diff options
| author |   Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-03-22 17:23:49 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-03-22 17:39:12 +0100 |
| commit | b2645747b7b4698ef93beb81a00ba5daaa0b1406 (patch) | |
| tree | d0988c2789cd127bd2dff32fb0bbf16d6bb5bab4 | |
| parent | udev/link-config: rename MACPolicy to MACAddressPolicy (diff) | |
| download | systemd-b2645747b7b4698ef93beb81a00ba5daaa0b1406.tar.xz systemd-b2645747b7b4698ef93beb81a00ba5daaa0b1406.zip | |
nspawn-oci: fix double free
Also rename function to make it clear that it also frees the array
object itself.
| -rw-r--r-- | src/nspawn/nspawn-settings.c | 5 | ||||
| -rw-r--r-- | src/nspawn/nspawn-settings.h | 2 | ||||
| -rw-r--r-- | src/nspawn/nspawn.c | 4 | ||||
| -rw-r--r-- | test/fuzz/fuzz-nspawn-oci/crash-bffbd2085d4e95c47e9749b3f4a2dbc0580c20d3 | 5 |
4 files changed, 10 insertions, 6 deletions
diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c index ab69f24c54e..476cb0779e7 100644 --- a/src/nspawn/nspawn-settings.c +++ b/src/nspawn/nspawn-settings.c @@ -110,7 +110,7 @@ static void free_oci_hooks(OciHook *h, size_t n) { free(h); } -void device_node_free_many(DeviceNode *node, size_t n) { +void device_node_array_free(DeviceNode *node, size_t n) { size_t i; for (i = 0; i < n; i++) @@ -156,8 +156,7 @@ Settings* settings_free(Settings *s) { sd_bus_message_unref(s->properties); free(s->supplementary_gids); - device_node_free_many(s->extra_nodes, s->n_extra_nodes); - free(s->extra_nodes); + device_node_array_free(s->extra_nodes, s->n_extra_nodes); free(s->network_namespace_path); strv_free(s->sysctl); diff --git a/src/nspawn/nspawn-settings.h b/src/nspawn/nspawn-settings.h index cc802f77afa..231082706d4 100644 --- a/src/nspawn/nspawn-settings.h +++ b/src/nspawn/nspawn-settings.h @@ -254,4 +254,4 @@ TimezoneMode timezone_mode_from_string(const char *s) _pure_; int parse_link_journal(const char *s, LinkJournal *ret_mode, bool *ret_try); -void device_node_free_many(DeviceNode *node, size_t n); +void device_node_array_free(DeviceNode *node, size_t n); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index f3842f70c65..8e6780d54bc 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -3958,7 +3958,7 @@ static int merge_settings(Settings *settings, const char *path) { arg_console_width = settings->console_width; arg_console_height = settings->console_height; - device_node_free_many(arg_extra_nodes, arg_n_extra_nodes); + device_node_array_free(arg_extra_nodes, arg_n_extra_nodes); arg_extra_nodes = TAKE_PTR(settings->extra_nodes); arg_n_extra_nodes = settings->n_extra_nodes; @@ -5070,7 +5070,7 @@ finish: custom_mount_free_all(arg_custom_mounts, arg_n_custom_mounts); expose_port_free_all(arg_expose_ports); rlimit_free_all(arg_rlimit); - device_node_free_many(arg_extra_nodes, arg_n_extra_nodes); + device_node_array_free(arg_extra_nodes, arg_n_extra_nodes); if (r < 0) return r; diff --git a/test/fuzz/fuzz-nspawn-oci/crash-bffbd2085d4e95c47e9749b3f4a2dbc0580c20d3 b/test/fuzz/fuzz-nspawn-oci/crash-bffbd2085d4e95c47e9749b3f4a2dbc0580c20d3 new file mode 100644 index 00000000000..22e42d3bad2 --- /dev/null +++ b/test/fuzz/fuzz-nspawn-oci/crash-bffbd2085d4e95c47e9749b3f4a2dbc0580c20d3 @@ -0,0 +1,5 @@ +{"ociVersion": "1.0.0", +"linux": {"devices": [ { "access": "mmmw;r"} +] }, "e": "}e" + } +
\ No newline at end of file |