v2
Taking into consideration the comments and suggstions made
corrected patch files.
v1
This series of patches fix a number of potential memory leaks
and memory errors within nfs-utils that mostly happen under
various error conditions.
Signed-off-by: Alice Mitchell <[email protected]>
Alice Mitchell (4):
nfs-utils: Fix potential memory leaks in idmap
nfs-utils: Fix mem leaks in gssd
nfs-utils: Fix mem leaks in krb5_util
nfs-utils: Fix mem leak in mountd
support/nfsidmap/nss.c | 6 ++----
support/nfsidmap/regex.c | 1 +
utils/gssd/gssd.c | 10 +++++-----
utils/gssd/krb5_util.c | 14 ++++++++++++--
utils/mountd/rmtab.c | 3 +++
5 files changed, 23 insertions(+), 11 deletions(-)
--
2.27.0
query_krb5_ccache: if the ret_realm strdup fails then ret_princname leaks
gssd_get_krb5_machine_cred_list: l was being leaked if the realloc failed
it was also leaked if the strdup of ccname failed
Signed-off-by: Alice Mitchell <[email protected]>
---
utils/gssd/krb5_util.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index c5f1152..6d059f3 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1129,6 +1129,12 @@ query_krb5_ccache(const char* cred_cache, char **ret_princname,
*str = '\0';
*ret_princname = strdup(princstring);
*ret_realm = strdup(str+1);
+ if (!*ret_princname || !*ret_realm) {
+ free(*ret_princname);
+ free(*ret_realm);
+ *ret_princname = NULL;
+ *ret_realm = NULL;
+ }
}
k5_free_unparsed_name(context, princstring);
}
@@ -1350,15 +1356,19 @@ gssd_get_krb5_machine_cred_list(char ***list)
if (retval)
continue;
if (i + 1 > listsize) {
+ char **tmplist;
listsize += listinc;
- l = (char **)
+ tmplist = (char **)
realloc(l, listsize * sizeof(char *));
- if (l == NULL) {
+ if (tmplist == NULL) {
+ gssd_free_krb5_machine_cred_list(l);
retval = ENOMEM;
goto out_lock;
}
+ l = tmplist;
}
if ((l[i++] = strdup(ple->ccname)) == NULL) {
+ gssd_free_krb5_machine_cred_list(l);
retval = ENOMEM;
goto out_lock;
}
--
2.27.0
leak of mountlist struct and content on error
Signed-off-by: Alice Mitchell <[email protected]>
---
utils/mountd/rmtab.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/utils/mountd/rmtab.c b/utils/mountd/rmtab.c
index 2da9761..752fdb6 100644
--- a/utils/mountd/rmtab.c
+++ b/utils/mountd/rmtab.c
@@ -233,6 +233,9 @@ mountlist_list(void)
m->ml_directory = strdup(rep->r_path);
if (m->ml_hostname == NULL || m->ml_directory == NULL) {
+ free(m->ml_hostname);
+ free(m->ml_directory);
+ free(m);
mountlist_freeall(mlist);
mlist = NULL;
xlog(L_ERROR, "%s: memory allocation failed",
--
2.27.0
ccachedir_copy isnt used properly and is leaking, ccachedir gets modified
by a strtok, altering the original argv or conf parameter which is an
undesirable side-effect
Signed-off-by: Alice Mitchell <[email protected]>
---
utils/gssd/gssd.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index 4113cba..833d8e0 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -1016,7 +1016,7 @@ read_gss_conf(void)
keytabfile = s;
s = conf_get_str("gssd", "cred-cache-directory");
if (s)
- ccachedir = s;
+ ccachedir = strdup(s);
s = conf_get_str("gssd", "preferred-realm");
if (s)
preferred_realm = s;
@@ -1070,7 +1070,8 @@ main(int argc, char *argv[])
keytabfile = optarg;
break;
case 'd':
- ccachedir = optarg;
+ free(ccachedir);
+ ccachedir = strdup(optarg);
break;
case 't':
context_timeout = atoi(optarg);
@@ -1133,7 +1134,6 @@ main(int argc, char *argv[])
}
if (ccachedir) {
- char *ccachedir_copy;
char *ptr;
for (ptr = ccachedir, i = 2; *ptr; ptr++)
@@ -1141,8 +1141,7 @@ main(int argc, char *argv[])
i++;
ccachesearch = malloc(i * sizeof(char *));
- ccachedir_copy = strdup(ccachedir);
- if (!ccachedir_copy || !ccachesearch) {
+ if (!ccachesearch) {
printerr(0, "malloc failure\n");
exit(EXIT_FAILURE);
}
@@ -1274,6 +1273,7 @@ main(int argc, char *argv[])
free(preferred_realm);
free(ccachesearch);
+ free(ccachedir);
return rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
--
2.27.0
regex.c: regex_getpwnam() would leak memory if the name was not found.
nss.c: nss_name_to_gid() the conditional frees look like a potential
memory leak, removed the unnecessary conditions.
Signed-off-by: Alice Mitchell <[email protected]>
---
support/nfsidmap/nss.c | 6 ++----
support/nfsidmap/regex.c | 1 +
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/support/nfsidmap/nss.c b/support/nfsidmap/nss.c
index 669760b..0f43076 100644
--- a/support/nfsidmap/nss.c
+++ b/support/nfsidmap/nss.c
@@ -365,10 +365,8 @@ static int _nss_name_to_gid(char *name, gid_t *gid, int dostrip)
out_buf:
free(buf);
out_name:
- if (dostrip)
- free(localname);
- if (get_reformat_group())
- free(ref_name);
+ free(localname);
+ free(ref_name);
out:
return err;
}
diff --git a/support/nfsidmap/regex.c b/support/nfsidmap/regex.c
index fdbb2e2..958b4ac 100644
--- a/support/nfsidmap/regex.c
+++ b/support/nfsidmap/regex.c
@@ -157,6 +157,7 @@ again:
IDMAP_LOG(4, ("regexp_getpwnam: name '%s' mapped to '%s'",
name, localname));
+ free(localname);
*err_p = 0;
return pw;
--
2.27.0
On 8/12/21 2:13 PM, Alice Mitchell wrote:
> v2
> Taking into consideration the comments and suggstions made
> corrected patch files.
>
> v1
> This series of patches fix a number of potential memory leaks
> and memory errors within nfs-utils that mostly happen under
> various error conditions.
>
> Signed-off-by: Alice Mitchell <[email protected]>
Committed (Tag: nfs-utils-2-5-5-rc2)
steved.
>
> Alice Mitchell (4):
> nfs-utils: Fix potential memory leaks in idmap
> nfs-utils: Fix mem leaks in gssd
> nfs-utils: Fix mem leaks in krb5_util
> nfs-utils: Fix mem leak in mountd
>
> support/nfsidmap/nss.c | 6 ++----
> support/nfsidmap/regex.c | 1 +
> utils/gssd/gssd.c | 10 +++++-----
> utils/gssd/krb5_util.c | 14 ++++++++++++--
> utils/mountd/rmtab.c | 3 +++
> 5 files changed, 23 insertions(+), 11 deletions(-)
>