From patchwork Wed Oct 14 08:06:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Genoud X-Patchwork-Id: 1381861 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=posteo.net Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=posteo.net header.i=@posteo.net header.a=rsa-sha256 header.s=2017 header.b=C5aiBb+L; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CB4lS3mL5z9sVS for ; Wed, 14 Oct 2020 19:07:32 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A7E0282396; Wed, 14 Oct 2020 10:07:11 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=posteo.net Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; secure) header.d=posteo.net header.i=@posteo.net header.b="C5aiBb+L"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 19266823C9; Wed, 14 Oct 2020 10:07:06 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id AAB5A82313 for ; Wed, 14 Oct 2020 10:07:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=posteo.net Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=richard.genoud@posteo.net Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 55D9C2400FF for ; Wed, 14 Oct 2020 10:07:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1602662821; bh=r2AB08URNUVNViCtoG1vzo4xjFRLjHyAwEHs78x4Pcw=; h=From:To:Cc:Subject:Date:From; b=C5aiBb+LmFA1WtyCvqcUOzEUhCYAXBl0ZKcAci9SpGPPsRN9KeI0mHjh6qSSCtiGF 8fRmow8XSPJovlpPKNICSHCtMpg+xEiGtgKZ0wenFyMY7WkfulUYKbw3MB0YYAQMBX NL+o4Y3Jax+iMf9soLYX9a/vtE2XcQnn5L20vxxjorBRSXzmiezB083NobXYiHvGYz FLVLtv+xUDaGcDKtVLPt0N8NjzSpJSUNSX22XrOmSJYAFEvfqbReKR+1BtLLGtVhQU JN9ChYij2A6ik1C2SjDkvVPD4bGw08PmF8khC9TglzEC3Dh211t08ILjwpCqFmcPJ5 x+2xz81UWmZrA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4CB4kr6CXxz9rxb; Wed, 14 Oct 2020 10:07:00 +0200 (CEST) From: Richard Genoud To: Joao Marcos Costa , Thomas Petazzoni , Miquel Raynal Cc: u-boot@lists.denx.de, Richard Genoud Subject: [PATCH 02/17] fs/squashfs: sqfs_opendir: fix some memory leaks and dangling pointers Date: Wed, 14 Oct 2020 10:06:07 +0200 Message-Id: <20201014080622.14970-3-richard.genoud@posteo.net> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201014080622.14970-1-richard.genoud@posteo.net> References: <20201014080622.14970-1-richard.genoud@posteo.net> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean When trying to load an non-existing file, the cpu hangs! Signed-off-by: Richard Genoud --- fs/squashfs/sqfs.c | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c index 15208b4dab0..1fdb9ac534b 100644 --- a/fs/squashfs/sqfs.c +++ b/fs/squashfs/sqfs.c @@ -821,22 +821,37 @@ int sqfs_opendir(const char *filename, struct fs_dir_stream **dirsp) if (!dirs) return -EINVAL; + /* these should be set to NULL to prevent dangling pointers */ + dirs->dir_header = NULL; + dirs->entry = NULL; + dirs->table = NULL; + dirs->inode_table = NULL; + dirs->dir_table = NULL; + ret = sqfs_read_inode_table(&inode_table); - if (ret) - return -EINVAL; + if (ret) { + ret = -EINVAL; + goto free_dirs; + } metablks_count = sqfs_read_directory_table(&dir_table, &pos_list); - if (metablks_count < 1) - return -EINVAL; + if (metablks_count < 1) { + ret = -EINVAL; + goto free_inode_table; + } /* Tokenize filename */ token_count = sqfs_count_tokens(filename); - if (token_count < 0) - return -EINVAL; + if (token_count < 0) { + ret = -EINVAL; + goto free_inode_table; + } path = strdup(filename); - if (!path) - return -ENOMEM; + if (!path) { + ret = -EINVAL; + goto free_inode_table; + } token_list = malloc(token_count * sizeof(char *)); if (!token_list) { @@ -882,6 +897,12 @@ free_tokens: free(pos_list); free_path: free(path); +free_inode_table: + if (ret) + free(inode_table); +free_dirs: + if (ret) + free(dirs); return ret; }