* [PATCH] monitor: fix nullptr dereference when get_md_name() returns NULL
@ 2014-10-10 13:23 Sergey Vidishev
2015-05-18 23:33 ` [PATCH v2] mdadm: " Sergey Vidishev
0 siblings, 1 reply; 6+ messages in thread
From: Sergey Vidishev @ 2014-10-10 13:23 UTC (permalink / raw)
To: NeilBrown; +Cc: linux-raid, sergeyv
From f35857936a8df2155b9aee3759c91fc19b77842c Mon Sep 17 00:00:00 2001
From: Sergey Vidishev <sergeyv@yandex-team.ru>
Date: Wed, 8 Oct 2014 21:51:03 +0400
Subject: [PATCH] monitor: fix nullptr dereference when get_md_name() returns NULL
Signed-off-by: Sergey Vidishev <sergeyv@yandex-team.ru>
---
This patch against fresh git://neil.brown.name/mdadm.
I'm not subscribed to the list, please CC me in replies.
Monitor.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/Monitor.c b/Monitor.c
index 5cb24fa..1919f99 100644
--- a/Monitor.c
+++ b/Monitor.c
@@ -668,6 +668,7 @@ static int add_new_arrays(struct mdstat_ent *mdstat, struct state **statelist,
{
struct mdstat_ent *mse;
int new_found = 0;
+ char *name;
for (mse=mdstat; mse; mse=mse->next)
if (mse->devnm[0] &&
@@ -678,7 +679,12 @@ static int add_new_arrays(struct mdstat_ent *mdstat, struct state **statelist,
struct state *st = xcalloc(1, sizeof *st);
mdu_array_info_t array;
int fd;
- st->devname = xstrdup(get_md_name(mse->devnm));
+
+ name = get_md_name(mse->devnm);
+ if (!name)
+ return 0;
+
+ st->devname = xstrdup(name);
if ((fd = open(st->devname, O_RDONLY)) < 0 ||
ioctl(fd, GET_ARRAY_INFO, &array)< 0) {
/* no such array */
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2] mdadm: monitor: fix nullptr dereference when get_md_name() returns NULL
2014-10-10 13:23 [PATCH] monitor: fix nullptr dereference when get_md_name() returns NULL Sergey Vidishev
@ 2015-05-18 23:33 ` Sergey Vidishev
2015-05-19 1:42 ` David F.
0 siblings, 1 reply; 6+ messages in thread
From: Sergey Vidishev @ 2015-05-18 23:33 UTC (permalink / raw)
To: linux-raid; +Cc: NeilBrown
From c1e59424bfabee349aa7b8b903833475a56cf145 Mon Sep 17 00:00:00 2001
From: Sergey Vidishev <sergeyv@yandex-team.ru>
Date: Wed, 8 Oct 2014 21:51:03 +0400
Subject: [PATCH] mdadm: monitor: fix nullptr dereference when get_md_name()
returns NULL
Function add_new_arrays() expects that function get_md_name() should
return pointer to devname, but also get_md_name() may return NULL. So
check the pointer before use it in add_new_arrays().
Signed-off-by: Sergey Vidishev <sergeyv@yandex-team.ru>
---
v1 -> v2: more verbose commit message
This patch against fresh git://neil.brown.name/mdadm.
I'm not subscribed to the list, please CC me in replies.
Monitor.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/Monitor.c b/Monitor.c
index 1cd378b..1bbaf89 100644
--- a/Monitor.c
+++ b/Monitor.c
@@ -687,6 +687,7 @@ static int add_new_arrays(struct mdstat_ent *mdstat, struct state **statelist,
{
struct mdstat_ent *mse;
int new_found = 0;
+ char *name;
for (mse=mdstat; mse; mse=mse->next)
if (mse->devnm[0] &&
@@ -697,7 +698,12 @@ static int add_new_arrays(struct mdstat_ent *mdstat, struct state **statelist,
struct state *st = xcalloc(1, sizeof *st);
mdu_array_info_t array;
int fd;
- st->devname = xstrdup(get_md_name(mse->devnm));
+
+ name = get_md_name(mse->devnm);
+ if (!name)
+ return 0;
+
+ st->devname = xstrdup(name);
if ((fd = open(st->devname, O_RDONLY)) < 0 ||
ioctl(fd, GET_ARRAY_INFO, &array)< 0) {
/* no such array */
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2] mdadm: monitor: fix nullptr dereference when get_md_name() returns NULL
2015-05-18 23:33 ` [PATCH v2] mdadm: " Sergey Vidishev
@ 2015-05-19 1:42 ` David F.
2015-05-19 18:39 ` Sergey Vidishev
0 siblings, 1 reply; 6+ messages in thread
From: David F. @ 2015-05-19 1:42 UTC (permalink / raw)
To: Sergey Vidishev; +Cc: linux-raid, NeilBrown
not sure if that causes a memory leak since st not freed ?
On Mon, May 18, 2015 at 4:33 PM, Sergey Vidishev <sergeyv@yandex-team.ru> wrote:
> From c1e59424bfabee349aa7b8b903833475a56cf145 Mon Sep 17 00:00:00 2001
> From: Sergey Vidishev <sergeyv@yandex-team.ru>
> Date: Wed, 8 Oct 2014 21:51:03 +0400
> Subject: [PATCH] mdadm: monitor: fix nullptr dereference when get_md_name()
> returns NULL
>
> Function add_new_arrays() expects that function get_md_name() should
> return pointer to devname, but also get_md_name() may return NULL. So
> check the pointer before use it in add_new_arrays().
>
> Signed-off-by: Sergey Vidishev <sergeyv@yandex-team.ru>
> ---
>
> v1 -> v2: more verbose commit message
>
> This patch against fresh git://neil.brown.name/mdadm.
> I'm not subscribed to the list, please CC me in replies.
>
> Monitor.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/Monitor.c b/Monitor.c
> index 1cd378b..1bbaf89 100644
> --- a/Monitor.c
> +++ b/Monitor.c
> @@ -687,6 +687,7 @@ static int add_new_arrays(struct mdstat_ent *mdstat, struct state **statelist,
> {
> struct mdstat_ent *mse;
> int new_found = 0;
> + char *name;
>
> for (mse=mdstat; mse; mse=mse->next)
> if (mse->devnm[0] &&
> @@ -697,7 +698,12 @@ static int add_new_arrays(struct mdstat_ent *mdstat, struct state **statelist,
> struct state *st = xcalloc(1, sizeof *st);
> mdu_array_info_t array;
> int fd;
> - st->devname = xstrdup(get_md_name(mse->devnm));
> +
> + name = get_md_name(mse->devnm);
> + if (!name)
> + return 0;
> +
> + st->devname = xstrdup(name);
> if ((fd = open(st->devname, O_RDONLY)) < 0 ||
> ioctl(fd, GET_ARRAY_INFO, &array)< 0) {
> /* no such array */
> --
> 1.9.1
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-raid" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] mdadm: monitor: fix nullptr dereference when get_md_name() returns NULL
2015-05-19 1:42 ` David F.
@ 2015-05-19 18:39 ` Sergey Vidishev
2015-05-19 19:02 ` [PATCH v3] " Sergey Vidishev
0 siblings, 1 reply; 6+ messages in thread
From: Sergey Vidishev @ 2015-05-19 18:39 UTC (permalink / raw)
To: David F.; +Cc: linux-raid, NeilBrown
On 18.05.15 at 18:42:22, David F. <df7729@gmail.com> wrote:
> not sure if that causes a memory leak since st not freed ?
You're right, thanks!
Also I did reviewed the code and replaced return with continue since it's more
correct to skip an mse's (if get_md_name() returned NULL for it) instead of
return.
I'll resend the patch.
> On Mon, May 18, 2015 at 4:33 PM, Sergey Vidishev <sergeyv@yandex-team.ru>
wrote:
> > From c1e59424bfabee349aa7b8b903833475a56cf145 Mon Sep 17 00:00:00 2001
> > From: Sergey Vidishev <sergeyv@yandex-team.ru>
> > Date: Wed, 8 Oct 2014 21:51:03 +0400
> > Subject: [PATCH] mdadm: monitor: fix nullptr dereference when
> > get_md_name()
> >
> > returns NULL
> >
> > Function add_new_arrays() expects that function get_md_name() should
> > return pointer to devname, but also get_md_name() may return NULL. So
> > check the pointer before use it in add_new_arrays().
> >
> > Signed-off-by: Sergey Vidishev <sergeyv@yandex-team.ru>
> > ---
> >
> > v1 -> v2: more verbose commit message
> >
> > This patch against fresh git://neil.brown.name/mdadm.
> > I'm not subscribed to the list, please CC me in replies.
> >
> > Monitor.c | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/Monitor.c b/Monitor.c
> > index 1cd378b..1bbaf89 100644
> > --- a/Monitor.c
> > +++ b/Monitor.c
> > @@ -687,6 +687,7 @@ static int add_new_arrays(struct mdstat_ent *mdstat,
> > struct state **statelist,>
> > {
> >
> > struct mdstat_ent *mse;
> > int new_found = 0;
> >
> > + char *name;
> >
> > for (mse=mdstat; mse; mse=mse->next)
> >
> > if (mse->devnm[0] &&
> >
> > @@ -697,7 +698,12 @@ static int add_new_arrays(struct mdstat_ent *mdstat,
> > struct state **statelist,>
> > struct state *st = xcalloc(1, sizeof *st);
> > mdu_array_info_t array;
> > int fd;
> >
> > - st->devname = xstrdup(get_md_name(mse->devnm));
> > +
> > + name = get_md_name(mse->devnm);
> > + if (!name)
> > + return 0;
> > +
> > + st->devname = xstrdup(name);
> >
> > if ((fd = open(st->devname, O_RDONLY)) < 0 ||
> >
> > ioctl(fd, GET_ARRAY_INFO, &array)< 0) {
> >
> > /* no such array */
> >
> > --
> > 1.9.1
> >
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-raid" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v3] mdadm: monitor: fix nullptr dereference when get_md_name() returns NULL
2015-05-19 18:39 ` Sergey Vidishev
@ 2015-05-19 19:02 ` Sergey Vidishev
2015-05-20 3:16 ` NeilBrown
0 siblings, 1 reply; 6+ messages in thread
From: Sergey Vidishev @ 2015-05-19 19:02 UTC (permalink / raw)
To: David F.; +Cc: linux-raid, NeilBrown
From fce3be7200e84665cdae58ba44d5c61af094af3b Mon Sep 17 00:00:00 2001
From: Sergey Vidishev <sergeyv@yandex-team.ru>
Date: Tue, 19 May 2015 20:34:58 +0300
Subject: [PATCH] mdadm: monitor: fix nullptr dereference when get_md_name()
returns NULL
Function add_new_arrays() expects that function get_md_name() should
return pointer to devname, but also get_md_name() may return NULL. So
check the pointer before use it in add_new_arrays().
Signed-off-by: Sergey Vidishev <sergeyv@yandex-team.ru>
---
v2 -> v3: - continue instead of return
- avoid mem leak (thanks to David F.)
v1 -> v2: more verbose commit message
Monitor.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/Monitor.c b/Monitor.c
index 1cd378b..a530032 100644
--- a/Monitor.c
+++ b/Monitor.c
@@ -687,6 +687,7 @@ static int add_new_arrays(struct mdstat_ent *mdstat, struct state **statelist,
{
struct mdstat_ent *mse;
int new_found = 0;
+ char *name;
for (mse=mdstat; mse; mse=mse->next)
if (mse->devnm[0] &&
@@ -697,7 +698,14 @@ static int add_new_arrays(struct mdstat_ent *mdstat, struct state **statelist,
struct state *st = xcalloc(1, sizeof *st);
mdu_array_info_t array;
int fd;
- st->devname = xstrdup(get_md_name(mse->devnm));
+
+ name = get_md_name(mse->devnm);
+ if (!name) {
+ free(st);
+ continue;
+ }
+
+ st->devname = xstrdup(name);
if ((fd = open(st->devname, O_RDONLY)) < 0 ||
ioctl(fd, GET_ARRAY_INFO, &array)< 0) {
/* no such array */
--
2.0.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v3] mdadm: monitor: fix nullptr dereference when get_md_name() returns NULL
2015-05-19 19:02 ` [PATCH v3] " Sergey Vidishev
@ 2015-05-20 3:16 ` NeilBrown
0 siblings, 0 replies; 6+ messages in thread
From: NeilBrown @ 2015-05-20 3:16 UTC (permalink / raw)
To: Sergey Vidishev; +Cc: David F., linux-raid
[-- Attachment #1: Type: text/plain, Size: 1824 bytes --]
On Tue, 19 May 2015 22:02:46 +0300 Sergey Vidishev <sergeyv@yandex-team.ru>
wrote:
> >From fce3be7200e84665cdae58ba44d5c61af094af3b Mon Sep 17 00:00:00 2001
> From: Sergey Vidishev <sergeyv@yandex-team.ru>
> Date: Tue, 19 May 2015 20:34:58 +0300
> Subject: [PATCH] mdadm: monitor: fix nullptr dereference when get_md_name()
> returns NULL
>
> Function add_new_arrays() expects that function get_md_name() should
> return pointer to devname, but also get_md_name() may return NULL. So
> check the pointer before use it in add_new_arrays().
>
> Signed-off-by: Sergey Vidishev <sergeyv@yandex-team.ru>
> ---
>
> v2 -> v3: - continue instead of return
> - avoid mem leak (thanks to David F.)
> v1 -> v2: more verbose commit message
>
> Monitor.c | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/Monitor.c b/Monitor.c
> index 1cd378b..a530032 100644
> --- a/Monitor.c
> +++ b/Monitor.c
> @@ -687,6 +687,7 @@ static int add_new_arrays(struct mdstat_ent *mdstat, struct state **statelist,
> {
> struct mdstat_ent *mse;
> int new_found = 0;
> + char *name;
>
> for (mse=mdstat; mse; mse=mse->next)
> if (mse->devnm[0] &&
> @@ -697,7 +698,14 @@ static int add_new_arrays(struct mdstat_ent *mdstat, struct state **statelist,
> struct state *st = xcalloc(1, sizeof *st);
> mdu_array_info_t array;
> int fd;
> - st->devname = xstrdup(get_md_name(mse->devnm));
> +
> + name = get_md_name(mse->devnm);
> + if (!name) {
> + free(st);
> + continue;
> + }
> +
> + st->devname = xstrdup(name);
> if ((fd = open(st->devname, O_RDONLY)) < 0 ||
> ioctl(fd, GET_ARRAY_INFO, &array)< 0) {
> /* no such array */
Applied, thanks.
And thanks David for the review help!
NeilBrown
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-05-20 3:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-10-10 13:23 [PATCH] monitor: fix nullptr dereference when get_md_name() returns NULL Sergey Vidishev
2015-05-18 23:33 ` [PATCH v2] mdadm: " Sergey Vidishev
2015-05-19 1:42 ` David F.
2015-05-19 18:39 ` Sergey Vidishev
2015-05-19 19:02 ` [PATCH v3] " Sergey Vidishev
2015-05-20 3:16 ` NeilBrown
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.