[oe-commits] [openembedded-core] 58/68: systemd: Fix memory use after free errors
git at git.openembedded.org
git at git.openembedded.org
Mon Jan 28 17:07:57 UTC 2019
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch thud-next
in repository openembedded-core.
commit 82cb42d24250d211c1d9bd4ab9e91bbb0ef6ffa2
Author: Khem Raj <raj.khem at gmail.com>
AuthorDate: Sun Dec 16 21:54:42 2018 -0800
systemd: Fix memory use after free errors
Found with gcc trunk
(From OE-Core rev: 381c63ad2a6e004658b0232b6e6763f49f412b2b)
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
...l-Don-t-pass-null-directive-argument-to-s.patch | 31 ++++++++++++++++
...Fix-use-after-free-case-in-load_from_path.patch | 43 ++++++++++++++++++++++
meta/recipes-core/systemd/systemd_239.bb | 2 +
3 files changed, 76 insertions(+)
diff --git a/meta/recipes-core/systemd/systemd/0001-sysctl-Don-t-pass-null-directive-argument-to-s.patch b/meta/recipes-core/systemd/systemd/0001-sysctl-Don-t-pass-null-directive-argument-to-s.patch
new file mode 100644
index 0000000..0538c7b
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-sysctl-Don-t-pass-null-directive-argument-to-s.patch
@@ -0,0 +1,31 @@
+From bfc4183ea995f1c211385d066cdb1fe9ce89f621 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem at gmail.com>
+Date: Sun, 16 Dec 2018 20:53:38 -0800
+Subject: [PATCH 1/2] sysctl: Don't pass null directive argument to '%s'
+
+value pointer here is always NULL but subsequent use of that pointer
+with a %s format will always be NULL, printing p instead would be a
+valid string
+
+Signed-off-by: Khem Raj <raj.khem at gmail.com>
+---
+Upstream-Status: Submitted [https://github.com/systemd/systemd/pull/11179]
+ src/sysctl/sysctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c
+index 1cfe51018..c67d79032 100644
+--- a/src/sysctl/sysctl.c
++++ b/src/sysctl/sysctl.c
+@@ -115,7 +115,7 @@ static int parse_file(OrderedHashmap *sysctl_options, const char *path, bool ign
+
+ value = strchr(p, '=');
+ if (!value) {
+- log_error("Line is not an assignment at '%s:%u': %s", path, c, value);
++ log_error("Line is not an assignment at '%s:%u': %s", path, c, p);
+
+ if (r == 0)
+ r = -EINVAL;
+--
+2.20.1
+
diff --git a/meta/recipes-core/systemd/systemd/0002-core-Fix-use-after-free-case-in-load_from_path.patch b/meta/recipes-core/systemd/systemd/0002-core-Fix-use-after-free-case-in-load_from_path.patch
new file mode 100644
index 0000000..4da96e2
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0002-core-Fix-use-after-free-case-in-load_from_path.patch
@@ -0,0 +1,43 @@
+From cb67aebd63d9f0077cbf3e769f0b223c5bba20ac Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem at gmail.com>
+Date: Sun, 16 Dec 2018 20:58:35 -0800
+Subject: [PATCH 2/2] core: Fix use after free case in load_from_path()
+
+ensure that mfree() on filename is called after the logging function
+which uses the string pointed by filename
+
+Signed-off-by: Khem Raj <raj.khem at gmail.com>
+---
+Upstream-Status: Submitted [https://github.com/systemd/systemd/pull/11179]
+ src/core/load-fragment.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
+index fc5644f48..da585786e 100644
+--- a/src/core/load-fragment.c
++++ b/src/core/load-fragment.c
+@@ -4531,7 +4531,6 @@ static int load_from_path(Unit *u, const char *path) {
+ r = open_follow(&filename, &f, symlink_names, &id);
+ if (r >= 0)
+ break;
+- filename = mfree(filename);
+
+ /* ENOENT means that the file is missing or is a dangling symlink.
+ * ENOTDIR means that one of paths we expect to be is a directory
+@@ -4540,9 +4539,12 @@ static int load_from_path(Unit *u, const char *path) {
+ */
+ if (r == -EACCES)
+ log_debug_errno(r, "Cannot access \"%s\": %m", filename);
+- else if (!IN_SET(r, -ENOENT, -ENOTDIR))
++ else if (!IN_SET(r, -ENOENT, -ENOTDIR)) {
++ filename = mfree(filename);
+ return r;
++ }
+
++ filename = mfree(filename);
+ /* Empty the symlink names for the next run */
+ set_clear_free(symlink_names);
+ }
+--
+2.20.1
+
diff --git a/meta/recipes-core/systemd/systemd_239.bb b/meta/recipes-core/systemd/systemd_239.bb
index a40c899..03acce2 100644
--- a/meta/recipes-core/systemd/systemd_239.bb
+++ b/meta/recipes-core/systemd/systemd_239.bb
@@ -35,6 +35,8 @@ SRC_URI += "file://touchscreen.rules \
file://0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch \
file://0001-Revert-sysctl.d-request-ECN-on-both-in-and-outgoing-.patch \
file://0001-timesync-changes-type-of-drift_freq-to-int64_t.patch \
+ file://0001-sysctl-Don-t-pass-null-directive-argument-to-s.patch \
+ file://0002-core-Fix-use-after-free-case-in-load_from_path.patch \
"
# patches made for musl are only applied on TCLIBC is musl
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list