diff --git a/nfs-utils-2.5.4-blkmapd-double-free.patch b/nfs-utils-2.5.4-blkmapd-double-free.patch new file mode 100644 index 0000000..8dc82cf --- /dev/null +++ b/nfs-utils-2.5.4-blkmapd-double-free.patch @@ -0,0 +1,89 @@ +commit c1c35487aba2cec828d9b8a1be9043000beadea5 +Author: Lixiaokeng +Date: Mon Oct 24 13:00:50 2022 -0400 + + blkmapd: fix coredump in bl_add_disk + + The serial->data is not malloced separately (just part of + the serial), so it can't be freed. The bl_serial has its + own free function. Use it. + + Signed-off-by: Lixiaokeng + Signed-off-by: Zhiqiang Liu + Signed-off-by: Steve Dickson + +diff --git a/utils/blkmapd/device-discovery.c b/utils/blkmapd/device-discovery.c +index 49935c2e..bd890598 100644 +--- a/utils/blkmapd/device-discovery.c ++++ b/utils/blkmapd/device-discovery.c +@@ -187,10 +187,7 @@ static void bl_add_disk(char *filepath) + } + + if (disk && diskpath) { +- if (serial) { +- free(serial->data); +- free(serial); +- } ++ bl_free_scsi_string(serial); + return; + } + +@@ -228,10 +225,7 @@ static void bl_add_disk(char *filepath) + disk->size = size; + disk->valid_path = path; + } +- if (serial) { +- free(serial->data); +- free(serial); +- } ++ bl_free_scsi_string(serial); + } + return; + +@@ -241,10 +235,7 @@ static void bl_add_disk(char *filepath) + free(path->full_path); + free(path); + } +- if (serial) { +- free(serial->data); +- free(serial); +- } ++ bl_free_scsi_string(serial); + return; + } + +diff --git a/utils/blkmapd/device-discovery.h b/utils/blkmapd/device-discovery.h +index a86eed99..462aa943 100644 +--- a/utils/blkmapd/device-discovery.h ++++ b/utils/blkmapd/device-discovery.h +@@ -151,6 +151,8 @@ uint64_t process_deviceinfo(const char *dev_addr_buf, + + extern ssize_t atomicio(ssize_t(*f) (int, void *, size_t), + int fd, void *_s, size_t n); ++extern struct bl_serial *bl_create_scsi_string(int len, const char *bytes); ++extern void bl_free_scsi_string(struct bl_serial *str); + extern struct bl_serial *bldev_read_serial(int fd, const char *filename); + extern enum bl_path_state_e bldev_read_ap_state(int fd); + extern int bl_discover_devices(void); +diff --git a/utils/blkmapd/device-inq.c b/utils/blkmapd/device-inq.c +index c7952c3e..9e5749ef 100644 +--- a/utils/blkmapd/device-inq.c ++++ b/utils/blkmapd/device-inq.c +@@ -53,7 +53,7 @@ + #define DEF_ALLOC_LEN 255 + #define MX_ALLOC_LEN (0xc000 + 0x80) + +-static struct bl_serial *bl_create_scsi_string(int len, const char *bytes) ++struct bl_serial *bl_create_scsi_string(int len, const char *bytes) + { + struct bl_serial *s; + +@@ -66,7 +66,7 @@ static struct bl_serial *bl_create_scsi_string(int len, const char *bytes) + return s; + } + +-static void bl_free_scsi_string(struct bl_serial *str) ++void bl_free_scsi_string(struct bl_serial *str) + { + if (str) + free(str); diff --git a/nfs-utils.spec b/nfs-utils.spec index 45162f8..1b21667 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -56,6 +56,7 @@ Patch020: nfs-utils-2.5.4-gssd-bad-integ-error-support.patch Patch021: nfs-utils-2.5.4-mount-mountconf-typo.patch Patch022: nfs-utils-2.5.4-support-for-rpc-with-tls.patch Patch023: nfs-utils-2.5.4-fix-typos-in-messages.patch +Patch024: nfs-utils-2.5.4-blkmapd-double-free.patch Patch100: nfs-utils-1.2.1-statdpath-man.patch Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch @@ -499,6 +500,7 @@ fi %changelog * Mon Feb 5 2024 Steve Dickson 2.5.4-23 - Typos and documentation fixes (RHEL-22654) +- blkmapd: fix coredump in bl_add_disk (RHEL-7941) * Thu Feb 1 2024 Steve Dickson 2.5.4-22 - nfsmount.conf: Fix typo of the attribute name (RHEL-7904)