xref: /OK3568_Linux_fs/buildroot/boot/grub2/0072-affs-Fix-memory-leaks.patch (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1From 178ac5107389f8e5b32489d743d6824a5ebf342a Mon Sep 17 00:00:00 2001
2From: Darren Kenny <darren.kenny@oracle.com>
3Date: Thu, 26 Nov 2020 12:48:07 +0000
4Subject: [PATCH] affs: Fix memory leaks
5
6The node structure reference is being allocated but not freed if it
7reaches the end of the function. If any of the hooks had returned
8a non-zero value, then node would have been copied in to the context
9reference, but otherwise node is not stored and should be freed.
10
11Similarly, the call to grub_affs_create_node() replaces the allocated
12memory in node with a newly allocated structure, leaking the existing
13memory pointed by node.
14
15Finally, when dir->parent is set, then we again replace node with newly
16allocated memory, which seems unnecessary when we copy in the values
17from dir->parent immediately after.
18
19Fixes: CID 73759
20
21Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
22Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
23Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
24---
25 grub-core/fs/affs.c | 18 ++++++++----------
26 1 file changed, 8 insertions(+), 10 deletions(-)
27
28diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
29index 220b371..230e26a 100644
30--- a/grub-core/fs/affs.c
31+++ b/grub-core/fs/affs.c
32@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
33 {
34   unsigned int i;
35   struct grub_affs_file file;
36-  struct grub_fshelp_node *node = 0;
37+  struct grub_fshelp_node *node, *orig_node;
38   struct grub_affs_data *data = dir->data;
39   grub_uint32_t *hashtable;
40
41   /* Create the directory entries for `.' and `..'.  */
42-  node = grub_zalloc (sizeof (*node));
43+  node = orig_node = grub_zalloc (sizeof (*node));
44   if (!node)
45     return 1;
46
47@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
48     return 1;
49   if (dir->parent)
50     {
51-      node = grub_zalloc (sizeof (*node));
52-      if (!node)
53-	return 1;
54       *node = *dir->parent;
55       if (hook ("..", GRUB_FSHELP_DIR, node, hook_data))
56 	return 1;
57@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
58
59 	  if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable,
60 				     next, &file))
61-	    return 1;
62+	    {
63+	      /* Node has been replaced in function. */
64+	      grub_free (orig_node);
65+	      return 1;
66+	    }
67
68 	  next = grub_be_to_cpu32 (file.next);
69 	}
70     }
71
72-  grub_free (hashtable);
73-  return 0;
74-
75  fail:
76-  grub_free (node);
77+  grub_free (orig_node);
78   grub_free (hashtable);
79   return 0;
80 }
81--
822.14.2
83
84