Actions
Bug #4910
closed
libshare_nfs: Memory leak in fill_security_from_secopts()
Start date:
2014-06-04
Due date:
% Done:
100%
Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage
Gerrit CR:
External Bug:
Description
# LD_PRELOAD_32=/usr/lib/fs/nfs/libshare_nfs.so.1 UMEM_DEBUG=default dtrace -32 -w -n 'pid$target::main:return {raise(6)}' -c "share -o root=@10.0.0.1 /tmp"
dtrace: description 'pid$target::main:return ' matched 1 probe
dtrace: allowing destructive actions
AUTOFS plugin not installed properly
dtrace: pid 942 terminated by SIGABRT
# echo "::findleaks -d" | mdb core
CACHE LEAKED BUFCTL CALLER
08075a10 1 080f37d8 libxml2.so.2.9.1`xmlStrndup+0x36
08075c10 1 080eda18 libxml2.so.2.9.1`xmlStrndup+0x36
------------------------------------------------------------------------
Total 2 buffers, 40 bytes
umem_alloc_16 leak: 1 buffer, 16 bytes
ADDR BUFADDR TIMESTAMP THREAD
CACHE LASTLOG CONTENTS
80f37d8 80f1220 97a44e315d1 1
8075a10 0 0
libumem.so.1`umem_cache_alloc_debug+0x1fe
libumem.so.1`umem_cache_alloc+0x99
libumem.so.1`umem_alloc+0x50
libumem.so.1`umem_malloc+0x36
libxml2.so.2.9.1`xmlStrndup+0x36
libxml2.so.2.9.1`xmlStrdup+0x36
libxml2.so.2.9.1`xmlGetProp+0xa6
libshare.so.1`get_node_attr+0x26
libshare.so.1`sa_get_property_attr+0x11
libshare_nfs.so.1`fill_security_from_secopts+0xc7
libshare_nfs.so.1`nfs_enable_share+0x323
libshare.so.1`sa_proto_share+0x24
libshare.so.1`sa_enable_share+0xa3
sa_legacy_share+0x5f3
run_command+0x4c
umem_alloc_24 leak: 1 buffer, 24 bytes
ADDR BUFADDR TIMESTAMP THREAD
CACHE LASTLOG CONTENTS
80eda18 80eab20 97a44e31794 1
8075c10 0 0
libumem.so.1`umem_cache_alloc_debug+0x1fe
libumem.so.1`umem_cache_alloc+0x99
libumem.so.1`umem_alloc+0x50
libumem.so.1`umem_malloc+0x36
libxml2.so.2.9.1`xmlStrndup+0x36
libxml2.so.2.9.1`xmlStrdup+0x36
libxml2.so.2.9.1`xmlGetProp+0xa6
libshare.so.1`get_node_attr+0x26
libshare.so.1`sa_get_property_attr+0x11
libshare_nfs.so.1`fill_security_from_secopts+0xd6
libshare_nfs.so.1`nfs_enable_share+0x323
libshare.so.1`sa_proto_share+0x24
libshare.so.1`sa_enable_share+0xa3
sa_legacy_share+0x5f3
run_command+0x4c
#
The problem is at line 1153 in fill_security_from_secopts() where "break" should be used instead of "continue":
1128 for (prop = sa_get_property(secopts, NULL);
1129 prop != NULL && err == SA_OK;
1130 prop = sa_get_next_property(prop)) {
1131 char *name;
1132 char *value;
1133
1134 name = sa_get_property_attr(prop, "type");
1135 value = sa_get_property_attr(prop, "value");
1136
1137 longform = value != NULL && strcmp(value, "*") != 0;
1138
1139 switch (findopt(name)) {
1140 case OPT_RO:
1141 sp->s_flags |= longform ? M_ROL : M_RO;
1142 break;
1143 case OPT_RW:
1144 sp->s_flags |= longform ? M_RWL : M_RW;
1145 break;
1146 case OPT_ROOT:
1147 sp->s_flags |= M_ROOT;
1148 /*
1149 * if we are using AUTH_UNIX, handle like other things
1150 * such as RO/RW
1151 */
1152 if (sp->s_secinfo.sc_rpcnum == AUTH_UNIX)
1153 continue;
...
1194 }
1195 if (name != NULL)
1196 sa_free_attr_string(name);
1197 if (value != NULL)
1198 sa_free_attr_string(value);
1199 }
Updated by Marcel Telka almost 9 years ago
- Status changed from In Progress to Pending RTI
Updated by Electric Monk almost 9 years ago
- Status changed from Pending RTI to Closed
- % Done changed from 0 to 100
git commit 6020a1b764797bc75c5b6bb622762df54ebc0ff3
commit 6020a1b764797bc75c5b6bb622762df54ebc0ff3
Author: Marcel Telka <marcel.telka@nexenta.com>
Date: 2014-06-13T21:57:48.000Z
4910 libshare_nfs: Memory leak in fill_security_from_secopts()
Reviewed by: Dan McDonald <danmcd@omniti.com>
Reviewed by: Serghei Samsi <sscdvp@gmail.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Actions