diff options
author | Khem Raj <raj.khem@gmail.com> | 2018-12-16 21:54:42 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-02-06 16:38:31 +0000 |
commit | 57a370c254985ac3bd9fa0be493a2ec475156492 (patch) | |
tree | 3773e81e96d0d38e23dc87cd08e6664f20f52a2f /meta/recipes-core/systemd/systemd | |
parent | 9f02ad5cfaacd0a8cc9e9e158ed54ca8eefe54fc (diff) | |
download | poky-57a370c254985ac3bd9fa0be493a2ec475156492.tar.gz |
systemd: Fix memory use after free errors
Found with gcc trunk
(From OE-Core rev: 381c63ad2a6e004658b0232b6e6763f49f412b2b)
(From OE-Core rev: 82cb42d24250d211c1d9bd4ab9e91bbb0ef6ffa2)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/systemd/systemd')
2 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/0001-sysctl-Don-t-pass-null-directive-argument-to-s.patch b/meta/recipes-core/systemd/systemd/0001-sysctl-Don-t-pass-null-directive-argument-to-s.patch new file mode 100644 index 0000000000..0538c7bbc8 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0001-sysctl-Don-t-pass-null-directive-argument-to-s.patch | |||
@@ -0,0 +1,31 @@ | |||
1 | From bfc4183ea995f1c211385d066cdb1fe9ce89f621 Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Sun, 16 Dec 2018 20:53:38 -0800 | ||
4 | Subject: [PATCH 1/2] sysctl: Don't pass null directive argument to '%s' | ||
5 | |||
6 | value pointer here is always NULL but subsequent use of that pointer | ||
7 | with a %s format will always be NULL, printing p instead would be a | ||
8 | valid string | ||
9 | |||
10 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
11 | --- | ||
12 | Upstream-Status: Submitted [https://github.com/systemd/systemd/pull/11179] | ||
13 | src/sysctl/sysctl.c | 2 +- | ||
14 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c | ||
17 | index 1cfe51018..c67d79032 100644 | ||
18 | --- a/src/sysctl/sysctl.c | ||
19 | +++ b/src/sysctl/sysctl.c | ||
20 | @@ -115,7 +115,7 @@ static int parse_file(OrderedHashmap *sysctl_options, const char *path, bool ign | ||
21 | |||
22 | value = strchr(p, '='); | ||
23 | if (!value) { | ||
24 | - log_error("Line is not an assignment at '%s:%u': %s", path, c, value); | ||
25 | + log_error("Line is not an assignment at '%s:%u': %s", path, c, p); | ||
26 | |||
27 | if (r == 0) | ||
28 | r = -EINVAL; | ||
29 | -- | ||
30 | 2.20.1 | ||
31 | |||
diff --git a/meta/recipes-core/systemd/systemd/0002-core-Fix-use-after-free-case-in-load_from_path.patch b/meta/recipes-core/systemd/systemd/0002-core-Fix-use-after-free-case-in-load_from_path.patch new file mode 100644 index 0000000000..4da96e2920 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0002-core-Fix-use-after-free-case-in-load_from_path.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From cb67aebd63d9f0077cbf3e769f0b223c5bba20ac Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Sun, 16 Dec 2018 20:58:35 -0800 | ||
4 | Subject: [PATCH 2/2] core: Fix use after free case in load_from_path() | ||
5 | |||
6 | ensure that mfree() on filename is called after the logging function | ||
7 | which uses the string pointed by filename | ||
8 | |||
9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
10 | --- | ||
11 | Upstream-Status: Submitted [https://github.com/systemd/systemd/pull/11179] | ||
12 | src/core/load-fragment.c | 6 ++++-- | ||
13 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
14 | |||
15 | diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c | ||
16 | index fc5644f48..da585786e 100644 | ||
17 | --- a/src/core/load-fragment.c | ||
18 | +++ b/src/core/load-fragment.c | ||
19 | @@ -4531,7 +4531,6 @@ static int load_from_path(Unit *u, const char *path) { | ||
20 | r = open_follow(&filename, &f, symlink_names, &id); | ||
21 | if (r >= 0) | ||
22 | break; | ||
23 | - filename = mfree(filename); | ||
24 | |||
25 | /* ENOENT means that the file is missing or is a dangling symlink. | ||
26 | * ENOTDIR means that one of paths we expect to be is a directory | ||
27 | @@ -4540,9 +4539,12 @@ static int load_from_path(Unit *u, const char *path) { | ||
28 | */ | ||
29 | if (r == -EACCES) | ||
30 | log_debug_errno(r, "Cannot access \"%s\": %m", filename); | ||
31 | - else if (!IN_SET(r, -ENOENT, -ENOTDIR)) | ||
32 | + else if (!IN_SET(r, -ENOENT, -ENOTDIR)) { | ||
33 | + filename = mfree(filename); | ||
34 | return r; | ||
35 | + } | ||
36 | |||
37 | + filename = mfree(filename); | ||
38 | /* Empty the symlink names for the next run */ | ||
39 | set_clear_free(symlink_names); | ||
40 | } | ||
41 | -- | ||
42 | 2.20.1 | ||
43 | |||