From owner-svn-src-all@freebsd.org Thu Jul 9 22:55:44 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E13E839E5; Thu, 9 Jul 2015 22:55:44 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B7ECC1BD3; Thu, 9 Jul 2015 22:55:44 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t69Mtiu2041404; Thu, 9 Jul 2015 22:55:44 GMT (envelope-from jamie@FreeBSD.org) Received: (from jamie@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t69MtiG8041402; Thu, 9 Jul 2015 22:55:44 GMT (envelope-from jamie@FreeBSD.org) Message-Id: <201507092255.t69MtiG8041402@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jamie set sender to jamie@FreeBSD.org using -f From: Jamie Gritton Date: Thu, 9 Jul 2015 22:55:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285343 - stable/9/lib/libjail X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2015 22:55:45 -0000 Author: jamie Date: Thu Jul 9 22:55:43 2015 New Revision: 285343 URL: https://svnweb.freebsd.org/changeset/base/285343 Log: MFC r241197: Fix some memory allocation errors: * jail_setv will leak a parameter name if jailparam_import fails. * jailparam_all loses the jailparam pointer on realloc error (a clear freshman mistake). * If jailparam_init fails, the caller doesn't need to jailparam_free the buffer. That's not really clear, so set things to NULL allowing jailparam_free to work without error (though it's still not required). Modified: stable/9/lib/libjail/jail.c Directory Properties: stable/9/lib/libjail/ (props changed) Modified: stable/9/lib/libjail/jail.c ============================================================================== --- stable/9/lib/libjail/jail.c Thu Jul 9 22:46:28 2015 (r285342) +++ stable/9/lib/libjail/jail.c Thu Jul 9 22:55:43 2015 (r285343) @@ -85,19 +85,22 @@ jail_setv(int flags, ...) (void)va_arg(tap, char *); va_end(tap); jp = alloca(njp * sizeof(struct jailparam)); - for (njp = 0; (name = va_arg(ap, char *)) != NULL; njp++) { + for (njp = 0; (name = va_arg(ap, char *)) != NULL;) { value = va_arg(ap, char *); - if (jailparam_init(jp + njp, name) < 0 || - jailparam_import(jp + njp, value) < 0) { - jailparam_free(jp, njp); - va_end(ap); - return (-1); - } + if (jailparam_init(jp + njp, name) < 0) + goto error; + if (jailparam_import(jp + njp++, value) < 0) + goto error; } va_end(ap); jid = jailparam_set(jp, njp, flags); jailparam_free(jp, njp); return (jid); + + error: + jailparam_free(jp, njp); + va_end(ap); + return (-1); } /* @@ -195,7 +198,7 @@ jail_getv(int flags, ...) int jailparam_all(struct jailparam **jpp) { - struct jailparam *jp; + struct jailparam *jp, *tjp; size_t mlen1, mlen2, buflen; int njp, nlist; int mib1[CTL_MAXNAME], mib2[CTL_MAXNAME - 2]; @@ -242,11 +245,10 @@ jailparam_all(struct jailparam **jpp) /* Add the parameter to the list */ if (njp >= nlist) { nlist *= 2; - jp = realloc(jp, nlist * sizeof(*jp)); - if (jp == NULL) { - jailparam_free(jp, njp); - return (-1); - } + tjp = realloc(jp, nlist * sizeof(*jp)); + if (tjp == NULL) + goto error; + jp = tjp; } if (jailparam_init(jp + njp, buf + sizeof(SJPARAM)) < 0) goto error; @@ -277,6 +279,8 @@ jailparam_init(struct jailparam *jp, con } if (jailparam_type(jp) < 0) { jailparam_free(jp, 1); + jp->jp_name = NULL; + jp->jp_value = NULL; return (-1); } return (0);