Bug#496466: multiple memory leaks in libkeyutils1

Sun, 24 Aug 2008 18:10:07 -0700 

Package: libkeyutils1
Version: 1.2-7
Severity: minor
Tags: patch


typical c errors, e.g leak on failed realloc.
patches attached and both inlined for easy review.

diff --git a/keyutils.c b/keyutils.c
index 891fee4..d6e7688 100644
--- a/keyutils.c
+++ b/keyutils.c
@@ -165,6 +165,24 @@ long keyctl_assume_authority(key_serial_t id)
        return keyctl(KEYCTL_ASSUME_AUTHORITY, id);
 }
 
+
+/*****************************************************************************/
+/*
+ * plain realloc is just crazy
+ */
+static void* __xrealloc(void* ptr, size_t size)
+{
+    void* ret;
+
+    ret = realloc(ptr, size);
+    if(!ret) {
+        free(ptr);
+        return 0;
+    }
+    return ret;
+}
+
+
 /*****************************************************************************/
 /*
  * fetch key description into an allocated buffer
@@ -187,14 +205,16 @@ int keyctl_describe_alloc(key_serial_t id, char **_buffer)
 
        for (;;) {
                ret = keyctl_describe(id, buf, buflen);
-               if (ret < 0)
+               if (ret < 0) {
+            free(buf);
                        return -1;
+        }
 
                if (buflen >= ret)
                        break;
 
                buflen = ret;
-               buf = realloc(buf, buflen);
+               buf = __xrealloc(buf, buflen);
                if (!buf)
                        return -1;
        }
@@ -226,14 +246,16 @@ int keyctl_read_alloc(key_serial_t id, void **_buffer)
 
        for (;;) {
                ret = keyctl_read(id, buf, buflen);
-               if (ret < 0)
+               if (ret < 0) {
+            free(buf);
                        return -1;
+        }
 
                if (buflen >= ret)
                        break;
 
                buflen = ret;
-               buf = realloc(buf, buflen + 1);
+               buf = __xrealloc(buf, buflen + 1);
                if (!buf)
                        return -1;
        }

cu,
michael

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (991, 'unstable'), (500, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23-grml64 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.iso885915, LC_CTYPE=en_US.iso885915 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages libkeyutils1 depends on:
ii  libc6                         2.7-3      GNU C Library: Shared libraries

libkeyutils1 recommends no packages.

libkeyutils1 suggests no packages.

-- no debconf information

>From 7160effbc6c3d14387593e5a8a0e0de2973bcf72 Mon Sep 17 00:00:00 2001
From: Michael Gebetsroither <[EMAIL PROTECTED]>
Date: Mon, 25 Aug 2008 02:04:38 +0200
Subject: [PATCH 1/2] fixed memleak from realloc

Signed-off-by: Michael Gebetsroither <[EMAIL PROTECTED]>

diff --git a/keyutils.c b/keyutils.c
index 891fee4..f743def 100644
--- a/keyutils.c
+++ b/keyutils.c
@@ -165,6 +165,24 @@ long keyctl_assume_authority(key_serial_t id)
 	return keyctl(KEYCTL_ASSUME_AUTHORITY, id);
 }
 
+
+/*****************************************************************************/
+/*
+ * plain realloc is just crazy
+ */
+static void* __xrealloc(void* ptr, size_t size)
+{
+    void* ret;
+
+    ret = realloc(ptr, size);
+    if(!ret) {
+        free(ptr);
+        return 0;
+    }
+    return ret;
+}
+
+
 /*****************************************************************************/
 /*
  * fetch key description into an allocated buffer
@@ -194,7 +212,7 @@ int keyctl_describe_alloc(key_serial_t id, char **_buffer)
 			break;
 
 		buflen = ret;
-		buf = realloc(buf, buflen);
+		buf = __xrealloc(buf, buflen);
 		if (!buf)
 			return -1;
 	}
@@ -233,7 +251,7 @@ int keyctl_read_alloc(key_serial_t id, void **_buffer)
 			break;
 
 		buflen = ret;
-		buf = realloc(buf, buflen + 1);
+		buf = __xrealloc(buf, buflen + 1);
 		if (!buf)
 			return -1;
 	}
-- 
1.5.6.3


>From b8018a671bc2334840e759efff7a73f3e9fef305 Mon Sep 17 00:00:00 2001
From: Michael Gebetsroither <[EMAIL PROTECTED]>
Date: Mon, 25 Aug 2008 02:05:39 +0200
Subject: [PATCH 2/2] fixed another memleak

Signed-off-by: Michael Gebetsroither <[EMAIL PROTECTED]>

diff --git a/keyutils.c b/keyutils.c
index f743def..d6e7688 100644
--- a/keyutils.c
+++ b/keyutils.c
@@ -205,8 +205,10 @@ int keyctl_describe_alloc(key_serial_t id, char **_buffer)
 
 	for (;;) {
 		ret = keyctl_describe(id, buf, buflen);
-		if (ret < 0)
+		if (ret < 0) {
+            free(buf);
 			return -1;
+        }
 
 		if (buflen >= ret)
 			break;
@@ -244,8 +246,10 @@ int keyctl_read_alloc(key_serial_t id, void **_buffer)
 
 	for (;;) {
 		ret = keyctl_read(id, buf, buflen);
-		if (ret < 0)
+		if (ret < 0) {
+            free(buf);
 			return -1;
+        }
 
 		if (buflen >= ret)
 			break;
-- 
1.5.6.3

Reply via email to