bluez/0001-shared-shell-Free-memory-allocated-by-wordexp.patch

140 lines
4.7 KiB
Diff
Raw Normal View History

From 9c7ec707e88170adf3e117fe92ed74e311b2e859 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Tue, 2 Jul 2024 15:27:12 +0200
Subject: [PATCH] shared/shell: Free memory allocated by wordexp()
Error: RESOURCE_LEAK (CWE-772): [#def38] [important]
bluez-5.76/src/shared/shell.c:519:2: alloc_arg: "parse_args" allocates memory that is stored into "w.we_wordv".
bluez-5.76/src/shared/shell.c:523:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
521| "Unable to parse mandatory command arguments: %s", man );
522| free(man);
523|-> return -EINVAL;
524| }
525|
Error: RESOURCE_LEAK (CWE-772): [#def40] [important]
bluez-5.76/src/shared/shell.c:1113:3: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
bluez-5.76/src/shared/shell.c:1114:4: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
1112|
1113| if (wordexp(rl_line_buffer, &w, WRDE_NOCMD))
1114|-> return NULL;
1115|
1116| matches = menu_completion(default_menu, text, w.we_wordc,
Error: RESOURCE_LEAK (CWE-772): [#def42] [important]
bluez-5.76/src/shared/shell.c:1412:2: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
bluez-5.76/src/shared/shell.c:1415:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
1413| switch (err) {
1414| case WRDE_BADCHAR:
1415|-> return -EBADMSG;
1416| case WRDE_BADVAL:
1417| case WRDE_SYNTAX:
Error: RESOURCE_LEAK (CWE-772): [#def43] [important]
bluez-5.76/src/shared/shell.c:1412:2: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
bluez-5.76/src/shared/shell.c:1418:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
1416| case WRDE_BADVAL:
1417| case WRDE_SYNTAX:
1418|-> return -EINVAL;
1419| case WRDE_NOSPACE:
1420| return -ENOMEM;
Error: RESOURCE_LEAK (CWE-772): [#def44] [important]
bluez-5.76/src/shared/shell.c:1412:2: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
bluez-5.76/src/shared/shell.c:1420:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
1418| return -EINVAL;
1419| case WRDE_NOSPACE:
1420|-> return -ENOMEM;
1421| case WRDE_CMDSUB:
1422| if (wordexp(input, &w, 0))
Error: RESOURCE_LEAK (CWE-772): [#def45] [important]
bluez-5.76/src/shared/shell.c:1422:3: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
bluez-5.76/src/shared/shell.c:1423:4: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
1421| case WRDE_CMDSUB:
1422| if (wordexp(input, &w, 0))
1423|-> return -ENOEXEC;
1424| break;
1425| };
---
src/shared/shell.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/src/shared/shell.c b/src/shared/shell.c
index 88ecaa076adc..26c6a419af22 100644
--- a/src/shared/shell.c
+++ b/src/shared/shell.c
@@ -452,13 +452,23 @@ static void shell_print_menu_zsh_complete(void)
}
}
+static int _wordexp(const char *restrict s, wordexp_t *restrict p, int flags)
+{
+ int ret;
+
+ ret = wordexp(s, p, flags);
+ if (ret != 0)
+ wordfree(p);
+ return ret;
+}
+
static int parse_args(char *arg, wordexp_t *w, char *del, int flags)
{
char *str;
str = strdelimit(arg, del, '"');
- if (wordexp(str, w, flags)) {
+ if (_wordexp(str, w, flags) != 0) {
free(str);
return -EINVAL;
}
@@ -537,7 +547,7 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry,
goto fail;
}
- flags |= WRDE_APPEND;
+ flags |= WRDE_APPEND | WRDE_REUSE;
opt = strdup(entry->arg + len + 1);
optional:
@@ -1043,7 +1053,7 @@ static char **args_completion(const struct bt_shell_menu_entry *entry, int argc,
args.we_offs = 0;
wordfree(&args);
- if (wordexp(str, &args, WRDE_NOCMD))
+ if (_wordexp(str, &args, WRDE_NOCMD))
goto done;
rl_completion_display_matches_hook = NULL;
@@ -1115,7 +1125,7 @@ static char **shell_completion(const char *text, int start, int end)
if (start > 0) {
wordexp_t w;
- if (wordexp(rl_line_buffer, &w, WRDE_NOCMD))
+ if (_wordexp(rl_line_buffer, &w, WRDE_NOCMD))
return NULL;
matches = menu_completion(default_menu, text, w.we_wordc,
@@ -1417,7 +1427,7 @@ int bt_shell_exec(const char *input)
if (data.monitor)
bt_log_printf(0xffff, data.name, LOG_INFO, "%s", input);
- err = wordexp(input, &w, WRDE_NOCMD);
+ err = _wordexp(input, &w, WRDE_NOCMD);
switch (err) {
case WRDE_BADCHAR:
return -EBADMSG;
@@ -1427,7 +1437,7 @@ int bt_shell_exec(const char *input)
case WRDE_NOSPACE:
return -ENOMEM;
case WRDE_CMDSUB:
- if (wordexp(input, &w, 0))
+ if (_wordexp(input, &w, 0))
return -ENOEXEC;
break;
};
--
2.45.2