From 06ad515e6b084900aef7a9b5b62f3dbc0dfd0b6d Mon Sep 17 00:00:00 2001
From: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Date: Wed, 9 Mar 2022 14:32:25 +0300
Subject: [PATCH 141/245] mount: fix e_str leak in ext_mount_add
coverity CID 389202:
54int ext_mount_add(char *key, char *val)
55{
56 char *e_str;
57
1. alloc_fn: Storage is returned from allocation function malloc.
2. var_assign: Assigning: ___p = storage returned from malloc(strlen(key) + strlen(val) + 8UL).
3. Condition !___p, taking false branch.
4. leaked_storage: Variable ___p going out of scope leaks the storage it points to.
5. var_assign: Assigning: e_str = ({...; ___p;}).
58 e_str = xmalloc(strlen(key) + strlen(val) + 8);
6. Condition !e_str, taking false branch.
59 if (!e_str)
60 return -1;
...
7. noescape: Resource e_str is not freed or pointed-to in sprintf.
73 sprintf(e_str, "mnt[%s]:%s", key, val);
8. noescape: Resource e_str is not freed or pointed-to in add_external. [show details]
CID 389202 (#1 of 1): Resource leak (RESOURCE_LEAK)9. leaked_storage: Variable e_str going out of scope leaks the storage it points to.
74 return add_external(e_str);
75}
We need to free e_str after add_external used it.
v2: use cleanup_free attribute (@adrianreber)
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
criu/mount.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/criu/mount.c b/criu/mount.c
index 4b57ac703..c301aaeeb 100644
--- a/criu/mount.c
+++ b/criu/mount.c
@@ -55,7 +55,7 @@ static LIST_HEAD(delayed_unbindable);
int ext_mount_add(char *key, char *val)
{
- char *e_str;
+ cleanup_free char *e_str = NULL;
e_str = xmalloc(strlen(key) + strlen(val) + 8);
if (!e_str)
--
2.35.1