Re: [PATCH] rpc.mountd: Fix e_hostname and e_uuid leaks reported in bz1711210

Steve Dickson <SteveD@xxxxxxxxxx> · Thu, 23 May 2019 09:43:51 -0400



On 5/23/19 1:47 AM, Nikhil Kshirsagar wrote:
> strdup of exportent uuid and hostname in getexportent() ends up leaking
> memory. Free the memory before getexportent() is called again from xtab_read()
> 
> Signed-off-by: Nikhil Kshirsagar <nkshirsa@xxxxxxxxxx>
Committed... 

steved.
> ---
>  support/export/xtab.c | 19 ++++++++++++++++++-
>  support/nfs/exports.c | 15 +++++++++++++--
>  2 files changed, 31 insertions(+), 3 deletions(-)
> 
> diff --git a/support/export/xtab.c b/support/export/xtab.c
> index d42eeef..1e1d679 100644
> --- a/support/export/xtab.c
> +++ b/support/export/xtab.c
> @@ -50,6 +50,14 @@ xtab_read(char *xtab, char *lockfn, int is_export)
>  	while ((xp = getexportent(is_export==0, 0)) != NULL) {
>  		if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) &&
>  		    !(exp = export_create(xp, is_export!=1))) {
> +                        if(xp->e_hostname) {
> +                            free(xp->e_hostname);
> +                            xp->e_hostname=NULL;
> +                        }
> +                        if(xp->e_uuid) {
> +                            free(xp->e_uuid);
> +                            xp->e_uuid=NULL;
> +                        }
>  			continue;
>  		}
>  		switch (is_export) {
> @@ -62,7 +70,16 @@ xtab_read(char *xtab, char *lockfn, int is_export)
>  			if ((xp->e_flags & NFSEXP_FSID) && xp->e_fsid == 0)
>  				v4root_needed = 0;
>  			break;
> -		}
> +		}  
> +                if(xp->e_hostname) {
> +                    free(xp->e_hostname);
> +                    xp->e_hostname=NULL;
> +                }
> +                if(xp->e_uuid) {
> +                    free(xp->e_uuid);
> +                    xp->e_uuid=NULL;
> +                }
> +
>  	}
>  	endexportent();
>  	xfunlock(lockid);
> diff --git a/support/nfs/exports.c b/support/nfs/exports.c
> index 5f4cb95..a7582ca 100644
> --- a/support/nfs/exports.c
> +++ b/support/nfs/exports.c
> @@ -179,9 +179,20 @@ getexportent(int fromkernel, int fromexports)
>  	}
>  	ee.e_hostname = xstrdup(hostname);
>  
> -	if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0)
> -		return NULL;
> +	if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) {
> +                if(ee.e_hostname)
> +                {
> +                    xfree(ee.e_hostname);
> +                    ee.e_hostname=NULL;
> +                }
> +                if(ee.e_uuid)
> +                {
> +                    xfree(ee.e_uuid);
> +                    ee.e_uuid=NULL;
> +                }
>  
> +		return NULL;
> +        }
>  	/* resolve symlinks */
>  	if (realpath(ee.e_path, rpath) != NULL) {
>  		rpath[sizeof (rpath) - 1] = '\0';
>