lib/fs: fix memory leak in get_task_name()

asprintf() allocates memory which is not freed on the error path of
get_task_name(), thus potentially leading to memory leaks.
%m specifier on fscanf allocates memory, too, which needs to be freed by
the caller.

This reworks get_task_name() to avoid memory allocation.
- Pass a buffer and its length to the function, similarly to what
  get_command_name() does, thus avoiding to allocate memory for
  the string to be returned;
- Use snprintf() instead of asprintf();
- Use fgets() instead of fscanf() to limit string length.

Fixes: 81bfd01a4c9e ("lib: move get_task_name() from rdma")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

diff --git a/include/utils.h b/include/utils.h
index b6c468e9cc862f13e80d2e8cf706a72788316529..b0e0967cb100571c8c40272dbd6bebcb70d9ceb3 100644 (file)
--- a/include/utils.h
+++ b/include/utils.h
@@ -307,7 +307,7 @@ char *find_cgroup2_mount(bool do_mount);
 __u64 get_cgroup2_id(const char *path);
 char *get_cgroup2_path(__u64 id, bool full);
 int get_command_name(const char *pid, char *comm, size_t len);
-char *get_task_name(pid_t pid);
+int get_task_name(pid_t pid, char *name, size_t len);
 
 int get_rtnl_link_stats_rta(struct rtnl_link_stats64 *stats64,
                            struct rtattr *tb[]);

diff --git a/ip/iptuntap.c b/ip/iptuntap.c
index 385d2bd806b2810753523aba10e8a4214843c797..8e4e09bff838e09c3a90020903983cbd7abc5caf 100644 (file)
--- a/ip/iptuntap.c
+++ b/ip/iptuntap.c
@@ -321,14 +321,16 @@ static void show_processes(const char *name)
                        } else if (err == 2 &&
                                   !strcmp("iff", key) &&
                                   !strcmp(name, value)) {
-                               char *pname = get_task_name(pid);
+                               SPRINT_BUF(pname);
 
-                               print_string(PRINT_ANY, "name",
-                                            "%s", pname ? : "<NULL>");
+                               if (get_task_name(pid, pname, sizeof(pname)))
+                                       print_string(PRINT_ANY, "name",
+                                                    "%s", "<NULL>");
+                               else
+                                       print_string(PRINT_ANY, "name",
+                                                    "%s", pname);
 
-                               print_uint(PRINT_ANY, "pid",
-                                          "(%d)", pid);
-                               free(pname);
+                               print_uint(PRINT_ANY, "pid", "(%d)", pid);
                        }
 
                        free(key);

diff --git a/lib/fs.c b/lib/fs.c
index f6f5f8a0b3bb5568d4afa6e5a5456ad4173bb1f5..3752931cf8f8c193dd6ee42f655cc46669bd261f 100644 (file)
--- a/lib/fs.c
+++ b/lib/fs.c
@@ -342,25 +342,28 @@ int get_command_name(const char *pid, char *comm, size_t len)
        return 0;
 }
 
-char *get_task_name(pid_t pid)
+int get_task_name(pid_t pid, char *name, size_t len)
 {
-       char *comm;
+       char path[PATH_MAX];
        FILE *f;
 
        if (!pid)
-               return NULL;
+               return -1;
 
-       if (asprintf(&comm, "/proc/%d/comm", pid) < 0)
-               return NULL;
+       if (snprintf(path, sizeof(path), "/proc/%d/comm", pid) >= sizeof(path))
+               return -1;
 
-       f = fopen(comm, "r");
+       f = fopen(path, "r");
        if (!f)
-               return NULL;
+               return -1;
 
-       if (fscanf(f, "%ms\n", &comm) != 1)
-               comm = NULL;
+       if (!fgets(name, len, f))
+               return -1;
+
+       /* comm ends in \n, get rid of it */
+       name[strcspn(name, "\n")] = '\0';
 
        fclose(f);
 
-       return comm;
+       return 0;
 }

diff --git a/rdma/res-cmid.c b/rdma/res-cmid.c
index fd57dbb7978885f00eb2b9db1dc3e468a864ce3e..b532d7f4391136f73f73baddec3d4cac217eb7b4 100644 (file)
--- a/rdma/res-cmid.c
+++ b/rdma/res-cmid.c
@@ -159,8 +159,11 @@ static int res_cm_id_line(struct rd *rd, const char *name, int idx,
                goto out;
 
        if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+               SPRINT_BUF(b);
+
                pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-               comm = get_task_name(pid);
+               if (!get_task_name(pid, b, sizeof(b)))
+                       comm = b;
        }
 
        if (rd_is_filtered_attr(rd, "pid", pid,
@@ -199,8 +202,7 @@ static int res_cm_id_line(struct rd *rd, const char *name, int idx,
        print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]);
        newline(rd);
 
-out:   if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-               free(comm);
+out:
        return MNL_CB_OK;
 }
 

diff --git a/rdma/res-cq.c b/rdma/res-cq.c
index 818e1d0c2dfb68cac71a275d0aa1c8317bf5cde6..a4625afc35a9aee6b7e42e4cac94fe0639b6da6d 100644 (file)
--- a/rdma/res-cq.c
+++ b/rdma/res-cq.c
@@ -84,8 +84,11 @@ static int res_cq_line(struct rd *rd, const char *name, int idx,
                goto out;
 
        if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+               SPRINT_BUF(b);
+
                pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-               comm = get_task_name(pid);
+               if (!get_task_name(pid, b, sizeof(b)))
+                       comm = b;
        }
 
        if (rd_is_filtered_attr(rd, "pid", pid,
@@ -123,8 +126,7 @@ static int res_cq_line(struct rd *rd, const char *name, int idx,
        print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]);
        newline(rd);
 
-out:   if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-               free(comm);
+out:
        return MNL_CB_OK;
 }
 

diff --git a/rdma/res-ctx.c b/rdma/res-ctx.c
index ea5faf18244d4580893fe0edeca9bcd213b907ba..79ecbf674980fe255f2b8f7a78c4374b1fa0efd9 100644 (file)
--- a/rdma/res-ctx.c
+++ b/rdma/res-ctx.c
@@ -18,8 +18,11 @@ static int res_ctx_line(struct rd *rd, const char *name, int idx,
                return MNL_CB_ERROR;
 
        if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+               SPRINT_BUF(b);
+
                pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-               comm = get_task_name(pid);
+               if (!get_task_name(pid, b, sizeof(b)))
+                       comm = b;
        }
 
        if (rd_is_filtered_attr(rd, "pid", pid,
@@ -48,8 +51,6 @@ static int res_ctx_line(struct rd *rd, const char *name, int idx,
        newline(rd);
 
 out:
-       if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-               free(comm);
        return MNL_CB_OK;
 }
 

diff --git a/rdma/res-mr.c b/rdma/res-mr.c
index 25eaa0562d9a900b5adc670466981b259f979ddc..7153a6fea61a75dc26a5e379c40622282838682d 100644 (file)
--- a/rdma/res-mr.c
+++ b/rdma/res-mr.c
@@ -47,8 +47,11 @@ static int res_mr_line(struct rd *rd, const char *name, int idx,
                goto out;
 
        if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+               SPRINT_BUF(b);
+
                pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-               comm = get_task_name(pid);
+               if (!get_task_name(pid, b, sizeof(b)))
+                       comm = b;
        }
 
        if (rd_is_filtered_attr(rd, "pid", pid,
@@ -87,8 +90,6 @@ static int res_mr_line(struct rd *rd, const char *name, int idx,
        newline(rd);
 
 out:
-       if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-               free(comm);
        return MNL_CB_OK;
 }
 

diff --git a/rdma/res-pd.c b/rdma/res-pd.c
index 2932eb9868776e4b1bd419ec9f5eef9b6003ccda..09c1040c59d0ec300c026c2b6e5903f440b19468 100644 (file)
--- a/rdma/res-pd.c
+++ b/rdma/res-pd.c
@@ -34,8 +34,11 @@ static int res_pd_line(struct rd *rd, const char *name, int idx,
                        nla_line[RDMA_NLDEV_ATTR_RES_UNSAFE_GLOBAL_RKEY]);
 
        if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+               SPRINT_BUF(b);
+
                pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-               comm = get_task_name(pid);
+               if (!get_task_name(pid, b, sizeof(b)))
+                       comm = b;
        }
 
        if (rd_is_filtered_attr(rd, "pid", pid,
@@ -76,8 +79,7 @@ static int res_pd_line(struct rd *rd, const char *name, int idx,
        print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]);
        newline(rd);
 
-out:   if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-               free(comm);
+out:
        return MNL_CB_OK;
 }
 

diff --git a/rdma/res-qp.c b/rdma/res-qp.c
index 9218804a8d5337d2aaafdfb1e317d65c3914e581..151accb9deb1a5c9e5ec4159162a0556ac314486 100644 (file)
--- a/rdma/res-qp.c
+++ b/rdma/res-qp.c
@@ -146,8 +146,11 @@ static int res_qp_line(struct rd *rd, const char *name, int idx,
                goto out;
 
        if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+               SPRINT_BUF(b);
+
                pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-               comm = get_task_name(pid);
+               if (!get_task_name(pid, b, sizeof(b)))
+                       comm = b;
        }
 
        if (rd_is_filtered_attr(rd, "pid", pid,
@@ -179,8 +182,6 @@ static int res_qp_line(struct rd *rd, const char *name, int idx,
        print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]);
        newline(rd);
 out:
-       if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-               free(comm);
        return MNL_CB_OK;
 }
 

diff --git a/rdma/res-srq.c b/rdma/res-srq.c
index c6df454a23ceb27ee0b3c430f9babab7d116c059..f3a652d82f8cc6c70f27b970d589b71db2c6aef6 100644 (file)
--- a/rdma/res-srq.c
+++ b/rdma/res-srq.c
@@ -174,8 +174,11 @@ static int res_srq_line(struct rd *rd, const char *name, int idx,
                return MNL_CB_ERROR;
 
        if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+               SPRINT_BUF(b);
+
                pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-               comm = get_task_name(pid);
+               if (!get_task_name(pid, b, sizeof(b)))
+                       comm = b;
        }
        if (rd_is_filtered_attr(rd, "pid", pid,
                                nla_line[RDMA_NLDEV_ATTR_RES_PID]))
@@ -228,8 +231,6 @@ static int res_srq_line(struct rd *rd, const char *name, int idx,
        newline(rd);
 
 out:
-       if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-               free(comm);
        return MNL_CB_OK;
 }
 

diff --git a/rdma/stat.c b/rdma/stat.c
index c7da2922563e2b07d1a632c3277f9b9851896e84..ab0629155581be715de7f30c8364a35eb6796452 100644 (file)
--- a/rdma/stat.c
+++ b/rdma/stat.c
@@ -248,8 +248,11 @@ static int res_counter_line(struct rd *rd, const char *name, int index,
                return MNL_CB_OK;
 
        if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+               SPRINT_BUF(b);
+
                pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-               comm = get_task_name(pid);
+               if (!get_task_name(pid, b, sizeof(b)))
+                       comm = b;
        }
        if (rd_is_filtered_attr(rd, "pid", pid,
                                nla_line[RDMA_NLDEV_ATTR_RES_PID]))