From f8245e96cd11756cce8f47ded4459f3c170cd2e3 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Tue, 8 Nov 2011 19:03:39 +0100 Subject: [PATCH] ls: plug a per-argument leak Using ls -l on an SELinux-enabled system would leak one SELinux context string per non-empty-directory command-line argument. * src/ls.c (free_ent): New function, factored out of... (clear_files): ...here. Use it. (extract_dirs_from_files): Call free_ent (f), rather than simply free (f->name). The latter failed to free the possibly-malloc'd linkname and scontext members, and thus could leak one of those strings per command-line argument. * THANKS.in: Update. * NEWS (Bug fixes): Mention it. Reported by Juraj Marko in http://bugzilla.redhat.com/751974. --- NEWS | 4 ++++ THANKS.in | 1 + src/ls.c | 17 +++++++++++------ 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index 1b0f2f5e9..de3888ddb 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,10 @@ GNU coreutils NEWS -*- outline -*- --block-size=1KiB, a new long option --kibibyte stands for -k. [bug introduced in coreutils-4.5.4] + ls -l would leak a little memory (security context string) for each + nonempty directory listed on the command line, when using SELinux. + [bug probably introduced in coreutils-6.10 with SELinux support] + rm -rf DIR would fail with "Device or resource busy" on Cygwin with NWFS and NcFsd file systems. This did not affect Unix/Linux-based kernels. [bug introduced in coreutils-8.0, when rm began using fts] diff --git a/THANKS.in b/THANKS.in index 83a78649a..ccdbc84b6 100644 --- a/THANKS.in +++ b/THANKS.in @@ -311,6 +311,7 @@ Juan M. Guerrero st001906@hrz1.hrz.tu-darmstadt.de Julian Bradfield jcb@inf.ed.ac.uk Jungshik Shin jshin@pantheon.yale.edu Jürgen Fluk louis@dachau.marco.de +Juraj Marko jmarko@redhat.com Jurriaan thunder7@xs4all.nl Justin Pryzby justinpryzby@users.sourceforge.net jvogel jvogel@linkny.com diff --git a/src/ls.c b/src/ls.c index b8a09b3df..96f7c987b 100644 --- a/src/ls.c +++ b/src/ls.c @@ -2715,8 +2715,16 @@ has_capability (char const *name ATTRIBUTE_UNUSED) /* Enter and remove entries in the table `cwd_file'. */ -/* Empty the table of files. */ +static void +free_ent (struct fileinfo *f) +{ + free (f->name); + free (f->linkname); + if (f->scontext != UNKNOWN_SECURITY_CONTEXT) + freecon (f->scontext); +} +/* Empty the table of files. */ static void clear_files (void) { @@ -2725,10 +2733,7 @@ clear_files (void) for (i = 0; i < cwd_n_used; i++) { struct fileinfo *f = sorted_file[i]; - free (f->name); - free (f->linkname); - if (f->scontext != UNKNOWN_SECURITY_CONTEXT) - freecon (f->scontext); + free_ent (f); } cwd_n_used = 0; @@ -3164,7 +3169,7 @@ extract_dirs_from_files (char const *dirname, bool command_line_arg) free (name); } if (f->filetype == arg_directory) - free (f->name); + free_ent (f); } } -- 2.11.4.GIT