159 lines
5.3 KiB
Diff
159 lines
5.3 KiB
Diff
From f0febd73bffd78e080499d87dc03eea7622dd876 Mon Sep 17 00:00:00 2001
|
|
From: Bastien Nocera <hadess@hadess.net>
|
|
Date: Tue, 2 Jul 2024 15:27:12 +0200
|
|
Subject: [PATCH] shared/shell: Free memory allocated by wordexp()
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def38] [important]
|
|
bluez-5.76/src/shared/shell.c:519:2: alloc_arg: "parse_args" allocates memory that is stored into "w.we_wordv".
|
|
bluez-5.76/src/shared/shell.c:523:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
|
521| "Unable to parse mandatory command arguments: %s", man );
|
|
522| free(man);
|
|
523|-> return -EINVAL;
|
|
524| }
|
|
525|
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def40] [important]
|
|
bluez-5.76/src/shared/shell.c:1113:3: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
|
|
bluez-5.76/src/shared/shell.c:1114:4: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
|
1112|
|
|
1113| if (wordexp(rl_line_buffer, &w, WRDE_NOCMD))
|
|
1114|-> return NULL;
|
|
1115|
|
|
1116| matches = menu_completion(default_menu, text, w.we_wordc,
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def42] [important]
|
|
bluez-5.76/src/shared/shell.c:1412:2: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
|
|
bluez-5.76/src/shared/shell.c:1415:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
|
1413| switch (err) {
|
|
1414| case WRDE_BADCHAR:
|
|
1415|-> return -EBADMSG;
|
|
1416| case WRDE_BADVAL:
|
|
1417| case WRDE_SYNTAX:
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def43] [important]
|
|
bluez-5.76/src/shared/shell.c:1412:2: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
|
|
bluez-5.76/src/shared/shell.c:1418:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
|
1416| case WRDE_BADVAL:
|
|
1417| case WRDE_SYNTAX:
|
|
1418|-> return -EINVAL;
|
|
1419| case WRDE_NOSPACE:
|
|
1420| return -ENOMEM;
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def44] [important]
|
|
bluez-5.76/src/shared/shell.c:1412:2: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
|
|
bluez-5.76/src/shared/shell.c:1420:3: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
|
1418| return -EINVAL;
|
|
1419| case WRDE_NOSPACE:
|
|
1420|-> return -ENOMEM;
|
|
1421| case WRDE_CMDSUB:
|
|
1422| if (wordexp(input, &w, 0))
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def45] [important]
|
|
bluez-5.76/src/shared/shell.c:1422:3: alloc_arg: "wordexp" allocates memory that is stored into "w.we_wordv".
|
|
bluez-5.76/src/shared/shell.c:1423:4: leaked_storage: Variable "w" going out of scope leaks the storage "w.we_wordv" points to.
|
|
1421| case WRDE_CMDSUB:
|
|
1422| if (wordexp(input, &w, 0))
|
|
1423|-> return -ENOEXEC;
|
|
1424| break;
|
|
1425| };
|
|
---
|
|
src/shared/shell.c | 26 ++++++++++++++++++++------
|
|
1 file changed, 20 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/shared/shell.c b/src/shared/shell.c
|
|
index 73b4c704174a..60d37c9e56a7 100644
|
|
--- a/src/shared/shell.c
|
|
+++ b/src/shared/shell.c
|
|
@@ -498,13 +498,23 @@ static void shell_print_menu_zsh_complete(void)
|
|
}
|
|
}
|
|
|
|
+static int _wordexp(const char *restrict s, wordexp_t *restrict p, int flags)
|
|
+{
|
|
+ int ret;
|
|
+
|
|
+ ret = wordexp(s, p, flags);
|
|
+ if (ret != 0)
|
|
+ wordfree(p);
|
|
+ return ret;
|
|
+}
|
|
+
|
|
static int parse_args(char *arg, wordexp_t *w, char *del, int flags)
|
|
{
|
|
char *str;
|
|
|
|
str = strdelimit(arg, del, '"');
|
|
|
|
- if (wordexp(str, w, flags)) {
|
|
+ if (_wordexp(str, w, flags) != 0) {
|
|
free(str);
|
|
return -EINVAL;
|
|
}
|
|
@@ -526,6 +536,7 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry,
|
|
char *man, *opt;
|
|
int flags = WRDE_NOCMD;
|
|
bool optargs = false;
|
|
+ size_t saved_wordc = 0;
|
|
|
|
if (argc == 2 && (!memcmp(argv[1], "help", 4) ||
|
|
!memcmp(argv[1], "--help", 6))) {
|
|
@@ -583,8 +594,10 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry,
|
|
goto fail;
|
|
}
|
|
|
|
- flags |= WRDE_APPEND;
|
|
+ flags |= WRDE_APPEND | WRDE_REUSE;
|
|
opt = strdup(entry->arg + len + 1);
|
|
+ saved_wordc = w.we_wordc;
|
|
+ w.we_wordc = 0;
|
|
|
|
optional:
|
|
if (parse_args(opt, &w, "[]", flags) < 0) {
|
|
@@ -598,6 +611,7 @@ optional:
|
|
free(opt);
|
|
|
|
/* Check if there are too many arguments */
|
|
+ w.we_wordc += saved_wordc;
|
|
if (!optargs && ((unsigned int) argc - 1 > w.we_wordc && !w.we_offs)) {
|
|
print_text(COLOR_HIGHLIGHT, "Too many arguments: %d > %zu",
|
|
argc - 1, w.we_wordc);
|
|
@@ -1089,7 +1103,7 @@ static char **args_completion(const struct bt_shell_menu_entry *entry, int argc,
|
|
args.we_offs = 0;
|
|
wordfree(&args);
|
|
|
|
- if (wordexp(str, &args, WRDE_NOCMD))
|
|
+ if (_wordexp(str, &args, WRDE_NOCMD))
|
|
goto done;
|
|
|
|
rl_completion_display_matches_hook = NULL;
|
|
@@ -1161,7 +1175,7 @@ static char **shell_completion(const char *text, int start, int end)
|
|
if (start > 0) {
|
|
wordexp_t w;
|
|
|
|
- if (wordexp(rl_line_buffer, &w, WRDE_NOCMD))
|
|
+ if (_wordexp(rl_line_buffer, &w, WRDE_NOCMD))
|
|
return NULL;
|
|
|
|
matches = menu_completion(default_menu, text, w.we_wordc,
|
|
@@ -1464,7 +1478,7 @@ int bt_shell_exec(const char *input)
|
|
if (data.monitor)
|
|
bt_log_printf(0xffff, data.name, LOG_INFO, "%s", input);
|
|
|
|
- err = wordexp(input, &w, WRDE_NOCMD);
|
|
+ err = _wordexp(input, &w, WRDE_NOCMD);
|
|
switch (err) {
|
|
case WRDE_BADCHAR:
|
|
return -EBADMSG;
|
|
@@ -1474,7 +1488,7 @@ int bt_shell_exec(const char *input)
|
|
case WRDE_NOSPACE:
|
|
return -ENOMEM;
|
|
case WRDE_CMDSUB:
|
|
- if (wordexp(input, &w, 0))
|
|
+ if (_wordexp(input, &w, 0))
|
|
return -ENOEXEC;
|
|
break;
|
|
};
|
|
--
|
|
2.48.1
|
|
|