From: Andrea Claudi Date: Tue, 8 Mar 2022 17:04:56 +0000 (+0100) Subject: lib/fs: fix memory leak in get_task_name() X-Git-Tag: v5.17.0~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1808f002dfdd33fc397151c30bcffcef25cb6ae9;p=thirdparty%2Fiproute2.git lib/fs: fix memory leak in get_task_name() asprintf() allocates memory which is not freed on the error path of get_task_name(), thus potentially leading to memory leaks. %m specifier on fscanf allocates memory, too, which needs to be freed by the caller. This reworks get_task_name() to avoid memory allocation. - Pass a buffer and its length to the function, similarly to what get_command_name() does, thus avoiding to allocate memory for the string to be returned; - Use snprintf() instead of asprintf(); - Use fgets() instead of fscanf() to limit string length. Fixes: 81bfd01a4c9e ("lib: move get_task_name() from rdma") Signed-off-by: Andrea Claudi Signed-off-by: Stephen Hemminger --- diff --git a/include/utils.h b/include/utils.h index b6c468e9c..b0e0967cb 100644 --- a/include/utils.h +++ b/include/utils.h @@ -307,7 +307,7 @@ char *find_cgroup2_mount(bool do_mount); __u64 get_cgroup2_id(const char *path); char *get_cgroup2_path(__u64 id, bool full); int get_command_name(const char *pid, char *comm, size_t len); -char *get_task_name(pid_t pid); +int get_task_name(pid_t pid, char *name, size_t len); int get_rtnl_link_stats_rta(struct rtnl_link_stats64 *stats64, struct rtattr *tb[]); diff --git a/ip/iptuntap.c b/ip/iptuntap.c index 385d2bd80..8e4e09bff 100644 --- a/ip/iptuntap.c +++ b/ip/iptuntap.c @@ -321,14 +321,16 @@ static void show_processes(const char *name) } else if (err == 2 && !strcmp("iff", key) && !strcmp(name, value)) { - char *pname = get_task_name(pid); + SPRINT_BUF(pname); - print_string(PRINT_ANY, "name", - "%s", pname ? : ""); + if (get_task_name(pid, pname, sizeof(pname))) + print_string(PRINT_ANY, "name", + "%s", ""); + else + print_string(PRINT_ANY, "name", + "%s", pname); - print_uint(PRINT_ANY, "pid", - "(%d)", pid); - free(pname); + print_uint(PRINT_ANY, "pid", "(%d)", pid); } free(key); diff --git a/lib/fs.c b/lib/fs.c index f6f5f8a0b..3752931cf 100644 --- a/lib/fs.c +++ b/lib/fs.c @@ -342,25 +342,28 @@ int get_command_name(const char *pid, char *comm, size_t len) return 0; } -char *get_task_name(pid_t pid) +int get_task_name(pid_t pid, char *name, size_t len) { - char *comm; + char path[PATH_MAX]; FILE *f; if (!pid) - return NULL; + return -1; - if (asprintf(&comm, "/proc/%d/comm", pid) < 0) - return NULL; + if (snprintf(path, sizeof(path), "/proc/%d/comm", pid) >= sizeof(path)) + return -1; - f = fopen(comm, "r"); + f = fopen(path, "r"); if (!f) - return NULL; + return -1; - if (fscanf(f, "%ms\n", &comm) != 1) - comm = NULL; + if (!fgets(name, len, f)) + return -1; + + /* comm ends in \n, get rid of it */ + name[strcspn(name, "\n")] = '\0'; fclose(f); - return comm; + return 0; } diff --git a/rdma/res-cmid.c b/rdma/res-cmid.c index fd57dbb79..b532d7f43 100644 --- a/rdma/res-cmid.c +++ b/rdma/res-cmid.c @@ -159,8 +159,11 @@ static int res_cm_id_line(struct rd *rd, const char *name, int idx, goto out; if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) { + SPRINT_BUF(b); + pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]); - comm = get_task_name(pid); + if (!get_task_name(pid, b, sizeof(b))) + comm = b; } if (rd_is_filtered_attr(rd, "pid", pid, @@ -199,8 +202,7 @@ static int res_cm_id_line(struct rd *rd, const char *name, int idx, print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]); newline(rd); -out: if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) - free(comm); +out: return MNL_CB_OK; } diff --git a/rdma/res-cq.c b/rdma/res-cq.c index 818e1d0c2..a4625afc3 100644 --- a/rdma/res-cq.c +++ b/rdma/res-cq.c @@ -84,8 +84,11 @@ static int res_cq_line(struct rd *rd, const char *name, int idx, goto out; if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) { + SPRINT_BUF(b); + pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]); - comm = get_task_name(pid); + if (!get_task_name(pid, b, sizeof(b))) + comm = b; } if (rd_is_filtered_attr(rd, "pid", pid, @@ -123,8 +126,7 @@ static int res_cq_line(struct rd *rd, const char *name, int idx, print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]); newline(rd); -out: if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) - free(comm); +out: return MNL_CB_OK; } diff --git a/rdma/res-ctx.c b/rdma/res-ctx.c index ea5faf182..79ecbf674 100644 --- a/rdma/res-ctx.c +++ b/rdma/res-ctx.c @@ -18,8 +18,11 @@ static int res_ctx_line(struct rd *rd, const char *name, int idx, return MNL_CB_ERROR; if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) { + SPRINT_BUF(b); + pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]); - comm = get_task_name(pid); + if (!get_task_name(pid, b, sizeof(b))) + comm = b; } if (rd_is_filtered_attr(rd, "pid", pid, @@ -48,8 +51,6 @@ static int res_ctx_line(struct rd *rd, const char *name, int idx, newline(rd); out: - if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) - free(comm); return MNL_CB_OK; } diff --git a/rdma/res-mr.c b/rdma/res-mr.c index 25eaa0562..7153a6fea 100644 --- a/rdma/res-mr.c +++ b/rdma/res-mr.c @@ -47,8 +47,11 @@ static int res_mr_line(struct rd *rd, const char *name, int idx, goto out; if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) { + SPRINT_BUF(b); + pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]); - comm = get_task_name(pid); + if (!get_task_name(pid, b, sizeof(b))) + comm = b; } if (rd_is_filtered_attr(rd, "pid", pid, @@ -87,8 +90,6 @@ static int res_mr_line(struct rd *rd, const char *name, int idx, newline(rd); out: - if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) - free(comm); return MNL_CB_OK; } diff --git a/rdma/res-pd.c b/rdma/res-pd.c index 2932eb986..09c1040c5 100644 --- a/rdma/res-pd.c +++ b/rdma/res-pd.c @@ -34,8 +34,11 @@ static int res_pd_line(struct rd *rd, const char *name, int idx, nla_line[RDMA_NLDEV_ATTR_RES_UNSAFE_GLOBAL_RKEY]); if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) { + SPRINT_BUF(b); + pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]); - comm = get_task_name(pid); + if (!get_task_name(pid, b, sizeof(b))) + comm = b; } if (rd_is_filtered_attr(rd, "pid", pid, @@ -76,8 +79,7 @@ static int res_pd_line(struct rd *rd, const char *name, int idx, print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]); newline(rd); -out: if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) - free(comm); +out: return MNL_CB_OK; } diff --git a/rdma/res-qp.c b/rdma/res-qp.c index 9218804a8..151accb9d 100644 --- a/rdma/res-qp.c +++ b/rdma/res-qp.c @@ -146,8 +146,11 @@ static int res_qp_line(struct rd *rd, const char *name, int idx, goto out; if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) { + SPRINT_BUF(b); + pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]); - comm = get_task_name(pid); + if (!get_task_name(pid, b, sizeof(b))) + comm = b; } if (rd_is_filtered_attr(rd, "pid", pid, @@ -179,8 +182,6 @@ static int res_qp_line(struct rd *rd, const char *name, int idx, print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]); newline(rd); out: - if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) - free(comm); return MNL_CB_OK; } diff --git a/rdma/res-srq.c b/rdma/res-srq.c index c6df454a2..f3a652d82 100644 --- a/rdma/res-srq.c +++ b/rdma/res-srq.c @@ -174,8 +174,11 @@ static int res_srq_line(struct rd *rd, const char *name, int idx, return MNL_CB_ERROR; if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) { + SPRINT_BUF(b); + pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]); - comm = get_task_name(pid); + if (!get_task_name(pid, b, sizeof(b))) + comm = b; } if (rd_is_filtered_attr(rd, "pid", pid, nla_line[RDMA_NLDEV_ATTR_RES_PID])) @@ -228,8 +231,6 @@ static int res_srq_line(struct rd *rd, const char *name, int idx, newline(rd); out: - if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) - free(comm); return MNL_CB_OK; } diff --git a/rdma/stat.c b/rdma/stat.c index c7da29225..ab0629155 100644 --- a/rdma/stat.c +++ b/rdma/stat.c @@ -248,8 +248,11 @@ static int res_counter_line(struct rd *rd, const char *name, int index, return MNL_CB_OK; if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) { + SPRINT_BUF(b); + pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]); - comm = get_task_name(pid); + if (!get_task_name(pid, b, sizeof(b))) + comm = b; } if (rd_is_filtered_attr(rd, "pid", pid, nla_line[RDMA_NLDEV_ATTR_RES_PID]))