strdup of exportent uuid and hostname in getexportent() ends up leaking
memory. Free the memory before getexportent() is called again from xtab_read()
Signed-off-by: Nikhil Kshirsagar <[email protected]>
---
support/export/xtab.c | 19 ++++++++++++++++++-
support/nfs/exports.c | 15 +++++++++++++--
2 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/support/export/xtab.c b/support/export/xtab.c
index d42eeef..1e1d679 100644
--- a/support/export/xtab.c
+++ b/support/export/xtab.c
@@ -50,6 +50,14 @@ xtab_read(char *xtab, char *lockfn, int is_export)
while ((xp = getexportent(is_export==0, 0)) != NULL) {
if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) &&
!(exp = export_create(xp, is_export!=1))) {
+ if(xp->e_hostname) {
+ free(xp->e_hostname);
+ xp->e_hostname=NULL;
+ }
+ if(xp->e_uuid) {
+ free(xp->e_uuid);
+ xp->e_uuid=NULL;
+ }
continue;
}
switch (is_export) {
@@ -62,7 +70,16 @@ xtab_read(char *xtab, char *lockfn, int is_export)
if ((xp->e_flags & NFSEXP_FSID) && xp->e_fsid == 0)
v4root_needed = 0;
break;
- }
+ }
+ if(xp->e_hostname) {
+ free(xp->e_hostname);
+ xp->e_hostname=NULL;
+ }
+ if(xp->e_uuid) {
+ free(xp->e_uuid);
+ xp->e_uuid=NULL;
+ }
+
}
endexportent();
xfunlock(lockid);
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index 5f4cb95..a7582ca 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -179,9 +179,20 @@ getexportent(int fromkernel, int fromexports)
}
ee.e_hostname = xstrdup(hostname);
- if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0)
- return NULL;
+ if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) {
+ if(ee.e_hostname)
+ {
+ xfree(ee.e_hostname);
+ ee.e_hostname=NULL;
+ }
+ if(ee.e_uuid)
+ {
+ xfree(ee.e_uuid);
+ ee.e_uuid=NULL;
+ }
+ return NULL;
+ }
/* resolve symlinks */
if (realpath(ee.e_path, rpath) != NULL) {
rpath[sizeof (rpath) - 1] = '\0';
--
1.8.3.1
On 5/23/19 1:47 AM, Nikhil Kshirsagar wrote:
> strdup of exportent uuid and hostname in getexportent() ends up leaking
> memory. Free the memory before getexportent() is called again from xtab_read()
>
> Signed-off-by: Nikhil Kshirsagar <[email protected]>
Committed...
steved.
> ---
> support/export/xtab.c | 19 ++++++++++++++++++-
> support/nfs/exports.c | 15 +++++++++++++--
> 2 files changed, 31 insertions(+), 3 deletions(-)
>
> diff --git a/support/export/xtab.c b/support/export/xtab.c
> index d42eeef..1e1d679 100644
> --- a/support/export/xtab.c
> +++ b/support/export/xtab.c
> @@ -50,6 +50,14 @@ xtab_read(char *xtab, char *lockfn, int is_export)
> while ((xp = getexportent(is_export==0, 0)) != NULL) {
> if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) &&
> !(exp = export_create(xp, is_export!=1))) {
> + if(xp->e_hostname) {
> + free(xp->e_hostname);
> + xp->e_hostname=NULL;
> + }
> + if(xp->e_uuid) {
> + free(xp->e_uuid);
> + xp->e_uuid=NULL;
> + }
> continue;
> }
> switch (is_export) {
> @@ -62,7 +70,16 @@ xtab_read(char *xtab, char *lockfn, int is_export)
> if ((xp->e_flags & NFSEXP_FSID) && xp->e_fsid == 0)
> v4root_needed = 0;
> break;
> - }
> + }
> + if(xp->e_hostname) {
> + free(xp->e_hostname);
> + xp->e_hostname=NULL;
> + }
> + if(xp->e_uuid) {
> + free(xp->e_uuid);
> + xp->e_uuid=NULL;
> + }
> +
> }
> endexportent();
> xfunlock(lockid);
> diff --git a/support/nfs/exports.c b/support/nfs/exports.c
> index 5f4cb95..a7582ca 100644
> --- a/support/nfs/exports.c
> +++ b/support/nfs/exports.c
> @@ -179,9 +179,20 @@ getexportent(int fromkernel, int fromexports)
> }
> ee.e_hostname = xstrdup(hostname);
>
> - if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0)
> - return NULL;
> + if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) {
> + if(ee.e_hostname)
> + {
> + xfree(ee.e_hostname);
> + ee.e_hostname=NULL;
> + }
> + if(ee.e_uuid)
> + {
> + xfree(ee.e_uuid);
> + ee.e_uuid=NULL;
> + }
>
> + return NULL;
> + }
> /* resolve symlinks */
> if (realpath(ee.e_path, rpath) != NULL) {
> rpath[sizeof (rpath) - 1] = '\0';
>