/install.c | 8 ++++++--
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
1 file changed, 6 insertions(+), 2 deletions(-)
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
diff --git a/src/shared/install.c b/src/shared/install.c
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
index 5f0eec3ccb..64fe522ebb 100644
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
--- a/src/shared/install.c
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
+++ b/src/shared/install.c
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
@@ -1947,7 +1947,7 @@ int unit_file_link(
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
unsigned *n_changes) {
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
_cleanup_lookup_paths_free_ LookupPaths paths = {};
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
- _cleanup_free_ char **todo = NULL;
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
+ _cleanup_strv_free_ char **todo = NULL;
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
size_t n_todo = 0, n_allocated = 0;
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
const char *config_path;
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
char **i;
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
@@ -1996,7 +1996,11 @@ int unit_file_link(
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
if (!GREEDY_REALLOC0(todo, n_allocated, n_todo + 2))
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
return -ENOMEM;
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
- todo[n_todo++] = *i;
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
+ todo[n_todo] = strdup(*i);
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
+ if (!todo[n_todo])
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
+ return -ENOMEM;
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
+
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
+ n_todo++;
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
}
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
|
|
Zbigniew Jędrzejewski-Szmek |
03e93e |
strv_uniq(todo);
|