From: Eric Leblond <eric@regit.org>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org, Eric Leblond <eric@regit.org>
Subject: [nft PATCH 1/7] src: fix memory leak when listing rules
Date: Tue, 11 Jul 2017 00:32:49 +0200 [thread overview]
Message-ID: <20170710223255.29885-2-eric@regit.org> (raw)
In-Reply-To: <20170710223255.29885-1-eric@regit.org>
When listing rules we were calling strdup on the table name
but variable was just used locally.
Found via `nft list ruleset` run with ASAN:
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x45cca0 in __interceptor_strdup (/usr/local/sbin/nft+0x45cca0)
#1 0x593c71 in xstrdup /home/eric/git/netfilter/nftables/src/utils.c:75:8
#2 0x513b34 in do_list_ruleset /home/eric/git/netfilter/nftables/src/rule.c:1388:23
#3 0x50e178 in do_command_list /home/eric/git/netfilter/nftables/src/rule.c:1500:10
#4 0x50d3ea in do_command /home/eric/git/netfilter/nftables/src/rule.c:1696:10
#5 0x5061ae in nft_netlink /home/eric/git/netfilter/nftables/src/main.c:207:9
#6 0x505b87 in nft_run /home/eric/git/netfilter/nftables/src/main.c:255:8
#7 0x50771f in main /home/eric/git/netfilter/nftables/src/main.c:392:6
#8 0x7fa1f326d2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
Signed-off-by: Eric Leblond <eric@regit.org>
---
src/rule.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/rule.c b/src/rule.c
index f65674c..58d640e 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1385,12 +1385,14 @@ static int do_list_ruleset(struct netlink_ctx *ctx, struct cmd *cmd)
continue;
cmd->handle.family = table->handle.family;
- cmd->handle.table = xstrdup(table->handle.table);
+ cmd->handle.table = table->handle.table;
if (do_list_table(ctx, cmd, table) < 0)
return -1;
}
+ cmd->handle.table = NULL;
+
return 0;
}
--
2.13.2
next prev parent reply other threads:[~2017-07-10 22:33 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-10 22:32 [nft PATCH 0/7] some memory leak fixes Eric Leblond
2017-07-10 22:32 ` Eric Leblond [this message]
2017-07-10 22:32 ` [nft PATCH 2/7] parser: fix memory leak in set creation Eric Leblond
2017-07-10 22:32 ` [nft PATCH 3/7] parser: fix bison warnings Eric Leblond
2017-07-10 22:32 ` [nft PATCH 4/7] parser: error if needed at EOF Eric Leblond
2017-07-10 22:32 ` [nft PATCH 5/7] evaluate: fix build with clang Eric Leblond
2017-07-10 22:32 ` [nft PATCH 6/7] scanner: free filename when destroying scanner Eric Leblond
2017-07-10 22:32 ` [nft PATCH 7/7] cli: fix heap buffer overflow Eric Leblond
2017-07-17 15:24 ` [nft PATCH 0/7] some memory leak fixes Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170710223255.29885-2-eric@regit.org \
--to=eric@regit.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.