140 lines
4.7 KiB
Diff
140 lines
4.7 KiB
Diff
|
From 9c7ec707e88170adf3e117fe92ed74e311b2e859 Mon Sep 17 00:00:00 2001
|
||
|
From: Bastien Nocera <hadess@hadess.net>
|
||
|
Date: Tue, 2 Jul 2024 15:27:12 +0200
|
||
|
Subject: [PATCH] shared/shell: Free memory allocated by wordexp()
|
||
|
|
||
|
Error: RESOURCE_LEAK (CWE-772): [#def38] [important]
|
||
|
bluez-5.76/src/shared/shell.c:519:2: alloc_arg: "parse_args" allocates memory that is stored into "w.we_wordv".
|
||
|
bluez-5.76/src/shared/shell.c:523:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
||
|
521| "Unable to parse mandatory command arguments: %s", man );
|
||
|
522| free(man);
|
||
|
523|-> return -EINVAL;
|
||
|
524| }
|
||
|
525|
|
||
|
|
||
|
Error: RESOURCE_LEAK (CWE-772): [#def40] [important]
|
||
|
bluez-5.76/src/shared/shell.c:1113:3: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
|
||
|
bluez-5.76/src/shared/shell.c:1114:4: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
||
|
1112|
|
||
|
1113| if (wordexp(rl_line_buffer, &w, WRDE_NOCMD))
|
||
|
1114|-> return NULL;
|
||
|
1115|
|
||
|
1116| matches = menu_completion(default_menu, text, w.we_wordc,
|
||
|
|
||
|
Error: RESOURCE_LEAK (CWE-772): [#def42] [important]
|
||
|
bluez-5.76/src/shared/shell.c:1412:2: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
|
||
|
bluez-5.76/src/shared/shell.c:1415:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
||
|
1413| switch (err) {
|
||
|
1414| case WRDE_BADCHAR:
|
||
|
1415|-> return -EBADMSG;
|
||
|
1416| case WRDE_BADVAL:
|
||
|
1417| case WRDE_SYNTAX:
|
||
|
|
||
|
Error: RESOURCE_LEAK (CWE-772): [#def43] [important]
|
||
|
bluez-5.76/src/shared/shell.c:1412:2: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
|
||
|
bluez-5.76/src/shared/shell.c:1418:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
||
|
1416| case WRDE_BADVAL:
|
||
|
1417| case WRDE_SYNTAX:
|
||
|
1418|-> return -EINVAL;
|
||
|
1419| case WRDE_NOSPACE:
|
||
|
1420| return -ENOMEM;
|
||
|
|
||
|
Error: RESOURCE_LEAK (CWE-772): [#def44] [important]
|
||
|
bluez-5.76/src/shared/shell.c:1412:2: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
|
||
|
bluez-5.76/src/shared/shell.c:1420:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
||
|
1418| return -EINVAL;
|
||
|
1419| case WRDE_NOSPACE:
|
||
|
1420|-> return -ENOMEM;
|
||
|
1421| case WRDE_CMDSUB:
|
||
|
1422| if (wordexp(input, &w, 0))
|
||
|
|
||
|
Error: RESOURCE_LEAK (CWE-772): [#def45] [important]
|
||
|
bluez-5.76/src/shared/shell.c:1422:3: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
|
||
|
bluez-5.76/src/shared/shell.c:1423:4: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
||
|
1421| case WRDE_CMDSUB:
|
||
|
1422| if (wordexp(input, &w, 0))
|
||
|
1423|-> return -ENOEXEC;
|
||
|
1424| break;
|
||
|
1425| };
|
||
|
---
|
||
|
src/shared/shell.c | 22 ++++++++++++++++------
|
||
|
1 file changed, 16 insertions(+), 6 deletions(-)
|
||
|
|
||
|
diff --git a/src/shared/shell.c b/src/shared/shell.c
|
||
|
index 88ecaa076adc..26c6a419af22 100644
|
||
|
--- a/src/shared/shell.c
|
||
|
+++ b/src/shared/shell.c
|
||
|
@@ -452,13 +452,23 @@ static void shell_print_menu_zsh_complete(void)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
+static int _wordexp(const char *restrict s, wordexp_t *restrict p, int flags)
|
||
|
+{
|
||
|
+ int ret;
|
||
|
+
|
||
|
+ ret = wordexp(s, p, flags);
|
||
|
+ if (ret != 0)
|
||
|
+ wordfree(p);
|
||
|
+ return ret;
|
||
|
+}
|
||
|
+
|
||
|
static int parse_args(char *arg, wordexp_t *w, char *del, int flags)
|
||
|
{
|
||
|
char *str;
|
||
|
|
||
|
str = strdelimit(arg, del, '"');
|
||
|
|
||
|
- if (wordexp(str, w, flags)) {
|
||
|
+ if (_wordexp(str, w, flags) != 0) {
|
||
|
free(str);
|
||
|
return -EINVAL;
|
||
|
}
|
||
|
@@ -537,7 +547,7 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry,
|
||
|
goto fail;
|
||
|
}
|
||
|
|
||
|
- flags |= WRDE_APPEND;
|
||
|
+ flags |= WRDE_APPEND | WRDE_REUSE;
|
||
|
opt = strdup(entry->arg + len + 1);
|
||
|
|
||
|
optional:
|
||
|
@@ -1043,7 +1053,7 @@ static char **args_completion(const struct bt_shell_menu_entry *entry, int argc,
|
||
|
args.we_offs = 0;
|
||
|
wordfree(&args);
|
||
|
|
||
|
- if (wordexp(str, &args, WRDE_NOCMD))
|
||
|
+ if (_wordexp(str, &args, WRDE_NOCMD))
|
||
|
goto done;
|
||
|
|
||
|
rl_completion_display_matches_hook = NULL;
|
||
|
@@ -1115,7 +1125,7 @@ static char **shell_completion(const char *text, int start, int end)
|
||
|
if (start > 0) {
|
||
|
wordexp_t w;
|
||
|
|
||
|
- if (wordexp(rl_line_buffer, &w, WRDE_NOCMD))
|
||
|
+ if (_wordexp(rl_line_buffer, &w, WRDE_NOCMD))
|
||
|
return NULL;
|
||
|
|
||
|
matches = menu_completion(default_menu, text, w.we_wordc,
|
||
|
@@ -1417,7 +1427,7 @@ int bt_shell_exec(const char *input)
|
||
|
if (data.monitor)
|
||
|
bt_log_printf(0xffff, data.name, LOG_INFO, "%s", input);
|
||
|
|
||
|
- err = wordexp(input, &w, WRDE_NOCMD);
|
||
|
+ err = _wordexp(input, &w, WRDE_NOCMD);
|
||
|
switch (err) {
|
||
|
case WRDE_BADCHAR:
|
||
|
return -EBADMSG;
|
||
|
@@ -1427,7 +1437,7 @@ int bt_shell_exec(const char *input)
|
||
|
case WRDE_NOSPACE:
|
||
|
return -ENOMEM;
|
||
|
case WRDE_CMDSUB:
|
||
|
- if (wordexp(input, &w, 0))
|
||
|
+ if (_wordexp(input, &w, 0))
|
||
|
return -ENOEXEC;
|
||
|
break;
|
||
|
};
|
||
|
--
|
||
|
2.45.2
|
||
|
|