diff options
author | Jim Meyering <meyering@redhat.com> | 2011-11-08 19:03:39 +0100 |
---|---|---|
committer | Jim Meyering <meyering@redhat.com> | 2011-11-12 10:22:55 +0100 |
commit | f8245e96cd11756cce8f47ded4459f3c170cd2e3 (patch) | |
tree | 803b6469b73a34a8a91e70d60d3e8d3dab37bba5 | |
parent | 91a5badc7b8b96916147f28b1d094af98efa5aa7 (diff) | |
download | coreutils-f8245e96cd11756cce8f47ded4459f3c170cd2e3.tar.xz |
ls: plug a per-argument leak
Using ls -l on an SELinux-enabled system would leak one SELinux
context string per non-empty-directory command-line argument.
* src/ls.c (free_ent): New function, factored out of...
(clear_files): ...here. Use it.
(extract_dirs_from_files): Call free_ent (f), rather than simply
free (f->name). The latter failed to free the possibly-malloc'd
linkname and scontext members, and thus could leak one of those
strings per command-line argument.
* THANKS.in: Update.
* NEWS (Bug fixes): Mention it.
Reported by Juraj Marko in http://bugzilla.redhat.com/751974.
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | THANKS.in | 1 | ||||
-rw-r--r-- | src/ls.c | 17 |
3 files changed, 16 insertions, 6 deletions
@@ -11,6 +11,10 @@ GNU coreutils NEWS -*- outline -*- --block-size=1KiB, a new long option --kibibyte stands for -k. [bug introduced in coreutils-4.5.4] + ls -l would leak a little memory (security context string) for each + nonempty directory listed on the command line, when using SELinux. + [bug probably introduced in coreutils-6.10 with SELinux support] + rm -rf DIR would fail with "Device or resource busy" on Cygwin with NWFS and NcFsd file systems. This did not affect Unix/Linux-based kernels. [bug introduced in coreutils-8.0, when rm began using fts] @@ -311,6 +311,7 @@ Juan M. Guerrero st001906@hrz1.hrz.tu-darmstadt.de Julian Bradfield jcb@inf.ed.ac.uk Jungshik Shin jshin@pantheon.yale.edu Jürgen Fluk louis@dachau.marco.de +Juraj Marko jmarko@redhat.com Jurriaan thunder7@xs4all.nl Justin Pryzby justinpryzby@users.sourceforge.net jvogel jvogel@linkny.com @@ -2715,8 +2715,16 @@ has_capability (char const *name ATTRIBUTE_UNUSED) /* Enter and remove entries in the table `cwd_file'. */ -/* Empty the table of files. */ +static void +free_ent (struct fileinfo *f) +{ + free (f->name); + free (f->linkname); + if (f->scontext != UNKNOWN_SECURITY_CONTEXT) + freecon (f->scontext); +} +/* Empty the table of files. */ static void clear_files (void) { @@ -2725,10 +2733,7 @@ clear_files (void) for (i = 0; i < cwd_n_used; i++) { struct fileinfo *f = sorted_file[i]; - free (f->name); - free (f->linkname); - if (f->scontext != UNKNOWN_SECURITY_CONTEXT) - freecon (f->scontext); + free_ent (f); } cwd_n_used = 0; @@ -3164,7 +3169,7 @@ extract_dirs_from_files (char const *dirname, bool command_line_arg) free (name); } if (f->filetype == arg_directory) - free (f->name); + free_ent (f); } } |