backport patchs to fix memory leak
backport patchs to fix memory leak Signed-off-by: hurricane618 <hurricane618@hotmail.com>
This commit is contained in:
hurricane618
parent
ce69908d14
commit
5ed2d22ec2
87
Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch
Normal file
87
Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch
Normal file
@ -0,0 +1,87 @@
|
||||
From 2ff0256c1ca0bfb1e119fc419d2a9c3e7a48fc22 Mon Sep 17 00:00:00 2001
|
||||
From: yieux <yangxy79315@sina.com>
|
||||
Date: Wed, 20 Dec 2023 15:31:22 +0800
|
||||
Subject: [PATCH] bug fix memory leak in sc analyze unit
|
||||
|
||||
---
|
||||
.../analyze_unit/secDetector_save_check.c | 24 +++++++++++++------
|
||||
1 file changed, 17 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/kerneldriver/core/analyze_unit/secDetector_save_check.c b/kerneldriver/core/analyze_unit/secDetector_save_check.c
|
||||
index 4a5f689..788de3e 100644
|
||||
--- a/kerneldriver/core/analyze_unit/secDetector_save_check.c
|
||||
+++ b/kerneldriver/core/analyze_unit/secDetector_save_check.c
|
||||
@@ -38,6 +38,11 @@ static int init_analyze_status_data_sc(analyze_status_t *analyze_status_data, in
|
||||
return 0;
|
||||
}
|
||||
analyze_status_data->sc_data.data = kmalloc(sizeof(unsigned long long) * len, GFP_KERNEL);
|
||||
+ if (analyze_status_data->sc_data.data == NULL) {
|
||||
+ pr_err("kmalloc failed");
|
||||
+ return -ENOMEM;
|
||||
+ }
|
||||
+ analyze_status_data->sc_data.data_type = ANALYZE_STATUS_SAVE_CHECK;
|
||||
analyze_status_data->sc_data.len = len;
|
||||
return 0;
|
||||
}
|
||||
@@ -51,6 +56,7 @@ void free_analyze_status_data_sc(analyze_status_t *analyze_status_data)
|
||||
|
||||
static int analyze_save_check_init(struct list_head *collect_data_list, analyze_status_t *analyze_status_data, response_data_t *response_data)
|
||||
{
|
||||
+ int ret = 0;
|
||||
int data_index = 0;
|
||||
struct collect_data *cd;
|
||||
list_for_each_entry(cd, collect_data_list, list) {
|
||||
@@ -58,7 +64,9 @@ static int analyze_save_check_init(struct list_head *collect_data_list, analyze_
|
||||
continue;
|
||||
data_index++;
|
||||
}
|
||||
- init_analyze_status_data_sc(analyze_status_data, data_index);
|
||||
+ ret = init_analyze_status_data_sc(analyze_status_data, data_index);
|
||||
+ if (ret < 0)
|
||||
+ return ret;
|
||||
|
||||
data_index = 0;
|
||||
list_for_each_entry(cd, collect_data_list, list) {
|
||||
@@ -89,7 +97,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
|
||||
unsigned long long measure_value;
|
||||
struct collect_data *cd;
|
||||
char *timestamp = NULL;
|
||||
- int timestamp_len;
|
||||
+ int timestamp_len = 0;
|
||||
char **response_arrays;
|
||||
int response_array_index = 0;
|
||||
char int_str[MAX_DIGITS];
|
||||
@@ -124,7 +132,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
|
||||
break;
|
||||
}
|
||||
if (measure_value != analyze_status_data->sc_data.data[data_index]) {
|
||||
- pr_warn("[save_check]%s: original: %llu; now: %llu.!\n",
|
||||
+ pr_debug("[save_check]%s: original: %llu; now: %llu.!\n",
|
||||
cd->name, analyze_status_data->sc_data.data[data_index], measure_value);
|
||||
response_arrays[response_array_index] = kzalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL);
|
||||
if (response_arrays[response_array_index] == NULL) {
|
||||
@@ -162,15 +170,17 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
|
||||
ret = -ENOMEM;
|
||||
goto end;
|
||||
}
|
||||
- if (timestamp_len > 0) {
|
||||
- strncat(response_data->report_data.text, timestamp, timestamp_len);
|
||||
- kfree(timestamp);
|
||||
- }
|
||||
+
|
||||
for (i = 0; i < response_array_index; i++)
|
||||
strncat(response_data->report_data.text, response_arrays[i], strlen(response_arrays[i]));
|
||||
strcat(response_data->report_data.text, "\n");
|
||||
}
|
||||
+
|
||||
end:
|
||||
+ if (timestamp_len > 0) {
|
||||
+ strncat(response_data->report_data.text, timestamp, timestamp_len);
|
||||
+ kfree(timestamp);
|
||||
+}
|
||||
for (i = 0; i < response_array_index; i++)
|
||||
kfree(response_arrays[i]);
|
||||
kfree(response_arrays);
|
||||
--
|
||||
2.33.0
|
||||
|
||||
64
Backport-fix-memory-leak-in-program_action.patch
Normal file
64
Backport-fix-memory-leak-in-program_action.patch
Normal file
@ -0,0 +1,64 @@
|
||||
From aaed2290507cac0878c93aa550664875d5875a6b Mon Sep 17 00:00:00 2001
|
||||
From: hurricane618 <hurricane618@hotmail.com>
|
||||
Date: Wed, 20 Dec 2023 20:17:33 +0800
|
||||
Subject: [PATCH] fix memory leak in program_action
|
||||
|
||||
1. free path data
|
||||
2. free pi in error branch
|
||||
|
||||
Signed-off-by: hurricane618 <hurricane618@hotmail.com>
|
||||
---
|
||||
.../cases/program_action/secDetector_program_action.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/kerneldriver/cases/program_action/secDetector_program_action.c b/kerneldriver/cases/program_action/secDetector_program_action.c
|
||||
index 1f0749a..f571c08 100644
|
||||
--- a/kerneldriver/cases/program_action/secDetector_program_action.c
|
||||
+++ b/kerneldriver/cases/program_action/secDetector_program_action.c
|
||||
@@ -177,6 +177,9 @@ static struct process_info *get_common_process_info(struct task_struct *tsk, str
|
||||
if (get_task_root(tsk, &root) == 0) {
|
||||
pi->root = d_path(&root, pi->rootbuf, PATH_LEN);
|
||||
}
|
||||
+
|
||||
+ path_put(&root);
|
||||
+
|
||||
if (IS_ERR_OR_NULL(pi->root)) {
|
||||
pi->root = "invalid";
|
||||
}
|
||||
@@ -184,6 +187,9 @@ static struct process_info *get_common_process_info(struct task_struct *tsk, str
|
||||
if (get_task_cwd(tsk, &cwd) == 0) {
|
||||
pi->cwd = d_path(&cwd, pi->cwdbuf, PATH_LEN);
|
||||
}
|
||||
+
|
||||
+ path_put(&cwd);
|
||||
+
|
||||
if (IS_ERR_OR_NULL(pi->cwd)) {
|
||||
pi->cwd = "invalid";
|
||||
}
|
||||
@@ -258,6 +264,7 @@ static int ptrace_attach_pre_handler(struct secDetector_workflow *wf,
|
||||
#endif
|
||||
if (!attach_task) {
|
||||
pr_err("ptrace_attach input task_struct error or arch don't support\n");
|
||||
+ put_common_process_info(pi);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -269,6 +276,7 @@ static int ptrace_attach_pre_handler(struct secDetector_workflow *wf,
|
||||
if (!log.report_data.text) {
|
||||
pr_err("log.report_data.text kzalloc failed!\n");
|
||||
kfree(timestamp);
|
||||
+ put_common_process_info(pi);
|
||||
return 0;
|
||||
}
|
||||
snprintf(log.report_data.text, BUF_SIZE,
|
||||
@@ -304,6 +312,7 @@ static int do_pipe2_pre_handler(struct secDetector_workflow *wf,
|
||||
if (!log.report_data.text) {
|
||||
pr_err("log.report_data.text kzalloc failed!\n");
|
||||
kfree(timestamp);
|
||||
+ put_common_process_info(pi);
|
||||
return 0;
|
||||
}
|
||||
snprintf(log.report_data.text, BUF_SIZE,
|
||||
--
|
||||
2.33.0
|
||||
|
||||
65
Backport-fix-the-memory-leak-in-collect-unit.patch
Normal file
65
Backport-fix-the-memory-leak-in-collect-unit.patch
Normal file
@ -0,0 +1,65 @@
|
||||
From fb0b9eeccc697b2b8935ed5a643ef30efaad19f7 Mon Sep 17 00:00:00 2001
|
||||
From: yieux <yangxy79315@sina.com>
|
||||
Date: Mon, 18 Dec 2023 09:28:15 +0800
|
||||
Subject: [PATCH] fix the memory leak in collect unit
|
||||
|
||||
---
|
||||
.../core/analyze_unit/secDetector_save_check.c | 13 +++++++------
|
||||
.../core/collect_unit/secDetector_collect.c | 1 +
|
||||
2 files changed, 8 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/kerneldriver/core/analyze_unit/secDetector_save_check.c b/kerneldriver/core/analyze_unit/secDetector_save_check.c
|
||||
index 0ab40ce..4a5f689 100644
|
||||
--- a/kerneldriver/core/analyze_unit/secDetector_save_check.c
|
||||
+++ b/kerneldriver/core/analyze_unit/secDetector_save_check.c
|
||||
@@ -124,7 +124,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
|
||||
break;
|
||||
}
|
||||
if (measure_value != analyze_status_data->sc_data.data[data_index]) {
|
||||
- pr_debug("[save_check]%s: original: %lld; now: %lld.!\n",
|
||||
+ pr_warn("[save_check]%s: original: %llu; now: %llu.!\n",
|
||||
cd->name, analyze_status_data->sc_data.data[data_index], measure_value);
|
||||
response_arrays[response_array_index] = kzalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL);
|
||||
if (response_arrays[response_array_index] == NULL) {
|
||||
@@ -136,13 +136,13 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
|
||||
strcpy(response_arrays[response_array_index], " secswitch_name=");
|
||||
//应该有 workflow的名字
|
||||
strncat(response_arrays[response_array_index], cd->name, strlen(cd->name));
|
||||
- strcat(response_arrays[response_array_index]," old_value=");
|
||||
- sprintf(int_str, "%lld", analyze_status_data->sc_data.data[data_index]);
|
||||
+ strcat(response_arrays[response_array_index], " old_value=");
|
||||
+ sprintf(int_str, "%llu", analyze_status_data->sc_data.data[data_index]);
|
||||
strncat(response_arrays[response_array_index], int_str, strlen(int_str));
|
||||
- strcat(response_arrays[response_array_index]," new_value=");
|
||||
- sprintf(int_str, "%lld", measure_value);
|
||||
+ strcat(response_arrays[response_array_index], " new_value=");
|
||||
+ sprintf(int_str, "%llu", measure_value);
|
||||
strncat(response_arrays[response_array_index], int_str, strlen(int_str));
|
||||
- strcat(response_arrays[response_array_index],".\n");
|
||||
+ strcat(response_arrays[response_array_index], ".");
|
||||
|
||||
response_data_char_len += strlen(response_arrays[response_array_index]);
|
||||
ret = RESPONSE_REPORT;
|
||||
@@ -168,6 +168,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
|
||||
}
|
||||
for (i = 0; i < response_array_index; i++)
|
||||
strncat(response_data->report_data.text, response_arrays[i], strlen(response_arrays[i]));
|
||||
+ strcat(response_data->report_data.text, "\n");
|
||||
}
|
||||
end:
|
||||
for (i = 0; i < response_array_index; i++)
|
||||
diff --git a/kerneldriver/core/collect_unit/secDetector_collect.c b/kerneldriver/core/collect_unit/secDetector_collect.c
|
||||
index c04dd33..2240577 100644
|
||||
--- a/kerneldriver/core/collect_unit/secDetector_collect.c
|
||||
+++ b/kerneldriver/core/collect_unit/secDetector_collect.c
|
||||
@@ -32,6 +32,7 @@ struct collect_data *init_collect_data(const char *name)
|
||||
cd->name = kmalloc(nl + 1, GFP_KERNEL);
|
||||
if (cd->name == NULL) {
|
||||
pr_err("kmalloc failed");
|
||||
+ kfree(cd);
|
||||
return NULL;
|
||||
}
|
||||
strncpy(cd->name, name, nl);
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
Name : secDetector
|
||||
Summary : OS Security Intrusion Detection System
|
||||
Version : 1.0
|
||||
Release : 12
|
||||
Release : 13
|
||||
License : GPL-2.0
|
||||
Source0 : %{name}-v%{version}.tar.gz
|
||||
BuildRequires: kernel-devel kernel-headers
|
||||
@ -43,6 +43,9 @@ Patch0026: Backport-modify-for-secReadFrom-error.patch
|
||||
Patch0027: Backport-fix-invalid-TUF-8-data-in-memory-corruption-module.patch
|
||||
Patch0028: Backport-set-cmake-minimum-required-to-VERSION-3.22.patch
|
||||
Patch0029: Backport-grpc-fix-coredump-in-Publish.patch
|
||||
Patch0030: Backport-fix-the-memory-leak-in-collect-unit.patch
|
||||
Patch0031: Backport-fix-memory-leak-in-program_action.patch
|
||||
Patch0032: Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch
|
||||
|
||||
%description
|
||||
OS Security Intrusion Detection System
|
||||
@ -116,6 +119,9 @@ rm -rf %{buildroot}
|
||||
%attr(0644,root,root) /usr/include/secDetector/secDetector_topic.h
|
||||
|
||||
%changelog
|
||||
* Thu Dec 21 2023 hurricane618 <hurricane618@hotmail.com> 1.0-13
|
||||
- backport patchs to fix memory
|
||||
|
||||
* Thu Dec 14 2023 zcfsite <zhchf2010@126.com> 1.0-12
|
||||
- fix secReadFrom error,invalid TUF-8 data in mc module,publish coredump
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user