From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1lH9Mb-0002Do-KP for mharc-grub-devel@gnu.org; Tue, 02 Mar 2021 13:03:17 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:33066) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lH9MZ-00028V-Fx for grub-devel@gnu.org; Tue, 02 Mar 2021 13:03:15 -0500 Received: from aserp2130.oracle.com ([141.146.126.79]:53186) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lH9MX-0008Ou-61 for grub-devel@gnu.org; Tue, 02 Mar 2021 13:03:15 -0500 Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 122Hxfwk041487 for ; Tue, 2 Mar 2021 18:03:12 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : subject : date : message-id : in-reply-to : references : content-type : mime-version; s=corp-2020-01-29; bh=fIZwqHhUsO7r8TEsnZvQ/sBVH1/8n1OrjWsAdrMKUZs=; b=Gog2bC0XObDbkVuOHsUfwt5UpFx0InxiBMRDYlkgAUX/z+wvPh1ChwJpwiWzrXMuCQqC rU2yGmG3Mu1nuFY0dclGOjBTmaVIhYc2LaWhDn2nNz/X+8/Lj9CMO2chmJAEMesnm6vX 69GiyvoVeLdIq0fTD2s0EB6cRdiY97Zt694IPEo4vTaE0SNHDrpWD4G5xHHsbsvS/A7F Jp9hOhLelFgnR8S3eFautAvKbnFPvD9u5b0J5UeP8XGPc1qF5vGLh3sgYabbebiNnDef U3AOJlQoFgvw+c2Zo93dcIPshdDul+Nws8uLIfAW0pUtCSmGOiY4ySzOzCjP3eai1oy6 ng== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by aserp2130.oracle.com with ESMTP id 36ybkb8qwf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 02 Mar 2021 18:03:11 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 122I14lp135306 for ; Tue, 2 Mar 2021 18:03:11 GMT Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2046.outbound.protection.outlook.com [104.47.66.46]) by aserp3030.oracle.com with ESMTP id 36yynpgn5q-7 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 02 Mar 2021 18:03:11 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=N1wO2Ru4VIpgd/6Of3nofCwvZYurbh9S2WhB5X3fo0wg9TM3xYCkPjgvYyI/I4dNmzNmfwJM2sstrF6VoIQZIKtxNXe6wT5QlbJ6Wk+X2jats8BHzMWVIz+SPovDvDMwj7A69uBBl1j62g0nKq4URg67asN/OdZYPCfeiUHNEJpUAdzbCFBYe/SMcdjqnVYggJY8xQAJJVtuI4stuIekDQyDpxBciHwhqGMnuQNSRtcnCUbHbLIitkzmogRST4/QfCt2YmzK206ngIapXn8aXrZ/z3W99Q4tB6yXQdeYVq6Gsj07U7+xAu3sTM6ZrYU3iWj1Tmd/aOW1NS/zOSGnxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fIZwqHhUsO7r8TEsnZvQ/sBVH1/8n1OrjWsAdrMKUZs=; b=GPlmdtotP2/kxCleIISa2mzAabvDB94/RFX/oH59vxBoI3+FuzubIMqXEMqucMm24F13aqp23yWy2PP6rZaB8zWHzIlbA1l0nuFuW8jlbFm1FP/QCxisgPQdCVA7kvw3vY0i1r3SBM51yYuhpEtZ/r1K9OKh3Rsj23rvetQ5NfwEMeQOwGb4d2jMFN3pEMzDYQvNPTRAuYinIzRRkHrL+8K0ULIxOSqOCz2WhZUXURjG+ISp/sCA83Gp1qTK95i7TOao7vLzjL9YGIyS+efUzelF0CKqU1VRs/77hq2M4SRztWCmx7veKROzW2C/tbpfZYoQYCCrMRMIRlqpEbWCeQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fIZwqHhUsO7r8TEsnZvQ/sBVH1/8n1OrjWsAdrMKUZs=; b=CqQT3BpiBoNy1l8jyjZC2wHe7eILJCnNC4u9+EowCw5qoSi0+JeKuEqfQiroLB72yMDfaSUyAV2wSwuj0zVt2yjzrnTNsOWFZmdIw998bAi43yS6aVIqimrdJzN9XY6d+qV+AjbXvbDyhFrSpiVuyeo7vZNtPNSLPxwpzxzvGns= Authentication-Results: gnu.org; dkim=none (message not signed) header.d=none;gnu.org; dmarc=none action=none header.from=oracle.com; Received: from BN6PR1001MB2228.namprd10.prod.outlook.com (2603:10b6:405:2e::38) by BN7PR10MB2723.namprd10.prod.outlook.com (2603:10b6:406:c7::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Tue, 2 Mar 2021 18:03:09 +0000 Received: from BN6PR1001MB2228.namprd10.prod.outlook.com ([fe80::a06f:8b3f:14dc:8af5]) by BN6PR1001MB2228.namprd10.prod.outlook.com ([fe80::a06f:8b3f:14dc:8af5%3]) with mapi id 15.20.3890.028; Tue, 2 Mar 2021 18:03:09 +0000 From: Daniel Kiper To: grub-devel@gnu.org Subject: [SECURITY PATCH 033/117] disk/ldm: Fix memory leak on uninserted lv references Date: Tue, 2 Mar 2021 19:00:40 +0100 Message-Id: <20210302180204.23887-33-daniel.kiper@oracle.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20210302180056.zq4bk2w2cuqhbvx3@tomti.i.net-space.pl> References: <20210302180056.zq4bk2w2cuqhbvx3@tomti.i.net-space.pl> Content-Type: text/plain X-Originating-IP: [84.10.22.86] X-ClientProxiedBy: AM6PR0502CA0048.eurprd05.prod.outlook.com (2603:10a6:20b:56::25) To BN6PR1001MB2228.namprd10.prod.outlook.com (2603:10b6:405:2e::38) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tomti.i.net-space.pl (84.10.22.86) by AM6PR0502CA0048.eurprd05.prod.outlook.com (2603:10a6:20b:56::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17 via Frontend Transport; Tue, 2 Mar 2021 18:03:06 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 614ad235-3f80-45f6-20e7-08d8dda56e8f X-MS-TrafficTypeDiagnostic: BN7PR10MB2723: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3383; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sapDOgT0rRPKYZT8NMvGD8QjZA44RwQ0SiU6lpzulHasRARWMciGOcfu1cBN8E7K0i2drYmeBbzjm0w9Lqsk5TXenIDEBNSg8WpMx8mXZhP4IPjDvSpfhzNdTxSHTRLUIfS72yNaBQZ/y9CkVBnX2vT6l4LxwgHvRrXTSgeKZ251iOxPoSntsYMCT5jHccBLEAM4D4LRvymg+i+c1DELZbI8opuzQL4m/hWcsoM63C4h2UISYBAh9Rx5xbSRrUPu5SMTVyAD7/ksN0NePhq1JZwm8kVUFSUtcQfwnRppuqSCmKl7WVmYvSRsmpsecvFGdOC8t2Szs/5a+ElpvBns2MAnZV15UaeOhVnd60V41lnoooTtItk+a4qEf5uWKHY4iUlry1GeLe8jQbNymZCAIFjJZQSn6C4g131twPG8/DxurOtNzob1ukG3AqgH2pI7gXnYL15rkJylTKCjxJZZI2DK7fCBHuqiOcA9wQ6T2h0HpYxpqFeucjySI17noqPlkPRTOdGySnxDiGPlVux2YA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR1001MB2228.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(39860400002)(346002)(366004)(136003)(376002)(8936002)(66556008)(316002)(8676002)(66476007)(6506007)(66946007)(478600001)(6486002)(5660300002)(6666004)(86362001)(26005)(44832011)(2616005)(52116002)(186003)(1076003)(6512007)(956004)(2906002)(6916009)(36756003)(83380400001)(16526019); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?HNSFpOKm88OxFJBfi47e+DZPh9GGoIxr6+N8LREKoctyG1pQ3RzGs1wIgXat?= =?us-ascii?Q?WMu71VZRGk2jtEe10WetRTOqoGJZpriS9o1EPcHrUw2uzAUOVHe66t8JvTfo?= =?us-ascii?Q?zsQxESv+61cUCgVRdGyXBF/IA6GMYKIKKzqMMkfJ0paVys3qBGmaHbBSAIbc?= =?us-ascii?Q?ZGO52VeZmDVBzQr6tJSw3NyAWbNTxD70lyBrVxnq7gppLSPu7A7kKz7gMmYm?= =?us-ascii?Q?bbrdxKnI84L4PFWC4QUbeIiL5DsyLmP9gisTwsZuG9aQj3EclC3APpkAOA4D?= =?us-ascii?Q?74ZpClTivTQqgKmXqKzOGXWsGzjCFAg0oJhnmHaeed6NlsYc3HdB5GbLYwQT?= =?us-ascii?Q?pgluV24xr7vwODECsAFNGWVj+l6pwbbqCuOfFx4+g3aKg+WD0DHvepXM8xAE?= =?us-ascii?Q?a2WPI5SLNEw5PFkq2j0x0vz07wH/nVGA9VGuLvL3YfMfSgU8HPX0/His8ysD?= =?us-ascii?Q?1lZVJQmBwlZA5EXE6+KKAjpxdFTnjnSvPXOSHJYQ9DBQuWQJSO6/f7IpzHnq?= =?us-ascii?Q?ogEpTCYz3tScn1aST77R0uTZvXAa7IsXLWnl6J9kdYFUldyfVTTLQufYr4Ee?= =?us-ascii?Q?6U3I/kvHm9xvqUTX/vqnnp50xqxjCWFgeurUrH+bYZMn5PiZK1gaO3T1IPNS?= =?us-ascii?Q?HNd+Rti1qTqtFn26Ys9i3vYhH7ECcdUNYjf2GcXUX0GPSSkdzjhGmnDb8Zok?= =?us-ascii?Q?YCCZAbewxZvOu1WKhM224WPkxP+l3ubyT1o887hRLIruhTvHnEbPAM6OuasS?= =?us-ascii?Q?kPn+dC5kofOc4bZrK4u1c5mVUlM5sdfwQT/tBfQDoA3aMBO8PovPXSprNegz?= =?us-ascii?Q?3Z5bgSiAdJM2Wv/FdJmVbO489Y24gqO8tFYN8K+TC5RUGb59p6aqX3X6otCk?= =?us-ascii?Q?BYQk3A6z6RbSz0tNz1HHnliDBV4p+6c4saggfnNVjHA9a0sbCuesH/DsP3le?= =?us-ascii?Q?nyOI7VDWjDwC9Hn9sZhz+qfoTEEMly3bqp4EyThi3i/j+0+BpI7OyI1ZTQWJ?= =?us-ascii?Q?h4uPInkRdNVqKuXyFEQmw3JZ0phsqqe4xw5hFdAifrBXFG0czzfwfRT+I/RP?= =?us-ascii?Q?sC3UwdTU1t79OuTX0OhXjOYcZ2HYISgfSMeP/XLFlJI7oNioxvSntpNAmdSR?= =?us-ascii?Q?vmZsMFdprhoKzfYGxZZ/pzNMh2r4a5HopCiMPc5BMgFLIynEGaKT5/D0ipLT?= =?us-ascii?Q?sPGuZbIY+jqvqx47LsjG9/mGyIXThdnd9Oei1dCGk6r8tk28uAvca0QupaiZ?= =?us-ascii?Q?D/9ot1eTlxjWYyaR7+aP6bmoq2nfFyto4+LF7L7qczxnzBSsiW4R0rq+KcTW?= =?us-ascii?Q?5gkmQG8+CsDe8gtPld/2z/+R?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 614ad235-3f80-45f6-20e7-08d8dda56e8f X-MS-Exchange-CrossTenant-AuthSource: BN6PR1001MB2228.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2021 18:03:06.8500 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: GA+jzLFvjW8OEadODo3LgokGtOixApv6Nqz5T0g48Uh1AsEiwz0W4lIWyGfV903RxmJm8jML33XXoogSg+cIyg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR10MB2723 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9911 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxscore=0 spamscore=0 bulkscore=0 suspectscore=0 mlxlogscore=999 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103020140 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9911 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 impostorscore=0 suspectscore=0 phishscore=0 bulkscore=0 mlxscore=0 lowpriorityscore=0 clxscore=1015 mlxlogscore=999 adultscore=0 malwarescore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103020140 Received-SPF: pass client-ip=141.146.126.79; envelope-from=daniel.kiper@oracle.com; helo=aserp2130.oracle.com X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2021 18:03:15 -0000 From: Darren Kenny The problem here is that the memory allocated to the variable lv is not yet inserted into the list that is being processed at the label fail2. As we can already see at line 342, which correctly frees lv before going to fail2, we should also be doing that at these earlier jumps to fail2. Fixes: CID 73824 Signed-off-by: Darren Kenny Reviewed-by: Daniel Kiper --- grub-core/disk/ldm.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c index c25941ec9..4577a51dc 100644 --- a/grub-core/disk/ldm.c +++ b/grub-core/disk/ldm.c @@ -321,7 +321,10 @@ make_vg (grub_disk_t disk, lv->visible = 1; lv->segments = grub_zalloc (sizeof (*lv->segments)); if (!lv->segments) - goto fail2; + { + grub_free (lv); + goto fail2; + } lv->segments->start_extent = 0; lv->segments->type = GRUB_DISKFILTER_MIRROR; lv->segments->node_count = 0; @@ -329,7 +332,10 @@ make_vg (grub_disk_t disk, lv->segments->nodes = grub_calloc (lv->segments->node_alloc, sizeof (*lv->segments->nodes)); if (!lv->segments->nodes) - goto fail2; + { + grub_free (lv); + goto fail2; + } ptr = vblk[i].dynamic; if (ptr + *ptr + 1 >= vblk[i].dynamic + sizeof (vblk[i].dynamic)) -- 2.11.0