backport patchs to fix memory leak

backport patchs to fix memory leak

Signed-off-by: hurricane618 <hurricane618@hotmail.com>

Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch

@@ -0,0 +1,87 @@
+From 2ff0256c1ca0bfb1e119fc419d2a9c3e7a48fc22 Mon Sep 17 00:00:00 2001
+From: yieux <yangxy79315@sina.com>
+Date: Wed, 20 Dec 2023 15:31:22 +0800
+Subject: [PATCH] bug fix memory leak in sc analyze unit
+
+---
+ .../analyze_unit/secDetector_save_check.c     | 24 +++++++++++++------
+ 1 file changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/kerneldriver/core/analyze_unit/secDetector_save_check.c b/kerneldriver/core/analyze_unit/secDetector_save_check.c
+index 4a5f689..788de3e 100644
+--- a/kerneldriver/core/analyze_unit/secDetector_save_check.c
++++ b/kerneldriver/core/analyze_unit/secDetector_save_check.c
+@@ -38,6 +38,11 @@ static int init_analyze_status_data_sc(analyze_status_t *analyze_status_data, in
+ 		return 0;
+ 	}
+ 	analyze_status_data->sc_data.data = kmalloc(sizeof(unsigned long long) * len, GFP_KERNEL);
++	if (analyze_status_data->sc_data.data == NULL) {
++		pr_err("kmalloc failed");
++		return -ENOMEM;
++	}
++	analyze_status_data->sc_data.data_type = ANALYZE_STATUS_SAVE_CHECK;
+ 	analyze_status_data->sc_data.len = len;
+ 	return 0;
+ }
+@@ -51,6 +56,7 @@ void free_analyze_status_data_sc(analyze_status_t *analyze_status_data)
+ 
+ static int analyze_save_check_init(struct list_head *collect_data_list, analyze_status_t *analyze_status_data, response_data_t *response_data)
+ {
++	int ret = 0;
+ 	int data_index = 0;
+ 	struct collect_data *cd;
+ 	list_for_each_entry(cd, collect_data_list, list) {
+@@ -58,7 +64,9 @@ static int analyze_save_check_init(struct list_head *collect_data_list, analyze_
+ 			continue;
+ 		data_index++;
+ 	}
+-	init_analyze_status_data_sc(analyze_status_data, data_index);
++	ret = init_analyze_status_data_sc(analyze_status_data, data_index);
++	if (ret < 0)
++		return ret;
+ 
+ 	data_index = 0;
+ 	list_for_each_entry(cd, collect_data_list, list) {
+@@ -89,7 +97,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
+ 	unsigned long long measure_value;
+ 	struct collect_data *cd;
+ 	char *timestamp = NULL;
+-	int timestamp_len;
++	int timestamp_len = 0;
+ 	char **response_arrays;
+ 	int response_array_index = 0;
+ 	char int_str[MAX_DIGITS];
+@@ -124,7 +132,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
+ 				break;
+ 		}
+ 		if (measure_value != analyze_status_data->sc_data.data[data_index]) {
+-			pr_warn("[save_check]%s: original: %llu; now: %llu.!\n",
++			pr_debug("[save_check]%s: original: %llu; now: %llu.!\n",
+ 					cd->name, analyze_status_data->sc_data.data[data_index], measure_value);
+ 			response_arrays[response_array_index] = kzalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL);
+ 			if (response_arrays[response_array_index] == NULL) {
+@@ -162,15 +170,17 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
+ 			ret = -ENOMEM;
+ 			goto end;
+ 		}
+-		if (timestamp_len > 0) {
+-			strncat(response_data->report_data.text, timestamp, timestamp_len);
+-			kfree(timestamp);
+-		}
++
+ 		for (i = 0; i < response_array_index; i++)
+ 			strncat(response_data->report_data.text, response_arrays[i], strlen(response_arrays[i]));
+ 		strcat(response_data->report_data.text, "\n");
+ 	}
++
+ end:
++	if (timestamp_len > 0) {
++		strncat(response_data->report_data.text, timestamp, timestamp_len);
++		kfree(timestamp);
++}
+ 	for (i = 0; i < response_array_index; i++)
+ 		kfree(response_arrays[i]);
+ 	kfree(response_arrays);
+-- 
+2.33.0
+

Backport-fix-memory-leak-in-program_action.patch

@@ -0,0 +1,64 @@
+From aaed2290507cac0878c93aa550664875d5875a6b Mon Sep 17 00:00:00 2001
+From: hurricane618 <hurricane618@hotmail.com>
+Date: Wed, 20 Dec 2023 20:17:33 +0800
+Subject: [PATCH] fix memory leak in program_action
+
+1. free path data
+2. free pi in error branch
+
+Signed-off-by: hurricane618 <hurricane618@hotmail.com>
+---
+ .../cases/program_action/secDetector_program_action.c    | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/kerneldriver/cases/program_action/secDetector_program_action.c b/kerneldriver/cases/program_action/secDetector_program_action.c
+index 1f0749a..f571c08 100644
+--- a/kerneldriver/cases/program_action/secDetector_program_action.c
++++ b/kerneldriver/cases/program_action/secDetector_program_action.c
+@@ -177,6 +177,9 @@ static struct process_info *get_common_process_info(struct task_struct *tsk, str
+ 	if (get_task_root(tsk, &root) == 0) {
+ 		pi->root = d_path(&root, pi->rootbuf, PATH_LEN);
+ 	}
++
++	path_put(&root);
++
+ 	if (IS_ERR_OR_NULL(pi->root)) {
+ 		pi->root = "invalid";
+ 	}
+@@ -184,6 +187,9 @@ static struct process_info *get_common_process_info(struct task_struct *tsk, str
+ 	if (get_task_cwd(tsk, &cwd) == 0) {
+ 		pi->cwd = d_path(&cwd, pi->cwdbuf, PATH_LEN);
+ 	}
++
++	path_put(&cwd);
++
+ 	if (IS_ERR_OR_NULL(pi->cwd)) {
+ 		pi->cwd = "invalid";
+ 	}
+@@ -258,6 +264,7 @@ static int ptrace_attach_pre_handler(struct secDetector_workflow *wf,
+ #endif
+ 	if (!attach_task) {
+ 		pr_err("ptrace_attach input task_struct error or arch don't support\n");
++		put_common_process_info(pi);
+ 		return 0;
+ 	}
+ 
+@@ -269,6 +276,7 @@ static int ptrace_attach_pre_handler(struct secDetector_workflow *wf,
+ 	if (!log.report_data.text) {
+ 		pr_err("log.report_data.text kzalloc failed!\n");
+ 		kfree(timestamp);
++		put_common_process_info(pi);
+ 		return 0;
+ 	}
+ 	snprintf(log.report_data.text, BUF_SIZE,
+@@ -304,6 +312,7 @@ static int do_pipe2_pre_handler(struct secDetector_workflow *wf,
+ 	if (!log.report_data.text) {
+ 		pr_err("log.report_data.text kzalloc failed!\n");
+ 		kfree(timestamp);
++		put_common_process_info(pi);
+ 		return 0;
+ 	}
+ 	snprintf(log.report_data.text, BUF_SIZE,
+-- 
+2.33.0
+

Backport-fix-the-memory-leak-in-collect-unit.patch

@@ -0,0 +1,65 @@
+From fb0b9eeccc697b2b8935ed5a643ef30efaad19f7 Mon Sep 17 00:00:00 2001
+From: yieux <yangxy79315@sina.com>
+Date: Mon, 18 Dec 2023 09:28:15 +0800
+Subject: [PATCH] fix the memory leak in collect unit
+
+---
+ .../core/analyze_unit/secDetector_save_check.c      | 13 +++++++------
+ .../core/collect_unit/secDetector_collect.c         |  1 +
+ 2 files changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/kerneldriver/core/analyze_unit/secDetector_save_check.c b/kerneldriver/core/analyze_unit/secDetector_save_check.c
+index 0ab40ce..4a5f689 100644
+--- a/kerneldriver/core/analyze_unit/secDetector_save_check.c
++++ b/kerneldriver/core/analyze_unit/secDetector_save_check.c
+@@ -124,7 +124,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
+ 				break;
+ 		}
+ 		if (measure_value != analyze_status_data->sc_data.data[data_index]) {
+-			pr_debug("[save_check]%s: original: %lld; now: %lld.!\n",
++			pr_warn("[save_check]%s: original: %llu; now: %llu.!\n",
+ 					cd->name, analyze_status_data->sc_data.data[data_index], measure_value);
+ 			response_arrays[response_array_index] = kzalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL);
+ 			if (response_arrays[response_array_index] == NULL) {
+@@ -136,13 +136,13 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
+ 			strcpy(response_arrays[response_array_index], " secswitch_name=");
+ 			//应该有 workflow的名字
+ 			strncat(response_arrays[response_array_index], cd->name, strlen(cd->name));
+-			strcat(response_arrays[response_array_index]," old_value=");
+-			sprintf(int_str, "%lld", analyze_status_data->sc_data.data[data_index]);
++			strcat(response_arrays[response_array_index], " old_value=");
++			sprintf(int_str, "%llu", analyze_status_data->sc_data.data[data_index]);
+ 			strncat(response_arrays[response_array_index], int_str, strlen(int_str));
+-			strcat(response_arrays[response_array_index]," new_value=");
+-			sprintf(int_str, "%lld", measure_value);
++			strcat(response_arrays[response_array_index], " new_value=");
++			sprintf(int_str, "%llu", measure_value);
+ 			strncat(response_arrays[response_array_index], int_str, strlen(int_str));
+-			strcat(response_arrays[response_array_index],".\n");
++			strcat(response_arrays[response_array_index], ".");
+ 
+ 			response_data_char_len += strlen(response_arrays[response_array_index]);
+ 			ret = RESPONSE_REPORT;
+@@ -168,6 +168,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
+ 		}
+ 		for (i = 0; i < response_array_index; i++)
+ 			strncat(response_data->report_data.text, response_arrays[i], strlen(response_arrays[i]));
++		strcat(response_data->report_data.text, "\n");
+ 	}
+ end:
+ 	for (i = 0; i < response_array_index; i++)
+diff --git a/kerneldriver/core/collect_unit/secDetector_collect.c b/kerneldriver/core/collect_unit/secDetector_collect.c
+index c04dd33..2240577 100644
+--- a/kerneldriver/core/collect_unit/secDetector_collect.c
++++ b/kerneldriver/core/collect_unit/secDetector_collect.c
+@@ -32,6 +32,7 @@ struct collect_data *init_collect_data(const char *name)
+ 	cd->name = kmalloc(nl + 1, GFP_KERNEL);
+ 	if (cd->name == NULL) {
+ 		pr_err("kmalloc failed");
++		kfree(cd);
+ 		return NULL;
+ 	}
+ 	strncpy(cd->name, name, nl);
+-- 
+2.33.0
+

secDetector.spec

@@ -5,7 +5,7 @@
 Name         :  secDetector
 Summary      :  OS Security Intrusion Detection System
 Version      :  1.0
-Release      :  12
+Release      :  13
 License      :  GPL-2.0
 Source0      :  %{name}-v%{version}.tar.gz
 BuildRequires:  kernel-devel kernel-headers
@@ -43,6 +43,9 @@ Patch0026: Backport-modify-for-secReadFrom-error.patch
 Patch0027: Backport-fix-invalid-TUF-8-data-in-memory-corruption-module.patch
 Patch0028: Backport-set-cmake-minimum-required-to-VERSION-3.22.patch
 Patch0029: Backport-grpc-fix-coredump-in-Publish.patch
+Patch0030: Backport-fix-the-memory-leak-in-collect-unit.patch
+Patch0031: Backport-fix-memory-leak-in-program_action.patch
+Patch0032: Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch
 
 %description
 OS Security Intrusion Detection System
@@ -116,6 +119,9 @@ rm -rf %{buildroot}
 %attr(0644,root,root) /usr/include/secDetector/secDetector_topic.h
 
 %changelog
+* Thu Dec 21 2023 hurricane618 <hurricane618@hotmail.com> 1.0-13
+- backport patchs to fix memory
+
 * Thu Dec 14 2023 zcfsite <zhchf2010@126.com> 1.0-12
 - fix secReadFrom error,invalid TUF-8 data in mc module,publish coredump