1*4882a593SmuzhiyunFrom 178ac5107389f8e5b32489d743d6824a5ebf342a Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Darren Kenny <darren.kenny@oracle.com> 3*4882a593SmuzhiyunDate: Thu, 26 Nov 2020 12:48:07 +0000 4*4882a593SmuzhiyunSubject: [PATCH] affs: Fix memory leaks 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunThe node structure reference is being allocated but not freed if it 7*4882a593Smuzhiyunreaches the end of the function. If any of the hooks had returned 8*4882a593Smuzhiyuna non-zero value, then node would have been copied in to the context 9*4882a593Smuzhiyunreference, but otherwise node is not stored and should be freed. 10*4882a593Smuzhiyun 11*4882a593SmuzhiyunSimilarly, the call to grub_affs_create_node() replaces the allocated 12*4882a593Smuzhiyunmemory in node with a newly allocated structure, leaking the existing 13*4882a593Smuzhiyunmemory pointed by node. 14*4882a593Smuzhiyun 15*4882a593SmuzhiyunFinally, when dir->parent is set, then we again replace node with newly 16*4882a593Smuzhiyunallocated memory, which seems unnecessary when we copy in the values 17*4882a593Smuzhiyunfrom dir->parent immediately after. 18*4882a593Smuzhiyun 19*4882a593SmuzhiyunFixes: CID 73759 20*4882a593Smuzhiyun 21*4882a593SmuzhiyunSigned-off-by: Darren Kenny <darren.kenny@oracle.com> 22*4882a593SmuzhiyunReviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 23*4882a593SmuzhiyunSigned-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> 24*4882a593Smuzhiyun--- 25*4882a593Smuzhiyun grub-core/fs/affs.c | 18 ++++++++---------- 26*4882a593Smuzhiyun 1 file changed, 8 insertions(+), 10 deletions(-) 27*4882a593Smuzhiyun 28*4882a593Smuzhiyundiff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c 29*4882a593Smuzhiyunindex 220b371..230e26a 100644 30*4882a593Smuzhiyun--- a/grub-core/fs/affs.c 31*4882a593Smuzhiyun+++ b/grub-core/fs/affs.c 32*4882a593Smuzhiyun@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, 33*4882a593Smuzhiyun { 34*4882a593Smuzhiyun unsigned int i; 35*4882a593Smuzhiyun struct grub_affs_file file; 36*4882a593Smuzhiyun- struct grub_fshelp_node *node = 0; 37*4882a593Smuzhiyun+ struct grub_fshelp_node *node, *orig_node; 38*4882a593Smuzhiyun struct grub_affs_data *data = dir->data; 39*4882a593Smuzhiyun grub_uint32_t *hashtable; 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun /* Create the directory entries for `.' and `..'. */ 42*4882a593Smuzhiyun- node = grub_zalloc (sizeof (*node)); 43*4882a593Smuzhiyun+ node = orig_node = grub_zalloc (sizeof (*node)); 44*4882a593Smuzhiyun if (!node) 45*4882a593Smuzhiyun return 1; 46*4882a593Smuzhiyun 47*4882a593Smuzhiyun@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, 48*4882a593Smuzhiyun return 1; 49*4882a593Smuzhiyun if (dir->parent) 50*4882a593Smuzhiyun { 51*4882a593Smuzhiyun- node = grub_zalloc (sizeof (*node)); 52*4882a593Smuzhiyun- if (!node) 53*4882a593Smuzhiyun- return 1; 54*4882a593Smuzhiyun *node = *dir->parent; 55*4882a593Smuzhiyun if (hook ("..", GRUB_FSHELP_DIR, node, hook_data)) 56*4882a593Smuzhiyun return 1; 57*4882a593Smuzhiyun@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, 58*4882a593Smuzhiyun 59*4882a593Smuzhiyun if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable, 60*4882a593Smuzhiyun next, &file)) 61*4882a593Smuzhiyun- return 1; 62*4882a593Smuzhiyun+ { 63*4882a593Smuzhiyun+ /* Node has been replaced in function. */ 64*4882a593Smuzhiyun+ grub_free (orig_node); 65*4882a593Smuzhiyun+ return 1; 66*4882a593Smuzhiyun+ } 67*4882a593Smuzhiyun 68*4882a593Smuzhiyun next = grub_be_to_cpu32 (file.next); 69*4882a593Smuzhiyun } 70*4882a593Smuzhiyun } 71*4882a593Smuzhiyun 72*4882a593Smuzhiyun- grub_free (hashtable); 73*4882a593Smuzhiyun- return 0; 74*4882a593Smuzhiyun- 75*4882a593Smuzhiyun fail: 76*4882a593Smuzhiyun- grub_free (node); 77*4882a593Smuzhiyun+ grub_free (orig_node); 78*4882a593Smuzhiyun grub_free (hashtable); 79*4882a593Smuzhiyun return 0; 80*4882a593Smuzhiyun } 81*4882a593Smuzhiyun-- 82*4882a593Smuzhiyun2.14.2 83*4882a593Smuzhiyun 84