From: Mimi Zohar <zohar@linux.ibm.com>
To: Bruno Meneguele <bmeneg@redhat.com>, vt@altlinux.org
Cc: linux-integrity@vger.kernel.org
Subject: Re: [PATCH ima-evm-utils] evmctl: fix memory leak in get_password
Date: Wed, 11 Aug 2021 10:52:00 -0400 [thread overview]
Message-ID: <cf5349dc43b2e8efc709abcf8e1637b7da692bee.camel@linux.ibm.com> (raw)
In-Reply-To: <20210810202852.236354-1-bmeneg@redhat.com>
Hi Bruno,
On Tue, 2021-08-10 at 17:28 -0300, Bruno Meneguele wrote:
> The variable "password" is not freed nor returned in case get_password()
> succeeds. Instead of using an intermediary variable ("pwd") for returning
> the value, use the same "password" var. Issue found by Coverity scan tool.
>
> src/evmctl.c:2565: leaked_storage: Variable "password" going out of scope
> leaks the storage it points to.
>
> Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
> ---
> src/evmctl.c | 15 ++++++++++++---
> 1 file changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/src/evmctl.c b/src/evmctl.c
> index 7a6f2021aa92..b49c7910a4a7 100644
> --- a/src/evmctl.c
> +++ b/src/evmctl.c
> @@ -2601,8 +2601,9 @@ static struct option opts[] = {
> static char *get_password(void)
> {
> struct termios flags, tmp_flags;
> - char *password, *pwd;
> + char *password;
> int passlen = 64;
> + bool err = false;
>
> password = malloc(passlen);
> if (!password) {
> @@ -2622,16 +2623,24 @@ static char *get_password(void)
> }
>
> printf("PEM password: ");
> - pwd = fgets(password, passlen, stdin);
> + if (fgets(password, passlen, stdin) == NULL) {
> + perror("fgets");
> + /* we still need to restore the terminal */
> + err = true;
> + }
From the fgets manpage:
fgets() returns s on success, and NULL on error
or when end of file
occurs while no characters have been read.
> /* restore terminal */
> if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) {
> perror("tcsetattr");
> + err = true;
> + }
> +
> + if (err) {
> free(password);
> return NULL;
> }
>
> - return pwd;
> + return password;
Wouldn't a simpler fix be to test "pwd" here?
if (!pwd)
free(password);
return pwd;
thanks,
Mimi
> }
>
> int main(int argc, char *argv[])
next prev parent reply other threads:[~2021-08-11 14:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-10 20:28 [PATCH ima-evm-utils] evmctl: fix memory leak in get_password Bruno Meneguele
2021-08-11 14:52 ` Mimi Zohar [this message]
2021-08-11 16:51 ` Bruno Meneguele
2021-08-11 17:31 ` Mimi Zohar
2021-08-11 17:52 ` Bruno Meneguele
2021-08-11 18:28 ` Ken Goldman
2021-08-16 15:10 ` Bruno Meneguele
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cf5349dc43b2e8efc709abcf8e1637b7da692bee.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=bmeneg@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox