Blob Blame Raw
commit 50ef80739d9e1e0df6616289ef2ff626a94666ee
Author: Steve Dickson <steved@redhat.com>
Date:   Thu May 23 09:24:49 2019 -0400

    rpc.mountd: Fix e_hostname and e_uuid leaks
    
    strdup of exportent uuid and hostname in getexportent() ends up leaking
    memory. Free the memory before getexportent() is called again from xtab_read()
    
    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1713360
    Signed-off-by: Nikhil Kshirsagar <nkshirsa@redhat.com>
    Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/support/export/xtab.c b/support/export/xtab.c
index d42eeef..1e1d679 100644
--- a/support/export/xtab.c
+++ b/support/export/xtab.c
@@ -50,6 +50,14 @@ xtab_read(char *xtab, char *lockfn, int is_export)
 	while ((xp = getexportent(is_export==0, 0)) != NULL) {
 		if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) &&
 		    !(exp = export_create(xp, is_export!=1))) {
+                        if(xp->e_hostname) {
+                            free(xp->e_hostname);
+                            xp->e_hostname=NULL;
+                        }
+                        if(xp->e_uuid) {
+                            free(xp->e_uuid);
+                            xp->e_uuid=NULL;
+                        }
 			continue;
 		}
 		switch (is_export) {
@@ -62,7 +70,16 @@ xtab_read(char *xtab, char *lockfn, int is_export)
 			if ((xp->e_flags & NFSEXP_FSID) && xp->e_fsid == 0)
 				v4root_needed = 0;
 			break;
-		}
+		}  
+                if(xp->e_hostname) {
+                    free(xp->e_hostname);
+                    xp->e_hostname=NULL;
+                }
+                if(xp->e_uuid) {
+                    free(xp->e_uuid);
+                    xp->e_uuid=NULL;
+                }
+
 	}
 	endexportent();
 	xfunlock(lockid);
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index 5f4cb95..a7582ca 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -179,9 +179,20 @@ getexportent(int fromkernel, int fromexports)
 	}
 	ee.e_hostname = xstrdup(hostname);
 
-	if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0)
-		return NULL;
+	if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) {
+                if(ee.e_hostname)
+                {
+                    xfree(ee.e_hostname);
+                    ee.e_hostname=NULL;
+                }
+                if(ee.e_uuid)
+                {
+                    xfree(ee.e_uuid);
+                    ee.e_uuid=NULL;
+                }
 
+		return NULL;
+        }
 	/* resolve symlinks */
 	if (realpath(ee.e_path, rpath) != NULL) {
 		rpath[sizeof (rpath) - 1] = '\0';