From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 26 Nov 2020 12:48:07 +0000 Subject: [PATCH] affs: Fix memory leaks The node structure reference is being allocated but not freed if it reaches the end of the function. If any of the hooks had returned a non-zero value, then node would have been copied in to the context reference, but otherwise node is not stored and should be freed. Similarly, the call to grub_affs_create_node() replaces the allocated memory in node with a newly allocated structure, leaking the existing memory pointed by node. Finally, when dir->parent is set, then we again replace node with newly allocated memory, which seems unnecessary when we copy in the values from dir->parent immediately after. Fixes: CID 73759 Signed-off-by: Darren Kenny Reviewed-by: Daniel Kiper --- grub-core/fs/affs.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c index 91073795f..e4615c743 100644 --- a/grub-core/fs/affs.c +++ b/grub-core/fs/affs.c @@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, { unsigned int i; struct grub_affs_file file; - struct grub_fshelp_node *node = 0; + struct grub_fshelp_node *node, *orig_node; struct grub_affs_data *data = dir->data; grub_uint32_t *hashtable; /* Create the directory entries for `.' and `..'. */ - node = grub_zalloc (sizeof (*node)); + node = orig_node = grub_zalloc (sizeof (*node)); if (!node) return 1; @@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, return 1; if (dir->parent) { - node = grub_zalloc (sizeof (*node)); - if (!node) - return 1; *node = *dir->parent; if (hook ("..", GRUB_FSHELP_DIR, node, hook_data)) return 1; @@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable, next, &file)) - return 1; + { + /* Node has been replaced in function. */ + grub_free (orig_node); + return 1; + } next = grub_be_to_cpu32 (file.next); } } - grub_free (hashtable); - return 0; - fail: - grub_free (node); + grub_free (orig_node); grub_free (hashtable); return 0; }