diff --git a/Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch b/Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch new file mode 100644 index 0000000..ab185be --- /dev/null +++ b/Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch @@ -0,0 +1,87 @@ +From 2ff0256c1ca0bfb1e119fc419d2a9c3e7a48fc22 Mon Sep 17 00:00:00 2001 +From: yieux +Date: Wed, 20 Dec 2023 15:31:22 +0800 +Subject: [PATCH] bug fix memory leak in sc analyze unit + +--- + .../analyze_unit/secDetector_save_check.c | 24 +++++++++++++------ + 1 file changed, 17 insertions(+), 7 deletions(-) + +diff --git a/kerneldriver/core/analyze_unit/secDetector_save_check.c b/kerneldriver/core/analyze_unit/secDetector_save_check.c +index 4a5f689..788de3e 100644 +--- a/kerneldriver/core/analyze_unit/secDetector_save_check.c ++++ b/kerneldriver/core/analyze_unit/secDetector_save_check.c +@@ -38,6 +38,11 @@ static int init_analyze_status_data_sc(analyze_status_t *analyze_status_data, in + return 0; + } + analyze_status_data->sc_data.data = kmalloc(sizeof(unsigned long long) * len, GFP_KERNEL); ++ if (analyze_status_data->sc_data.data == NULL) { ++ pr_err("kmalloc failed"); ++ return -ENOMEM; ++ } ++ analyze_status_data->sc_data.data_type = ANALYZE_STATUS_SAVE_CHECK; + analyze_status_data->sc_data.len = len; + return 0; + } +@@ -51,6 +56,7 @@ void free_analyze_status_data_sc(analyze_status_t *analyze_status_data) + + static int analyze_save_check_init(struct list_head *collect_data_list, analyze_status_t *analyze_status_data, response_data_t *response_data) + { ++ int ret = 0; + int data_index = 0; + struct collect_data *cd; + list_for_each_entry(cd, collect_data_list, list) { +@@ -58,7 +64,9 @@ static int analyze_save_check_init(struct list_head *collect_data_list, analyze_ + continue; + data_index++; + } +- init_analyze_status_data_sc(analyze_status_data, data_index); ++ ret = init_analyze_status_data_sc(analyze_status_data, data_index); ++ if (ret < 0) ++ return ret; + + data_index = 0; + list_for_each_entry(cd, collect_data_list, list) { +@@ -89,7 +97,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz + unsigned long long measure_value; + struct collect_data *cd; + char *timestamp = NULL; +- int timestamp_len; ++ int timestamp_len = 0; + char **response_arrays; + int response_array_index = 0; + char int_str[MAX_DIGITS]; +@@ -124,7 +132,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz + break; + } + if (measure_value != analyze_status_data->sc_data.data[data_index]) { +- pr_warn("[save_check]%s: original: %llu; now: %llu.!\n", ++ pr_debug("[save_check]%s: original: %llu; now: %llu.!\n", + cd->name, analyze_status_data->sc_data.data[data_index], measure_value); + response_arrays[response_array_index] = kzalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL); + if (response_arrays[response_array_index] == NULL) { +@@ -162,15 +170,17 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz + ret = -ENOMEM; + goto end; + } +- if (timestamp_len > 0) { +- strncat(response_data->report_data.text, timestamp, timestamp_len); +- kfree(timestamp); +- } ++ + for (i = 0; i < response_array_index; i++) + strncat(response_data->report_data.text, response_arrays[i], strlen(response_arrays[i])); + strcat(response_data->report_data.text, "\n"); + } ++ + end: ++ if (timestamp_len > 0) { ++ strncat(response_data->report_data.text, timestamp, timestamp_len); ++ kfree(timestamp); ++} + for (i = 0; i < response_array_index; i++) + kfree(response_arrays[i]); + kfree(response_arrays); +-- +2.33.0 + diff --git a/Backport-fix-memory-leak-in-program_action.patch b/Backport-fix-memory-leak-in-program_action.patch new file mode 100644 index 0000000..23990b1 --- /dev/null +++ b/Backport-fix-memory-leak-in-program_action.patch @@ -0,0 +1,64 @@ +From aaed2290507cac0878c93aa550664875d5875a6b Mon Sep 17 00:00:00 2001 +From: hurricane618 +Date: Wed, 20 Dec 2023 20:17:33 +0800 +Subject: [PATCH] fix memory leak in program_action + +1. free path data +2. free pi in error branch + +Signed-off-by: hurricane618 +--- + .../cases/program_action/secDetector_program_action.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/kerneldriver/cases/program_action/secDetector_program_action.c b/kerneldriver/cases/program_action/secDetector_program_action.c +index 1f0749a..f571c08 100644 +--- a/kerneldriver/cases/program_action/secDetector_program_action.c ++++ b/kerneldriver/cases/program_action/secDetector_program_action.c +@@ -177,6 +177,9 @@ static struct process_info *get_common_process_info(struct task_struct *tsk, str + if (get_task_root(tsk, &root) == 0) { + pi->root = d_path(&root, pi->rootbuf, PATH_LEN); + } ++ ++ path_put(&root); ++ + if (IS_ERR_OR_NULL(pi->root)) { + pi->root = "invalid"; + } +@@ -184,6 +187,9 @@ static struct process_info *get_common_process_info(struct task_struct *tsk, str + if (get_task_cwd(tsk, &cwd) == 0) { + pi->cwd = d_path(&cwd, pi->cwdbuf, PATH_LEN); + } ++ ++ path_put(&cwd); ++ + if (IS_ERR_OR_NULL(pi->cwd)) { + pi->cwd = "invalid"; + } +@@ -258,6 +264,7 @@ static int ptrace_attach_pre_handler(struct secDetector_workflow *wf, + #endif + if (!attach_task) { + pr_err("ptrace_attach input task_struct error or arch don't support\n"); ++ put_common_process_info(pi); + return 0; + } + +@@ -269,6 +276,7 @@ static int ptrace_attach_pre_handler(struct secDetector_workflow *wf, + if (!log.report_data.text) { + pr_err("log.report_data.text kzalloc failed!\n"); + kfree(timestamp); ++ put_common_process_info(pi); + return 0; + } + snprintf(log.report_data.text, BUF_SIZE, +@@ -304,6 +312,7 @@ static int do_pipe2_pre_handler(struct secDetector_workflow *wf, + if (!log.report_data.text) { + pr_err("log.report_data.text kzalloc failed!\n"); + kfree(timestamp); ++ put_common_process_info(pi); + return 0; + } + snprintf(log.report_data.text, BUF_SIZE, +-- +2.33.0 + diff --git a/Backport-fix-the-memory-leak-in-collect-unit.patch b/Backport-fix-the-memory-leak-in-collect-unit.patch new file mode 100644 index 0000000..b517c19 --- /dev/null +++ b/Backport-fix-the-memory-leak-in-collect-unit.patch @@ -0,0 +1,65 @@ +From fb0b9eeccc697b2b8935ed5a643ef30efaad19f7 Mon Sep 17 00:00:00 2001 +From: yieux +Date: Mon, 18 Dec 2023 09:28:15 +0800 +Subject: [PATCH] fix the memory leak in collect unit + +--- + .../core/analyze_unit/secDetector_save_check.c | 13 +++++++------ + .../core/collect_unit/secDetector_collect.c | 1 + + 2 files changed, 8 insertions(+), 6 deletions(-) + +diff --git a/kerneldriver/core/analyze_unit/secDetector_save_check.c b/kerneldriver/core/analyze_unit/secDetector_save_check.c +index 0ab40ce..4a5f689 100644 +--- a/kerneldriver/core/analyze_unit/secDetector_save_check.c ++++ b/kerneldriver/core/analyze_unit/secDetector_save_check.c +@@ -124,7 +124,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz + break; + } + if (measure_value != analyze_status_data->sc_data.data[data_index]) { +- pr_debug("[save_check]%s: original: %lld; now: %lld.!\n", ++ pr_warn("[save_check]%s: original: %llu; now: %llu.!\n", + cd->name, analyze_status_data->sc_data.data[data_index], measure_value); + response_arrays[response_array_index] = kzalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL); + if (response_arrays[response_array_index] == NULL) { +@@ -136,13 +136,13 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz + strcpy(response_arrays[response_array_index], " secswitch_name="); + //应该有 workflow的名字 + strncat(response_arrays[response_array_index], cd->name, strlen(cd->name)); +- strcat(response_arrays[response_array_index]," old_value="); +- sprintf(int_str, "%lld", analyze_status_data->sc_data.data[data_index]); ++ strcat(response_arrays[response_array_index], " old_value="); ++ sprintf(int_str, "%llu", analyze_status_data->sc_data.data[data_index]); + strncat(response_arrays[response_array_index], int_str, strlen(int_str)); +- strcat(response_arrays[response_array_index]," new_value="); +- sprintf(int_str, "%lld", measure_value); ++ strcat(response_arrays[response_array_index], " new_value="); ++ sprintf(int_str, "%llu", measure_value); + strncat(response_arrays[response_array_index], int_str, strlen(int_str)); +- strcat(response_arrays[response_array_index],".\n"); ++ strcat(response_arrays[response_array_index], "."); + + response_data_char_len += strlen(response_arrays[response_array_index]); + ret = RESPONSE_REPORT; +@@ -168,6 +168,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz + } + for (i = 0; i < response_array_index; i++) + strncat(response_data->report_data.text, response_arrays[i], strlen(response_arrays[i])); ++ strcat(response_data->report_data.text, "\n"); + } + end: + for (i = 0; i < response_array_index; i++) +diff --git a/kerneldriver/core/collect_unit/secDetector_collect.c b/kerneldriver/core/collect_unit/secDetector_collect.c +index c04dd33..2240577 100644 +--- a/kerneldriver/core/collect_unit/secDetector_collect.c ++++ b/kerneldriver/core/collect_unit/secDetector_collect.c +@@ -32,6 +32,7 @@ struct collect_data *init_collect_data(const char *name) + cd->name = kmalloc(nl + 1, GFP_KERNEL); + if (cd->name == NULL) { + pr_err("kmalloc failed"); ++ kfree(cd); + return NULL; + } + strncpy(cd->name, name, nl); +-- +2.33.0 + diff --git a/secDetector.spec b/secDetector.spec index e56806f..4d0f722 100644 --- a/secDetector.spec +++ b/secDetector.spec @@ -5,7 +5,7 @@ Name : secDetector Summary : OS Security Intrusion Detection System Version : 1.0 -Release : 12 +Release : 13 License : GPL-2.0 Source0 : %{name}-v%{version}.tar.gz BuildRequires: kernel-devel kernel-headers @@ -43,6 +43,9 @@ Patch0026: Backport-modify-for-secReadFrom-error.patch Patch0027: Backport-fix-invalid-TUF-8-data-in-memory-corruption-module.patch Patch0028: Backport-set-cmake-minimum-required-to-VERSION-3.22.patch Patch0029: Backport-grpc-fix-coredump-in-Publish.patch +Patch0030: Backport-fix-the-memory-leak-in-collect-unit.patch +Patch0031: Backport-fix-memory-leak-in-program_action.patch +Patch0032: Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch %description OS Security Intrusion Detection System @@ -116,6 +119,9 @@ rm -rf %{buildroot} %attr(0644,root,root) /usr/include/secDetector/secDetector_topic.h %changelog +* Thu Dec 21 2023 hurricane618 1.0-13 +- backport patchs to fix memory + * Thu Dec 14 2023 zcfsite 1.0-12 - fix secReadFrom error,invalid TUF-8 data in mc module,publish coredump