[kbd] Issue in kbd package - Guzman Mosqueda, Jose R

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Guzman Mosqueda, Jose R" <jose.r.guzman.mosqueda@intel.com>
To: "kbd@lists.altlinux.org" <kbd@lists.altlinux.org>
Subject: [kbd] Issue in kbd package
Date: Fri, 26 Jun 2015 15:58:41 +0000	[thread overview]
Message-ID: <1435334357.32247.15.camel@intel.com> (raw)

Hi all

I'm Jose R. Guzman from a security team at Intel.
We have included kbd package in a GNU-Linux project and I'm analyzing
the code to try to find some possible vulnerabilities, issues or risks.

Since I'm not too familiar with the package yet I think I have found an
issue and I'd like you to help me checking it. It could result in a
memory leak.

Package version: kbd-2.0.2
File: src/setfont.c
Function: static void loadnewfonts(int fd, char **ifiles, int ifilct,
int iunit, int hwunit, int no_m, int no_u)
Line: ~459
Description: There is a variable "bigfontbuf" that contains memory
allocated dynamically in a "for" loop by calling "xrealloc" function.
After the loop the variable is passed as parameter in "do_loadfont"
call, however I don't see any point where such memory get free befor
returning from function. Also variable is local and the pointer is not
stored in any other variable. So I think that is a memory leak. Is it?

Another issue that I found is a handler being not closed:
File: src/openvt.c
Function: static char *authenticate_user(int curvt)
Line: ~119
Description: There is a variable "dp" used to store a file handler of a
proc dir. I don't see any point inside the function where such handler
is freed after being used.

I really appreciate if someone can take a look and tell me whether they
are really issues or not.

Thanks in advance.

Regards,
Jose R.

next             reply	other threads:[~2015-06-26 15:58 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-26 15:58 Guzman Mosqueda, Jose R [this message]
2015-06-28 22:11 ` [kbd] Issue in kbd package Alexey Gladkov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1435334357.32247.15.camel@intel.com \
    --to=jose.r.guzman.mosqueda@intel.com \
    --cc=kbd@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.