Project

General

Profile

Bug #4910

libshare_nfs: Memory leak in fill_security_from_secopts()

Added by Marcel Telka over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Low
Assignee:
Category:
lib - userland libraries
Start date:
2014-06-04
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage

Description

# LD_PRELOAD_32=/usr/lib/fs/nfs/libshare_nfs.so.1 UMEM_DEBUG=default dtrace -32 -w -n 'pid$target::main:return {raise(6)}' -c "share -o root=@10.0.0.1 /tmp" 
dtrace: description 'pid$target::main:return ' matched 1 probe
dtrace: allowing destructive actions
AUTOFS plugin not installed properly
dtrace: pid 942 terminated by SIGABRT

# echo "::findleaks -d" | mdb core
CACHE     LEAKED   BUFCTL CALLER
08075a10       1 080f37d8 libxml2.so.2.9.1`xmlStrndup+0x36
08075c10       1 080eda18 libxml2.so.2.9.1`xmlStrndup+0x36
------------------------------------------------------------------------
   Total       2 buffers, 40 bytes

umem_alloc_16 leak: 1 buffer, 16 bytes
            ADDR          BUFADDR        TIMESTAMP           THREAD
                            CACHE          LASTLOG         CONTENTS
         80f37d8          80f1220      97a44e315d1                1
                          8075a10                0                0
                 libumem.so.1`umem_cache_alloc_debug+0x1fe
                 libumem.so.1`umem_cache_alloc+0x99
                 libumem.so.1`umem_alloc+0x50
                 libumem.so.1`umem_malloc+0x36
                 libxml2.so.2.9.1`xmlStrndup+0x36
                 libxml2.so.2.9.1`xmlStrdup+0x36
                 libxml2.so.2.9.1`xmlGetProp+0xa6
                 libshare.so.1`get_node_attr+0x26
                 libshare.so.1`sa_get_property_attr+0x11
                 libshare_nfs.so.1`fill_security_from_secopts+0xc7
                 libshare_nfs.so.1`nfs_enable_share+0x323
                 libshare.so.1`sa_proto_share+0x24
                 libshare.so.1`sa_enable_share+0xa3
                 sa_legacy_share+0x5f3
                 run_command+0x4c

umem_alloc_24 leak: 1 buffer, 24 bytes
            ADDR          BUFADDR        TIMESTAMP           THREAD
                            CACHE          LASTLOG         CONTENTS
         80eda18          80eab20      97a44e31794                1
                          8075c10                0                0
                 libumem.so.1`umem_cache_alloc_debug+0x1fe
                 libumem.so.1`umem_cache_alloc+0x99
                 libumem.so.1`umem_alloc+0x50
                 libumem.so.1`umem_malloc+0x36
                 libxml2.so.2.9.1`xmlStrndup+0x36
                 libxml2.so.2.9.1`xmlStrdup+0x36
                 libxml2.so.2.9.1`xmlGetProp+0xa6
                 libshare.so.1`get_node_attr+0x26
                 libshare.so.1`sa_get_property_attr+0x11
                 libshare_nfs.so.1`fill_security_from_secopts+0xd6
                 libshare_nfs.so.1`nfs_enable_share+0x323
                 libshare.so.1`sa_proto_share+0x24
                 libshare.so.1`sa_enable_share+0xa3
                 sa_legacy_share+0x5f3
                 run_command+0x4c

#

The problem is at line 1153 in fill_security_from_secopts() where "break" should be used instead of "continue":

1128    for (prop = sa_get_property(secopts, NULL);
1129        prop != NULL && err == SA_OK;
1130        prop = sa_get_next_property(prop)) {
1131        char *name;
1132        char *value;
1133
1134        name = sa_get_property_attr(prop, "type");
1135        value = sa_get_property_attr(prop, "value");
1136
1137        longform = value != NULL && strcmp(value, "*") != 0;
1138
1139        switch (findopt(name)) {
1140        case OPT_RO:
1141            sp->s_flags |= longform ? M_ROL : M_RO;
1142            break;
1143        case OPT_RW:
1144            sp->s_flags |= longform ? M_RWL : M_RW;
1145            break;
1146        case OPT_ROOT:
1147            sp->s_flags |= M_ROOT;
1148            /*
1149             * if we are using AUTH_UNIX, handle like other things
1150             * such as RO/RW
1151             */
1152            if (sp->s_secinfo.sc_rpcnum == AUTH_UNIX)
1153                continue;

...

1194        }
1195        if (name != NULL)
1196            sa_free_attr_string(name);
1197        if (value != NULL)
1198            sa_free_attr_string(value);
1199    }

History

#1

Updated by Marcel Telka over 5 years ago

  • Status changed from In Progress to Pending RTI
#2

Updated by Electric Monk over 5 years ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 0 to 100

git commit 6020a1b764797bc75c5b6bb622762df54ebc0ff3

commit  6020a1b764797bc75c5b6bb622762df54ebc0ff3
Author: Marcel Telka <marcel.telka@nexenta.com>
Date:   2014-06-13T21:57:48.000Z

    4910 libshare_nfs: Memory leak in fill_security_from_secopts()
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Serghei Samsi <sscdvp@gmail.com>
    Approved by: Robert Mustacchi <rm@joyent.com>

Also available in: Atom PDF