rpc.mountd: Fix e_hostname and e_uuid leaks (bz 1713360)

Signed-off-by: Steve Dickson <steved@redhat.com>
This commit is contained in:
Steve Dickson 2019-05-23 09:28:27 -04:00
parent 1bacfbf99b
commit 4d64abcf4f
2 changed files with 80 additions and 1 deletions

View File

@ -0,0 +1,77 @@
commit 50ef80739d9e1e0df6616289ef2ff626a94666ee
Author: Steve Dickson <steved@redhat.com>
Date: Thu May 23 09:24:49 2019 -0400
rpc.mountd: Fix e_hostname and e_uuid leaks
strdup of exportent uuid and hostname in getexportent() ends up leaking
memory. Free the memory before getexportent() is called again from xtab_read()
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1713360
Signed-off-by: Nikhil Kshirsagar <nkshirsa@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/support/export/xtab.c b/support/export/xtab.c
index d42eeef..1e1d679 100644
--- a/support/export/xtab.c
+++ b/support/export/xtab.c
@@ -50,6 +50,14 @@ xtab_read(char *xtab, char *lockfn, int is_export)
while ((xp = getexportent(is_export==0, 0)) != NULL) {
if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) &&
!(exp = export_create(xp, is_export!=1))) {
+ if(xp->e_hostname) {
+ free(xp->e_hostname);
+ xp->e_hostname=NULL;
+ }
+ if(xp->e_uuid) {
+ free(xp->e_uuid);
+ xp->e_uuid=NULL;
+ }
continue;
}
switch (is_export) {
@@ -62,7 +70,16 @@ xtab_read(char *xtab, char *lockfn, int is_export)
if ((xp->e_flags & NFSEXP_FSID) && xp->e_fsid == 0)
v4root_needed = 0;
break;
- }
+ }
+ if(xp->e_hostname) {
+ free(xp->e_hostname);
+ xp->e_hostname=NULL;
+ }
+ if(xp->e_uuid) {
+ free(xp->e_uuid);
+ xp->e_uuid=NULL;
+ }
+
}
endexportent();
xfunlock(lockid);
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index 5f4cb95..a7582ca 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -179,9 +179,20 @@ getexportent(int fromkernel, int fromexports)
}
ee.e_hostname = xstrdup(hostname);
- if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0)
- return NULL;
+ if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) {
+ if(ee.e_hostname)
+ {
+ xfree(ee.e_hostname);
+ ee.e_hostname=NULL;
+ }
+ if(ee.e_uuid)
+ {
+ xfree(ee.e_uuid);
+ ee.e_uuid=NULL;
+ }
+ return NULL;
+ }
/* resolve symlinks */
if (realpath(ee.e_path, rpath) != NULL) {
rpath[sizeof (rpath) - 1] = '\0';

View File

@ -18,6 +18,7 @@ Source6: nfs-convert.service
Patch001: nfs-utils-2.3.4-mount-fallback.patch
Patch002: nfs-utils-2.3.4-PRIx64-integers.patch
Patch003: nfs-utils-2.3.4-mountd-memleak.patch
Patch100: nfs-utils-1.2.1-statdpath-man.patch
Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
@ -361,9 +362,10 @@ fi
%{_pkgdir}/*/var-lib-nfs-rpc_pipefs.mount
%changelog
* Tue May 21 2019 Steve Dickson <steved@redhat.com> 2.3.4-1
* Thu May 23 2019 Steve Dickson <steved@redhat.com> 2.3.4-1
- mount: Report correct error in the fall_back cases (bz 1709961)
- sqlite.c: Use PRIx64 macro to print 64-bit integers
- rpc.mountd: Fix e_hostname and e_uuid leaks (bz 1713360)
* Fri May 10 2019 Steve Dickson <steved@redhat.com> 2.3.4-0
- Updated to the latest upstream release: 2.3.4 (bz 1708690)