From patchwork Mon Aug 30 20:37:10 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nick <vincent@systemli.org>
X-Patchwork-Id: 1522330
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=nErIAX/3;
	dkim=fail reason="signature verification failed" (2048-bit key;
 secure) header.d=systemli.org header.i=@systemli.org header.a=rsa-sha256
 header.s=default header.b=DAlHjf4G;
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Gz2L2426gz9sR4
	for <incoming@patchwork.ozlabs.org>; Tue, 31 Aug 2021 06:41:46 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=xpNqfOaPRCxEaAzuvr0k9uWF+d7GPEXEsvFtad3mLGg=; b=nErIAX/3LUN8gK
	BUrWxed1YuzhSG2kSImCVuIH/uWg76MusFrLkSxyzUYRif0cRW3ARYHsyYlwJVz2xjCKpg5i1C2re
	/pWB8xG1J76Dz6KJrastCSuTysZ70O0Em+3IE53cY/He+HEgJlIdp57LlKYASWCmiLXf0lGeeT5kW
	VSN78LaYNRM7ZdHjH5HLLR2lCzCiDx7n3AcDvVVFBdXINkokkyH+8SeIV08f5eyoYB51MdaNukDKD
	55+7TFHerLl4E2XQ2AXcltB8EpB/luSQCaplRLQ1HzlHdkVkQOt/Opm0aYS7iuptW9wuHJonuKfKG
	atW/B79SmoA+MCTs+BSA==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1mKo27-000WKe-MC; Mon, 30 Aug 2021 20:37:31 +0000
Received: from mail1.systemli.org ([212.103.72.247])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1mKo20-000WJt-EV
 for openwrt-devel@lists.openwrt.org; Mon, 30 Aug 2021 20:37:28 +0000
From: vincent@systemli.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=systemli.org;
 s=default; t=1630355837;
 bh=soaay/s1VqqSqnUf98qaBDKyHpxKxBSGm7+UJumgcAE=;
 h=From:To:Cc:Subject:Date:From;
 b=DAlHjf4GcKINdX003l1gfe5WOnVfv0ajcUoTD+4MfXyajWQuQ1ctZRpzX32P3WUTO
 xYfVXkEEwZC/Izso2padacaoGLTekDlo26Tx7IPeWelC/WAhH2vbqKzYDb4C9dJMW3
 23+/PfKVy0kUJz89Q4wKeLZKaJtBTC3Szh+YPEseG1th4I+GyP6GKVeeklXdSTTDcN
 7Cp+kvFo07/pbc9pRx0RBU+w5DoEYVSuKfHgSYIi+E0yTrw57Ip2GgLz1dX79DlsD8
 4gDfCb7mieGXsv8iQX9svAp4hL5103EyqpRXUkPaUtQEdgEzIGUcwLPdaVlKbSOeV8
 OQO/lcegcTOeQ==
To: openwrt-devel@lists.openwrt.org
Cc: Nick Hainke <vincent@systemli.org>
Subject: [PATCH] trace: fix potential use-after-free occurence
Date: Mon, 30 Aug 2021 22:37:10 +0200
Message-Id: <20210830203710.18792-1-vincent@systemli.org>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20210830_133724_820974_B204331A 
X-CRM114-Status: UNSURE (   8.04  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Nick Hainke <vincent@systemli.org> char* tmp is used
 in the fprintf function altough it is already freed. Fixes: e5b38fd1 ("trace:
 free memory allocated by blobmsg_format_json_indent()")
 Content analysis details:   (-0.2 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [212.103.72.247 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

From: Nick Hainke <vincent@systemli.org>

char* tmp is used in the fprintf function altough it is already freed.

Fixes: e5b38fd1 ("trace: free memory allocated by blobmsg_format_json_indent()")

Signed-off-by: Nick Hainke <vincent@systemli.org>
---
 trace/trace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/trace/trace.c b/trace/trace.c
index 87a98a6..40cf3df 100644
--- a/trace/trace.c
+++ b/trace/trace.c
@@ -166,8 +166,8 @@ static void print_syscalls(int policy, const char *json)
 			if (!tmp)
 				return;
 
-			free(tmp);
 			fprintf(fp, "%s\n", tmp);
+			free(tmp);
 			fclose(fp);
 			ULOG_INFO("saving syscall trace to %s\n", json);
 		} else {