280 lines
6.7 KiB
Diff
280 lines
6.7 KiB
Diff
From 7691f5c4a87d5fbc0f48fa96bba70b4ab9b52c65 Mon Sep 17 00:00:00 2001
|
|
From: yangjiaqi <yangjiaqi16@huawei.com>
|
|
Date: Thu, 25 Nov 2021 14:45:12 +0800
|
|
Subject: [PATCH 07/17] set-null-after-free
|
|
|
|
---
|
|
src/cgroup_fuse.c | 26 +++++++++++++++++++++-----
|
|
src/cgroups/cgfsng.c | 5 ++++-
|
|
src/cgroups/cgroup_utils.c | 4 +++-
|
|
src/lxcfs.c | 4 ++++
|
|
src/memory_utils.h | 4 +++-
|
|
src/proc_loadavg.c | 5 ++++-
|
|
6 files changed, 39 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/src/cgroup_fuse.c b/src/cgroup_fuse.c
|
|
index 5c22fd1..b396bbc 100644
|
|
--- a/src/cgroup_fuse.c
|
|
+++ b/src/cgroup_fuse.c
|
|
@@ -179,7 +179,7 @@ static bool is_child_cgroup(const char *controller, const char *cgroup,
|
|
static bool caller_may_see_dir(pid_t pid, const char *contrl, const char *cg)
|
|
{
|
|
bool answer = false;
|
|
- char *c2, *task_cg;
|
|
+ char *c2 = NULL, *task_cg = NULL;
|
|
size_t target_len, task_len;
|
|
|
|
if (strcmp(cg, "/") == 0 || strcmp(cg, "./") == 0)
|
|
@@ -221,6 +221,7 @@ static bool caller_may_see_dir(pid_t pid, const char *contrl, const char *cg)
|
|
|
|
out:
|
|
free(c2);
|
|
+ c2 = NULL;
|
|
return answer;
|
|
}
|
|
|
|
@@ -260,8 +261,8 @@ static char *get_next_cgroup_dir(const char *taskcg, const char *querycg)
|
|
static bool caller_is_in_ancestor(pid_t pid, const char *contrl, const char *cg, char **nextcg)
|
|
{
|
|
bool answer = false;
|
|
- char *c2;
|
|
- char *linecmp;
|
|
+ char *c2 = NULL;
|
|
+ char *linecmp = NULL;
|
|
|
|
c2 = get_pid_cgroup_handle_named(pid, contrl);
|
|
if (!c2)
|
|
@@ -291,6 +292,7 @@ static bool caller_is_in_ancestor(pid_t pid, const char *contrl, const char *cg,
|
|
|
|
out:
|
|
free(c2);
|
|
+ c2 = NULL;
|
|
return answer;
|
|
}
|
|
|
|
@@ -612,6 +614,7 @@ __lxcfs_fuse_ops int cg_getattr(const char *path, struct stat *sb)
|
|
|
|
out:
|
|
free(cgdir);
|
|
+ cgdir = NULL;
|
|
return ret;
|
|
}
|
|
|
|
@@ -734,7 +737,9 @@ __lxcfs_fuse_ops int cg_mkdir(const char *path, mode_t mode)
|
|
|
|
out:
|
|
free(cgdir);
|
|
+ cgdir = NULL;
|
|
free(next);
|
|
+ next = NULL;
|
|
return ret;
|
|
}
|
|
|
|
@@ -869,7 +874,9 @@ __lxcfs_fuse_ops int cg_rmdir(const char *path)
|
|
|
|
out:
|
|
free(cgdir);
|
|
+ cgdir = NULL;
|
|
free(next);
|
|
+ next = NULL;
|
|
return ret;
|
|
}
|
|
|
|
@@ -958,6 +965,7 @@ __lxcfs_fuse_ops int cg_chmod(const char *path, mode_t mode)
|
|
out:
|
|
free_key(k);
|
|
free(cgdir);
|
|
+ cgdir = NULL;
|
|
return ret;
|
|
}
|
|
|
|
@@ -1067,7 +1075,7 @@ __lxcfs_fuse_ops int cg_chown(const char *path, uid_t uid, gid_t gid)
|
|
out:
|
|
free_key(k);
|
|
free(cgdir);
|
|
-
|
|
+ cgdir = NULL;
|
|
return ret;
|
|
}
|
|
|
|
@@ -1139,6 +1147,7 @@ __lxcfs_fuse_ops int cg_open(const char *path, struct fuse_file_info *fi)
|
|
|
|
out:
|
|
free(cgdir);
|
|
+ cgdir = NULL;
|
|
return ret;
|
|
}
|
|
|
|
@@ -1280,6 +1289,7 @@ static bool do_read_pids(pid_t tpid, const char *contrl, const char *cg,
|
|
if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sock) < 0) {
|
|
perror("socketpair");
|
|
free(tmpdata);
|
|
+ tmpdata = NULL;
|
|
return false;
|
|
}
|
|
|
|
@@ -1331,6 +1341,7 @@ next:
|
|
|
|
out:
|
|
free(tmpdata);
|
|
+ tmpdata = NULL;
|
|
if (cpid != -1)
|
|
wait_for_pid(cpid);
|
|
if (sock[0] != -1) {
|
|
@@ -1408,6 +1419,7 @@ __lxcfs_fuse_ops int cg_read(const char *path, char *buf, size_t size,
|
|
|
|
out:
|
|
free(data);
|
|
+ data = NULL;
|
|
return ret;
|
|
}
|
|
|
|
@@ -1989,6 +2001,7 @@ __lxcfs_fuse_ops int cg_readdir(const char *path, void *buf,
|
|
if (nextcg) {
|
|
ret = DIR_FILLER(filler, buf, nextcg, NULL, 0);
|
|
free(nextcg);
|
|
+ nextcg = NULL;
|
|
if (ret != 0) {
|
|
ret = -EIO;
|
|
goto out;
|
|
@@ -2024,8 +2037,10 @@ __lxcfs_fuse_ops int cg_readdir(const char *path, void *buf,
|
|
out:
|
|
free_keys(list);
|
|
if (clist) {
|
|
- for (i = 0; clist[i]; i++)
|
|
+ for (i = 0; clist[i]; i++) {
|
|
free(clist[i]);
|
|
+ clist[i] = NULL;
|
|
+ }
|
|
free(clist);
|
|
}
|
|
return ret;
|
|
@@ -2095,5 +2110,6 @@ __lxcfs_fuse_ops int cg_access(const char *path, int mode)
|
|
|
|
out:
|
|
free(cgdir);
|
|
+ cgdir = NULL;
|
|
return ret;
|
|
}
|
|
diff --git a/src/cgroups/cgfsng.c b/src/cgroups/cgfsng.c
|
|
index 3eb4227..781923c 100644
|
|
--- a/src/cgroups/cgfsng.c
|
|
+++ b/src/cgroups/cgfsng.c
|
|
@@ -875,7 +875,7 @@ static int cg_hybrid_init(struct cgroup_ops *ops)
|
|
prune_init_scope(base_cgroup);
|
|
|
|
if (type == CGROUP2_SUPER_MAGIC) {
|
|
- char *cgv2_ctrl_path;
|
|
+ char *cgv2_ctrl_path = NULL;
|
|
|
|
cgv2_ctrl_path = must_make_path(mountpoint, base_cgroup,
|
|
"cgroup.controllers",
|
|
@@ -883,6 +883,7 @@ static int cg_hybrid_init(struct cgroup_ops *ops)
|
|
|
|
controller_list = cg_unified_get_controllers(cgv2_ctrl_path);
|
|
free(cgv2_ctrl_path);
|
|
+ cgv2_ctrl_path = NULL;
|
|
if (!controller_list)
|
|
controller_list = cg_unified_make_empty_controller();
|
|
}
|
|
@@ -897,7 +898,9 @@ static int cg_hybrid_init(struct cgroup_ops *ops)
|
|
next:
|
|
free_string_list(controller_list);
|
|
free(mountpoint);
|
|
+ mountpoint = NULL;
|
|
free(base_cgroup);
|
|
+ base_cgroup = NULL;
|
|
}
|
|
|
|
free_string_list(klist);
|
|
diff --git a/src/cgroups/cgroup_utils.c b/src/cgroups/cgroup_utils.c
|
|
index 1224971..d32a520 100644
|
|
--- a/src/cgroups/cgroup_utils.c
|
|
+++ b/src/cgroups/cgroup_utils.c
|
|
@@ -701,7 +701,7 @@ bool mkdir_p(const char *dir, mode_t mode)
|
|
{
|
|
const char *tmp = dir;
|
|
const char *orig = dir;
|
|
- char *makeme;
|
|
+ char *makeme = NULL;
|
|
|
|
do {
|
|
dir = tmp + strspn(tmp, "/");
|
|
@@ -713,9 +713,11 @@ bool mkdir_p(const char *dir, mode_t mode)
|
|
lxcfs_error("Failed to create directory '%s': %s.\n",
|
|
makeme, strerror(errno));
|
|
free(makeme);
|
|
+ makeme = NULL;
|
|
return false;
|
|
}
|
|
free(makeme);
|
|
+ makeme = NULL;
|
|
} while(tmp != dir);
|
|
|
|
return true;
|
|
diff --git a/src/lxcfs.c b/src/lxcfs.c
|
|
index e24ebed..361ce71 100644
|
|
--- a/src/lxcfs.c
|
|
+++ b/src/lxcfs.c
|
|
@@ -1237,10 +1237,12 @@ int main(int argc, char *argv[])
|
|
if (append_comma_separate(&new_fuse_opts, token)) {
|
|
lxcfs_error("Failed to copy fuse argument \"%s\"", token);
|
|
free(dup);
|
|
+ dup = NULL;
|
|
goto out;
|
|
}
|
|
}
|
|
free(dup);
|
|
+ dup = NULL;
|
|
}
|
|
|
|
if (append_comma_separate(&new_fuse_opts, "allow_other,entry_timeout=0.5,attr_timeout=0.5")) {
|
|
@@ -1306,7 +1308,9 @@ out:
|
|
if (pidfile)
|
|
unlink(pidfile);
|
|
free(new_fuse_opts);
|
|
+ new_fuse_opts = NULL;
|
|
free(opts);
|
|
+ opts = NULL;
|
|
close_prot_errno_disarm(pidfile_fd);
|
|
exit(ret);
|
|
}
|
|
diff --git a/src/memory_utils.h b/src/memory_utils.h
|
|
index c689c8e..a7e4a58 100644
|
|
--- a/src/memory_utils.h
|
|
+++ b/src/memory_utils.h
|
|
@@ -67,8 +67,10 @@ static inline void free_disarm_function(void *ptr)
|
|
static inline void free_string_list(char **list)
|
|
{
|
|
if (list) {
|
|
- for (int i = 0; list[i]; i++)
|
|
+ for (int i = 0; list[i]; i++) {
|
|
free(list[i]);
|
|
+ list[i] = NULL;
|
|
+ }
|
|
free_disarm(list);
|
|
}
|
|
}
|
|
diff --git a/src/proc_loadavg.c b/src/proc_loadavg.c
|
|
index 5f9bec7..c8daf35 100644
|
|
--- a/src/proc_loadavg.c
|
|
+++ b/src/proc_loadavg.c
|
|
@@ -436,10 +436,13 @@ static int refresh_load(struct load_node *p, const char *path)
|
|
p->last_pid = last_pid;
|
|
|
|
err_out:
|
|
- for (; i > 0; i--)
|
|
+ for (; i > 0; i--) {
|
|
free(idbuf[i - 1]);
|
|
+ idbuf[i - 1] = NULL;
|
|
+ }
|
|
out:
|
|
free(idbuf);
|
|
+ idbuf = NULL;
|
|
return sum;
|
|
}
|
|
|
|
--
|
|
2.27.0
|
|
|