Re: [kbd] Issue in kbd package

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alexey Gladkov <gladkov.alexey@gmail.com>
To: Linux console tools development discussion <kbd@lists.altlinux.org>
Cc: jose.r.guzman.mosqueda@intel.com
Subject: Re: [kbd] Issue in kbd package
Date: Mon, 29 Jun 2015 01:11:43 +0300	[thread overview]
Message-ID: <5590711F.8010309@gmail.com> (raw)
In-Reply-To: <1435334357.32247.15.camel@intel.com>

On 26.06.2015 18:58, Guzman Mosqueda, Jose R wrote:
> 
> Hi all
> 
> I'm Jose R. Guzman from a security team at Intel.
> We have included kbd package in a GNU-Linux project and I'm analyzing
> the code to try to find some possible vulnerabilities, issues or risks.
> 
> Since I'm not too familiar with the package yet I think I have found an
> issue and I'd like you to help me checking it. It could result in a
> memory leak.
> 
> Package version: kbd-2.0.2
> File: src/setfont.c
> Function: static void loadnewfonts(int fd, char **ifiles, int ifilct,
> int iunit, int hwunit, int no_m, int no_u)
> Line: ~459
> Description: There is a variable "bigfontbuf" that contains memory
> allocated dynamically in a "for" loop by calling "xrealloc" function.
> After the loop the variable is passed as parameter in "do_loadfont"
> call, however I don't see any point where such memory get free befor
> returning from function. Also variable is local and the pointer is not
> stored in any other variable. So I think that is a memory leak. Is it?
> 
> Another issue that I found is a handler being not closed:
> File: src/openvt.c
> Function: static char *authenticate_user(int curvt)
> Line: ~119
> Description: There is a variable "dp" used to store a file handler of a
> proc dir. I don't see any point inside the function where such handler
> is freed after being used.
> 
> I really appreciate if someone can take a look and tell me whether they
> are really issues or not.

You are right. Fixed in the master.

http://git.kernel.org/cgit/linux/kernel/git/legion/kbd.git

-- 
Rgrds, legion

     prev parent reply	other threads:[~2015-06-28 22:11 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-26 15:58 [kbd] Issue in kbd package Guzman Mosqueda, Jose R
2015-06-28 22:11 ` Alexey Gladkov [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5590711F.8010309@gmail.com \
    --to=gladkov.alexey@gmail.com \
    --cc=jose.r.guzman.mosqueda@intel.com \
    --cc=kbd@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.