From: Eric Leblond <eric@regit.org>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org, Eric Leblond <eric@regit.org>
Subject: [nft PATCH 1/7] src: fix memory leak when listing rules
Date: Tue, 11 Jul 2017 00:32:49 +0200 [thread overview]
Message-ID: <20170710223255.29885-2-eric@regit.org> (raw)
In-Reply-To: <20170710223255.29885-1-eric@regit.org>
When listing rules we were calling strdup on the table name
but variable was just used locally.
Found via `nft list ruleset` run with ASAN:
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x45cca0 in __interceptor_strdup (/usr/local/sbin/nft+0x45cca0)
#1 0x593c71 in xstrdup /home/eric/git/netfilter/nftables/src/utils.c:75:8
#2 0x513b34 in do_list_ruleset /home/eric/git/netfilter/nftables/src/rule.c:1388:23
#3 0x50e178 in do_command_list /home/eric/git/netfilter/nftables/src/rule.c:1500:10
#4 0x50d3ea in do_command /home/eric/git/netfilter/nftables/src/rule.c:1696:10
#5 0x5061ae in nft_netlink /home/eric/git/netfilter/nftables/src/main.c:207:9
#6 0x505b87 in nft_run /home/eric/git/netfilter/nftables/src/main.c:255:8
#7 0x50771f in main /home/eric/git/netfilter/nftables/src/main.c:392:6
#8 0x7fa1f326d2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
Signed-off-by: Eric Leblond <eric@regit.org>
---
src/rule.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/rule.c b/src/rule.c
index f65674c..58d640e 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1385,12 +1385,14 @@ static int do_list_ruleset(struct netlink_ctx *ctx, struct cmd *cmd)
continue;
cmd->handle.family = table->handle.family;
- cmd->handle.table = xstrdup(table->handle.table);
+ cmd->handle.table = table->handle.table;
if (do_list_table(ctx, cmd, table) < 0)
return -1;
}
+ cmd->handle.table = NULL;
+
return 0;
}
--
2.13.2
next prev parent reply other threads:[~2017-07-10 22:33 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-10 22:32 [nft PATCH 0/7] some memory leak fixes Eric Leblond
2017-07-10 22:32 ` Eric Leblond [this message]
2017-07-10 22:32 ` [nft PATCH 2/7] parser: fix memory leak in set creation Eric Leblond
2017-07-10 22:32 ` [nft PATCH 3/7] parser: fix bison warnings Eric Leblond
2017-07-10 22:32 ` [nft PATCH 4/7] parser: error if needed at EOF Eric Leblond
2017-07-10 22:32 ` [nft PATCH 5/7] evaluate: fix build with clang Eric Leblond
2017-07-10 22:32 ` [nft PATCH 6/7] scanner: free filename when destroying scanner Eric Leblond
2017-07-10 22:32 ` [nft PATCH 7/7] cli: fix heap buffer overflow Eric Leblond
2017-07-17 15:24 ` [nft PATCH 0/7] some memory leak fixes Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170710223255.29885-2-eric@regit.org \
--to=eric@regit.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).