rpms
/
systemd
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backport bunch of bugfixes (asserts, segv, memleaks) from upstream

This commit is contained in:
Michal Sekletar 2017-02-22 10:29:24 +01:00
parent 117b3ffe68
commit ed724b69dc
18 changed files with 823 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
0024-logind-don-t-hit-assert-when-we-try-to-free-NULL-man.patch Normal file
View File

@ -0,0 +1,29 @@
From 264148da88b25a0800178f0c33e2b6ae292de455 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 20 Oct 2016 19:19:46 +0200
Subject: [PATCH] logind: don't hit assert when we try to free NULL manager
object
Fixes: #4431
(cherry picked from commit 84a4e6608dbda38c724ab196a226db209a50b224)
---
src/login/logind.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/login/logind.c b/src/login/logind.c
index 5ce36d2..e5854db 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -125,7 +125,8 @@ static void manager_free(Manager *m) {
Inhibitor *i;
Button *b;
- assert(m);
+ if (!m)
+ return;
while ((session = hashmap_first(m->sessions)))
session_free(session);
--
2.9.3

39
0025-core-if-the-start-command-vanishes-during-runtime-do.patch Normal file
View File

@ -0,0 +1,39 @@
From a30e889de3487c8c478389da0aded6d73f7f4cc7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 21 Oct 2016 12:27:46 +0200
Subject: [PATCH] core: if the start command vanishes during runtime don't hit
an assert
This can happen when the configuration is changed and reloaded while we are
executing a service. Let's not hit an assert in this case.
Fixes: #4444
(cherry picked from commit 47fffb3530af3e3ad4048570611685635fde062e)
---
src/core/service.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/core/service.c b/src/core/service.c
index afb1985..537db62 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1706,7 +1706,15 @@ static void service_enter_start(Service *s) {
}
if (!c) {
- assert(s->type == SERVICE_ONESHOT);
+ if (s->type != SERVICE_ONESHOT) {
+ /* There's no command line configured for the main command? Hmm, that is strange. This can only
+ * happen if the configuration changes at runtime. In this case, let's enter a failure
+ * state. */
+ log_unit_error(UNIT(s), "There's no 'start' task anymore we could start: %m");
+ r = -ENXIO;
+ goto fail;
+ }
+
service_enter_start_post(s);
return;
}
--
2.9.3

38
0026-core-don-t-hit-an-assert-when-printing-status-messag.patch Normal file
View File

@ -0,0 +1,38 @@
From f1d2c31949a501d919a17e09b0d2a093d93837b4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 2 Nov 2016 12:02:53 -0600
Subject: [PATCH] core: don't hit an assert when printing status messages about
units with overly long description strings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This essentially reverts one part of d054f0a4d451120c26494263fc4dc175bfd405b1.
(We might also choose to use proper ellipsation here, but I wasn't sure the
memory allocation this requires wouöld be a good idea here...)
Fixes: #4534
(cherry picked from commit 07ecca0dc9d2d8f3b3abd73ab32f254f339fd903)
---
src/core/job.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/job.c b/src/core/job.c
index 7557874..4efcfb8 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -767,8 +767,9 @@ static void job_log_status_message(Unit *u, JobType t, JobResult result) {
if (!format)
return;
+ /* The description might be longer than the buffer, but that's OK, we'll just truncate it here */
DISABLE_WARNING_FORMAT_NONLITERAL;
- xsprintf(buf, format, unit_description(u));
+ snprintf(buf, sizeof(buf), format, unit_description(u));
REENABLE_WARNING;
switch (t) {
--
2.9.3

36
0027-device-Avoid-calling-unit_free-NULL-in-device-setup-.patch Normal file
View File

@ -0,0 +1,36 @@
From 3c9f8cc10801766fba96459c46e52eaf1f77f16b Mon Sep 17 00:00:00 2001
From: Dave Reisner <d@falconindy.com>
Date: Sun, 27 Nov 2016 17:05:39 -0500
Subject: [PATCH] device: Avoid calling unit_free(NULL) in device setup logic
(#4748)
Since a581e45ae8f9bb5c, there's a few function calls to
unit_new_for_name which will unit_free on failure. Prior to this commit,
a failure would result in calling unit_free with a NULL unit, and hit an
assertion failure, seen at least via device_setup_unit:
Assertion 'u' failed at src/core/unit.c:519, function unit_free(). Aborting.
Fixes #4747
https://bugs.archlinux.org/task/51950
(cherry picked from commit d112eae7da77899be245ab52aa1747d4675549f1)
---
src/core/device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/device.c b/src/core/device.c
index 16e56ef..31724e4 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -369,7 +369,7 @@ static int device_setup_unit(Manager *m, struct udev_device *dev, const char *pa
fail:
log_unit_warning_errno(u, r, "Failed to set up device unit: %m");
- if (delete)
+ if (delete && u)
unit_free(u);
return r;
--
2.9.3

87
0028-sd-network-fix-memleak-in-dhcp6_option_parse_domainn.patch Normal file
View File

@ -0,0 +1,87 @@
From 0360725e0871bf29251636c561bfcd738ac5aba2 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 24 Jan 2017 05:11:59 +0300
Subject: [PATCH] sd-network: fix memleak in dhcp6_option_parse_domainname
(#5114)
The simplest way to reproduce:
```diff
diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c
index bd289fa..7b0a5ef 100644
--- a/src/libsystemd-network/test-dhcp6-client.c
+++ b/src/libsystemd-network/test-dhcp6-client.c
@@ -168,7 +168,7 @@ static uint8_t msg_advertise[198] = {
0x00, 0x17, 0x00, 0x10, 0x20, 0x01, 0x0d, 0xb8,
0xde, 0xad, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x0b,
- 0x03, 0x6c, 0x61, 0x62, 0x05, 0x69, 0x6e, 0x74,
+ 0x01, 0x6c, 0x01, 0x62, 0x00, 0x0a, 0x6e, 0x74,
0x72, 0x61, 0x00, 0x00, 0x1f, 0x00, 0x10, 0x20,
0x01, 0x0d, 0xb8, 0xde, 0xad, 0xbe, 0xef, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
@@ -338,9 +338,7 @@ static int test_advertise_option(sd_event *e) {
assert_se(!memcmp(addrs, &msg_advertise[124], r * 16));
r = sd_dhcp6_lease_get_domains(lease, &domains);
- assert_se(r == 1);
- assert_se(!strcmp("lab.intra", domains[0]));
- assert_se(domains[1] == NULL);
+ assert_se(r == -ENOENT);
r = sd_dhcp6_lease_get_ntp_addrs(lease, &addrs);
assert_se(r == 1);
```
Fixes:
```
=================================================================
==15043==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160)
#1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552
#2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399
#3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225
#4 0x55f775774b95 in test_advertise_option src/libsystemd-network/test-dhcp6-client.c:287
#5 0x55f77577883e in main src/libsystemd-network/test-dhcp6-client.c:759
#6 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400)
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160)
#1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552
#2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399
#3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225
#4 0x55f775781348 in client_parse_message src/libsystemd-network/sd-dhcp6-client.c:807
#5 0x55f775781ba2 in client_receive_advertise src/libsystemd-network/sd-dhcp6-client.c:895
#6 0x55f775782453 in client_receive_message src/libsystemd-network/sd-dhcp6-client.c:994
#7 0x7f13c7e447f4 in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#8 0x7f13c7e471b0 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#9 0x7f13c7e47ab3 in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#10 0x7f13c7e47c21 in sd_event_loop src/libsystemd/sd-event/sd-event.c:2706
#11 0x55f77577863c in test_client_solicit src/libsystemd-network/test-dhcp6-client.c:737
#12 0x55f77577884b in main src/libsystemd-network/test-dhcp6-client.c:760
#13 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: 8 byte(s) leaked in 2 allocation(s).
```
(cherry picked from commit 419eaa8f8d2025bae98c23bdedb434d6dbb025b8)
---
src/libsystemd-network/dhcp6-option.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
index 5462e03..f8056db 100644
--- a/src/libsystemd-network/dhcp6-option.c
+++ b/src/libsystemd-network/dhcp6-option.c
@@ -339,7 +339,7 @@ int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen,
int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char ***str_arr) {
size_t pos = 0, idx = 0;
- _cleanup_free_ char **names = NULL;
+ _cleanup_strv_free_ char **names = NULL;
int r;
assert_return(optlen > 1, -ENODATA);
--
2.9.3

58
0029-sd-network-fix-memleak-in-dhcp6_lease_set_domains-51.patch Normal file
View File

@ -0,0 +1,58 @@
From c0f1299f8dda31ca91e5b7c8a098fad633156960 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 24 Jan 2017 05:12:58 +0300
Subject: [PATCH] sd-network: fix memleak in dhcp6_lease_set_domains (#5113)
The simplest way to reproduce:
```diff
diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c
index bd289fa..4e14d8f 100644
--- a/src/libsystemd-network/test-dhcp6-client.c
+++ b/src/libsystemd-network/test-dhcp6-client.c
@@ -286,6 +286,8 @@ static int test_advertise_option(sd_event *e) {
assert_se(optlen == 11);
assert_se(dhcp6_lease_set_domains(lease, optval,
optlen) >= 0);
+ assert_se(dhcp6_lease_set_domains(lease, optval,
+ optlen) >= 0);
break;
case SD_DHCP6_OPTION_SNTP_SERVERS:
```
Fixes:
```
==27369==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 10 byte(s) in 1 object(s) allocated from:
#0 0x7f90e7d21160 in strdup (/lib64/libasan.so.3+0x5a160)
#1 0x7f90e7467f69 in strv_extend src/basic/strv.c:552
#2 0x5612fcc19379 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399
#3 0x5612fcc1acdf in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225
#4 0x5612fcc06b95 in test_advertise_option src/libsystemd-network/test-dhcp6-client.c:287
#5 0x5612fcc0a987 in main src/libsystemd-network/test-dhcp6-client.c:761
#6 0x7f90e6d46400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: 10 byte(s) leaked in 1 allocation(s).
```
(cherry picked from commit 0b75a95ace6e1d82772f6b5f1809f4839b810628)
---
src/libsystemd-network/sd-dhcp6-lease.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c
index 5c10a63..681384b 100644
--- a/src/libsystemd-network/sd-dhcp6-lease.c
+++ b/src/libsystemd-network/sd-dhcp6-lease.c
@@ -226,7 +226,7 @@ int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, uint8_t *optval,
if (r < 0)
return 0;
- free(lease->domains);
+ strv_free(lease->domains);
lease->domains = domains;
lease->domains_count = r;
--
2.9.3

57
0030-sd-event-when-exiting-no-signal-event-are-pending-is.patch Normal file
View File

@ -0,0 +1,57 @@
From b3f8184653e03409669e24c4e42b2aff4ecf00b7 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 8 Feb 2017 20:56:22 +0100
Subject: [PATCH] sd-event: "when exiting no signal event are pending" is a
wrong assertion (#5271)
The code make the following assertion: when freeing a event loop object
(usually it's done after exiting from the main event loop), no signal events
are still queued and are pending.
This assertion can be found in event_unmask_signal_data() with
"assert(!d->current);" assertion.
It appears that this assertion can be wrong at least in a specific case
described below.
Consider the following example which is inspired from udev: a process defines 3
source events: 2 are created by sd_event_add_signal() and 1 is created by
sd_event_add_post().
1. the process receives the 2 signals consecutively so that signal 'A' source
event is queued and pending. Consequently the post source event is also
queued and pending. This is done by sd_event_wait().
2. The callback for signal 'A' is called by sd_event_dispatch().
3. The next call to sd_event_wait() will queue signal 'B' source event.
4. The callback for the post source event is called and calls sd_event_exit().
5. the event loop is exited.
6. freeing the event loop object will lead to the assertion failure in
event_unmask_signal_data().
This patch simply removes this assertion as it doesn't seem to be a
bug if the signal data still reference a signal source at this point.
(cherry picked from commit 4470860388e12a5dda1d65773e411a349221a3e9)
---
src/libsystemd/sd-event/sd-event.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 9857f8b..41ce91f 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -730,7 +730,6 @@ static void event_unmask_signal_data(sd_event *e, struct signal_data *d, int sig
/* If all the mask is all-zero we can get rid of the structure */
hashmap_remove(e->signal_data, &d->priority);
- assert(!d->current);
safe_close(d->fd);
free(d);
return;
--
2.9.3

34
0031-journal-gatewayd-fix-segfault-with-certain-request-3.patch Normal file
View File

@ -0,0 +1,34 @@
From 965082d8f944d96ff1f1f5c5483d2d50215ff1a6 Mon Sep 17 00:00:00 2001
From: Yi EungJun <semtlenori@gmail.com>
Date: Sun, 7 Aug 2016 05:39:13 +0900
Subject: [PATCH] journal-gatewayd: fix segfault with certain request (#3893)
When client requests to get logs with `follow` and `KEY=match` that
doesn't match any log entry, journal-gatewayd segfaulted.
Make request_reader_entries to return zero in such case to wait for
matching entries.
This fixes https://github.com/systemd/systemd/issues/3873.
(cherry picked from commit 3475fc5899db8c8c9198573912429b85213e4862)
---
src/journal-remote/journal-gatewayd.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
index 4ad9184..e4a8287 100644
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@@ -239,6 +239,9 @@ static ssize_t request_reader_entries(
m->size = (uint64_t) sz;
}
+ if (m->tmp == NULL && m->follow)
+ return 0;
+
if (fseeko(m->tmp, pos, SEEK_SET) < 0) {
log_error_errno(errno, "Failed to seek to position: %m");
return MHD_CONTENT_READER_END_WITH_ERROR;
--
2.9.3

27
0032-boot-fix-bootctl-install-segfault-4404.patch Normal file
View File

@ -0,0 +1,27 @@
From 293bb90e89dfdfdad1423d0d1a8e1487a95fec46 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 19 Oct 2016 20:50:47 +0900
Subject: [PATCH] boot: fix `bootctl install` segfault (#4404)
(cherry picked from commit 9ee051b9c7623e148bf0d768cc2677aecf283fc8)
---
src/boot/bootctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
index 37fa049..115fe93 100644
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@@ -550,7 +550,8 @@ static const char *efi_subdirs[] = {
"EFI/systemd",
"EFI/BOOT",
"loader",
- "loader/entries"
+ "loader/entries",
+ NULL
};
static int create_dirs(const char *esp_path) {
--
2.9.3

38
0033-sysusers-fix-memleak-4430.patch Normal file
View File

@ -0,0 +1,38 @@
From 8f88b3ca7697acfe79a97d6c7094c277744fd6b2 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Thu, 20 Oct 2016 21:23:32 +0300
Subject: [PATCH] sysusers: fix memleak (#4430)
Fixes:
```
==28075== 64 bytes in 1 blocks are definitely lost in loss record 2 of 3
==28075== at 0x4C2BAEE: malloc (vg_replace_malloc.c:298)
==28075== by 0x4C2DCA1: realloc (vg_replace_malloc.c:785)
==28075== by 0x4ED40A2: greedy_realloc (alloc-util.c:57)
==28075== by 0x4E90F87: extract_first_word (extract-word.c:78)
==28075== by 0x4E91813: extract_many_words (extract-word.c:270)
==28075== by 0x10FE93: parse_line (sysusers.c:1325)
==28075== by 0x11198B: read_config_file (sysusers.c:1640)
==28075== by 0x111EB8: main (sysusers.c:1773)
==28075==
```
(cherry picked from commit d9b8ea5448ba1e61d681a206d770a4eac39b9936)
---
src/sysusers/sysusers.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 787d68a..a39a580 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -1189,6 +1189,7 @@ static void item_free(Item *i) {
free(i->uid_path);
free(i->gid_path);
free(i->description);
+ free(i->home);
free(i);
}
--
2.9.3

38
0034-sysusers-fix-memleak-4443.patch Normal file
View File

@ -0,0 +1,38 @@
From fa36e278e78aea1d23aac18239f928e168223f39 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Fri, 21 Oct 2016 13:30:45 +0300
Subject: [PATCH] sysusers: fix memleak (#4443)
Fixes:
Oct 20 09:10:49 systemd-sysusers[144]: Direct leak of 20 byte(s) in 1 object(s) allocated from:
Oct 20 09:10:49 systemd-sysusers[144]: #0 0x7f3565a13e60 in malloc (/lib64/libasan.so.3+0xc6e60)
Oct 20 09:10:49 systemd-sysusers[144]: #1 0x7f3565526bd0 in malloc_multiply src/basic/alloc-util.h:70
Oct 20 09:10:49 systemd-sysusers[144]: #2 0x7f356552cb55 in tempfn_xxxxxx src/basic/fileio.c:1116
Oct 20 09:10:49 systemd-sysusers[144]: #3 0x7f356552c4f0 in fopen_temporary src/basic/fileio.c:1042
Oct 20 09:10:49 systemd-sysusers[144]: #4 0x7f356555e00e in fopen_temporary_label src/basic/fileio-label.c:63
Oct 20 09:10:49 systemd-sysusers[144]: #5 0x56197c4a1766 in make_backup src/sysusers/sysusers.c:209
Oct 20 09:10:49 systemd-sysusers[144]: #6 0x56197c4a6335 in write_files src/sysusers/sysusers.c:710
Oct 20 09:10:49 systemd-sysusers[144]: #7 0x56197c4ae571 in main src/sysusers/sysusers.c:1817
Oct 20 09:10:49 systemd-sysusers[144]: #8 0x7f3564dee730 in __libc_start_main (/lib64/libc.so.6+0x20730)
(cherry picked from commit 0a12bb1eaa097dc83018aa034faef113a91e6014)
---
src/sysusers/sysusers.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index a39a580..dfb708c 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -190,7 +190,8 @@ static int load_group_database(void) {
static int make_backup(const char *target, const char *x) {
_cleanup_close_ int src = -1;
_cleanup_fclose_ FILE *dst = NULL;
- char *backup, *temp;
+ _cleanup_free_ char *temp = NULL;
+ char *backup;
struct timespec ts[2];
struct stat st;
int r;
--
2.9.3

43
0035-journalctl-fix-memleak.patch Normal file
View File

@ -0,0 +1,43 @@
From 01ad377a1d4029efb083c6a512793ca7b2a58048 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Thu, 3 Nov 2016 21:23:22 +0000
Subject: [PATCH] journalctl: fix memleak
bash-4.3# journalctl --no-hostname >/dev/null
=================================================================
==288==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 48492 byte(s) in 2694 object(s) allocated from:
#0 0x7fb4aba13e60 in malloc (/lib64/libasan.so.3+0xc6e60)
#1 0x7fb4ab5b2cc4 in malloc_multiply src/basic/alloc-util.h:70
#2 0x7fb4ab5b3194 in parse_field src/shared/logs-show.c:98
#3 0x7fb4ab5b4918 in output_short src/shared/logs-show.c:347
#4 0x7fb4ab5b7cb7 in output_journal src/shared/logs-show.c:977
#5 0x5650e29cd83d in main src/journal/journalctl.c:2581
#6 0x7fb4aabdb730 in __libc_start_main (/lib64/libc.so.6+0x20730)
SUMMARY: AddressSanitizer: 48492 byte(s) leaked in 2694 allocation(s).
Closes: #4568
(cherry picked from commit 12104159ed88324fa95505a6a8b333dd92a80368)
---
src/shared/logs-show.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
index d04728f..f347cee 100644
--- a/src/shared/logs-show.c
+++ b/src/shared/logs-show.c
@@ -378,7 +378,7 @@ static int output_short(
if (hostname && (flags & OUTPUT_NO_HOSTNAME)) {
/* Suppress display of the hostname if this is requested. */
- hostname = NULL;
+ hostname = mfree(hostname);
hostname_len = 0;
}
--
2.9.3

59
0036-acl-util-fix-memleak.patch Normal file
View File

@ -0,0 +1,59 @@
From 02fc17d4db1f2bc215f7915f4394ea7f4d8d0602 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Thu, 3 Nov 2016 22:04:40 +0000
Subject: [PATCH] acl-util: fix memleak
Fixes:
$ ./libtool --mode execute valgrind --leak-check=full ./journalctl >/dev/null
==22309== Memcheck, a memory error detector
==22309== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==22309== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==22309== Command: /home/vagrant/systemd/.libs/lt-journalctl
==22309==
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
Pass -q to turn off this notice.
==22309==
==22309== HEAP SUMMARY:
==22309== in use at exit: 8,680 bytes in 4 blocks
==22309== total heap usage: 5,543 allocs, 5,539 frees, 9,045,618 bytes allocated
==22309==
==22309== 488 (56 direct, 432 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 4
==22309== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==22309== by 0x6F37A0A: __new_var_obj_p (__libobj.c:36)
==22309== by 0x6F362F7: __acl_init_obj (acl_init.c:28)
==22309== by 0x6F37731: __acl_from_xattr (__acl_from_xattr.c:54)
==22309== by 0x6F36087: acl_get_file (acl_get_file.c:69)
==22309== by 0x4F15752: acl_search_groups (acl-util.c:172)
==22309== by 0x113A1E: access_check_var_log_journal (journalctl.c:1836)
==22309== by 0x113D8D: access_check (journalctl.c:1889)
==22309== by 0x115681: main (journalctl.c:2236)
==22309==
==22309== LEAK SUMMARY:
==22309== definitely lost: 56 bytes in 1 blocks
==22309== indirectly lost: 432 bytes in 1 blocks
==22309== possibly lost: 0 bytes in 0 blocks
==22309== still reachable: 8,192 bytes in 2 blocks
==22309== suppressed: 0 bytes in 0 blocks
(cherry picked from commit 29d87223d54fc13e16f444677f0a94ed0755bd88)
---
src/shared/acl-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c
index 2aa951f..79a3b95 100644
--- a/src/shared/acl-util.c
+++ b/src/shared/acl-util.c
@@ -162,7 +162,7 @@ int add_base_acls_if_needed(acl_t *acl_p, const char *path) {
int acl_search_groups(const char *path, char ***ret_groups) {
_cleanup_strv_free_ char **g = NULL;
- _cleanup_(acl_free) acl_t acl = NULL;
+ _cleanup_(acl_freep) acl_t acl = NULL;
bool ret = false;
acl_entry_t entry;
int r;
--
2.9.3

47
0037-core-fix-memleak-in-bus_exec_context_set_transient_p.patch Normal file
View File

@ -0,0 +1,47 @@
From a402c90c369f083d37c65a8ba830e7b123b4278b Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Wed, 25 Jan 2017 05:53:50 +0300
Subject: [PATCH] core: fix memleak in bus_exec_context_set_transient_property
(#5143)
Fixes:
```sh
systemd-run --property EnvironmentFile=/some/environment/file /bin/sleep 30
```
```
23 bytes in 1 blocks are definitely lost in loss record 1 of 7
at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
by 0x4E85488: malloc_multiply (alloc-util.h:70)
by 0x4E85F19: strjoin_real (string-util.c:252)
by 0x1AF741: bus_exec_context_set_transient_property (dbus-execute.c:1418)
by 0x1A907C: bus_service_set_property (dbus-service.c:330)
by 0x1A66DD: bus_unit_set_properties (dbus-unit.c:1456)
by 0x19CF93: transient_unit_from_message (dbus-manager.c:892)
by 0x19D388: method_start_transient_unit (dbus-manager.c:980)
by 0x4F60544: method_callbacks_run (bus-objects.c:418)
by 0x4F62D9D: object_find_and_run (bus-objects.c:1255)
by 0x4F633CE: bus_process_object (bus-objects.c:1371)
by 0x4F2CE1D: process_message (sd-bus.c:2563)
```
Closes: #5142
(cherry picked from commit 9b531f04fb16e072100b10b93613abe846140305)
---
src/core/dbus-execute.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 307c3d8..a1d5523 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1224,7 +1224,7 @@ int bus_exec_context_set_transient_property(
_cleanup_free_ char *joined = NULL;
_cleanup_fclose_ FILE *f = NULL;
- _cleanup_free_ char **l = NULL;
+ _cleanup_strv_free_ char **l = NULL;
size_t size = 0;
char **i;
--
2.9.3

38
0038-core-dbus-fix-two-strv-memleaks.patch Normal file
View File

@ -0,0 +1,38 @@
From 827038487456a5ad249529cb643ec30bcd1dac62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 24 Jan 2017 22:21:16 -0500
Subject: [PATCH] core/dbus: fix two strv memleaks
job_dbus_path and unit_dbus_path both allocate new strings, so we should use
strv_free.
(cherry picked from commit f0c03de85afa93d1df2bb533a46748e7f4264af6)
---
src/core/dbus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 3422a02..5d87bca 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -477,7 +477,7 @@ static int bus_kill_context_find(sd_bus *bus, const char *path, const char *inte
}
static int bus_job_enumerate(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
- _cleanup_free_ char **l = NULL;
+ _cleanup_strv_free_ char **l = NULL;
Manager *m = userdata;
unsigned k = 0;
Iterator i;
@@ -504,7 +504,7 @@ static int bus_job_enumerate(sd_bus *bus, const char *path, void *userdata, char
}
static int bus_unit_enumerate(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
- _cleanup_free_ char **l = NULL;
+ _cleanup_strv_free_ char **l = NULL;
Manager *m = userdata;
unsigned k = 0;
Iterator i;
--
2.9.3

28
0039-resolve-fix-strv-memleak.patch Normal file
View File

@ -0,0 +1,28 @@
From 610b7bf641e708c95e5ec7e7bd2bc8742a44e86a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 24 Jan 2017 22:27:21 -0500
Subject: [PATCH] resolve: fix strv memleak
sd_bus_message_read_strv() returns a normal strv...
(cherry picked from commit c6d92582205065e4924b9f0cb1428f4a5f210fd4)
---
src/resolve/resolved-link-bus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c
index 3648122..59cd6cf 100644
--- a/src/resolve/resolved-link-bus.c
+++ b/src/resolve/resolved-link-bus.c
@@ -462,7 +462,7 @@ int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_e
int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_set_free_free_ Set *ns = NULL;
- _cleanup_free_ char **ntas = NULL;
+ _cleanup_strv_free_ char **ntas = NULL;
Link *l = userdata;
int r;
char **i;
--
2.9.3

109
0040-sd-device-replace-lstat-open-with-open-O_NOFOLLOW.patch Normal file
View File

@ -0,0 +1,109 @@
From e863293901fc7cfe823c0c0213b86aa5a98b07ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 19 Feb 2017 14:17:19 -0500
Subject: [PATCH] sd-device: replace lstat() + open() with open(O_NOFOLLOW)
Coverity was complaining about TOCTOU (CID #745806). Indeed, it seems better
to open the file and avoid the stat altogether:
- O_NOFOLLOW means we'll get ELOOP, which we can translate to EINVAL as before,
- similarly, open(O_WRONLY) on a directory will fail with EISDIR,
- and finally, it makes no sense to check access mode ourselves: just let
the kernel do it and propagate the error.
v2:
- fix memleak, don't clober input arg
(cherry picked from commit 2fa4861ad5a203bff604cac660136834e3b70108)
---
src/libsystemd/sd-device/sd-device.c | 43 ++++++++++++++----------------------
1 file changed, 16 insertions(+), 27 deletions(-)
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
index 0c4ad96..1d68fe0 100644
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
@@ -1857,8 +1857,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
_cleanup_free_ char *value = NULL;
const char *syspath;
char *path;
- struct stat statbuf;
- size_t value_len = 0;
+ size_t len = 0;
ssize_t size;
int r;
@@ -1876,8 +1875,14 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
return r;
path = strjoina(syspath, "/", sysattr);
- r = lstat(path, &statbuf);
- if (r < 0) {
+
+ fd = open(path, O_WRONLY | O_CLOEXEC | O_NOFOLLOW);
+ if (fd < 0) {
+ if (errno == ELOOP)
+ return -EINVAL;
+ if (errno == EISDIR)
+ return -EISDIR;
+
value = strdup("");
if (!value)
return -ENOMEM;
@@ -1889,46 +1894,30 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
return -ENXIO;
}
- if (S_ISLNK(statbuf.st_mode))
- return -EINVAL;
-
- /* skip directories */
- if (S_ISDIR(statbuf.st_mode))
- return -EISDIR;
-
- /* skip non-readable files */
- if ((statbuf.st_mode & S_IRUSR) == 0)
- return -EACCES;
-
- value_len = strlen(_value);
+ len = strlen(_value);
/* drop trailing newlines */
- while (value_len > 0 && _value[value_len - 1] == '\n')
- _value[--value_len] = '\0';
+ while (len > 0 && _value[len - 1] == '\n')
+ len --;
/* value length is limited to 4k */
- if (value_len > 4096)
+ if (len > 4096)
return -EINVAL;
- fd = open(path, O_WRONLY | O_CLOEXEC);
- if (fd < 0)
- return -errno;
-
- value = strdup(_value);
+ value = strndup(_value, len);
if (!value)
return -ENOMEM;
- size = write(fd, value, value_len);
+ size = write(fd, value, len);
if (size < 0)
return -errno;
- if ((size_t)size != value_len)
+ if ((size_t)size != len)
return -EIO;
r = device_add_sysattr_value(device, sysattr, value);
if (r < 0)
return r;
-
value = NULL;
return 0;
--
2.9.3

18
systemd.spec
View File

@ -60,6 +60,23 @@ Patch0020: 0020-Various-simplifications.patch
Patch0021: 0021-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
Patch0022: 0022-pid1-do-not-use-mtime-0-as-sign-of-masking-4388.patch
Patch0023: 0023-udev-net_id-add-support-for-phys_port_name-attribute.patch
Patch0024: 0024-logind-don-t-hit-assert-when-we-try-to-free-NULL-man.patch
Patch0025: 0025-core-if-the-start-command-vanishes-during-runtime-do.patch
Patch0026: 0026-core-don-t-hit-an-assert-when-printing-status-messag.patch
Patch0027: 0027-device-Avoid-calling-unit_free-NULL-in-device-setup-.patch
Patch0028: 0028-sd-network-fix-memleak-in-dhcp6_option_parse_domainn.patch
Patch0029: 0029-sd-network-fix-memleak-in-dhcp6_lease_set_domains-51.patch
Patch0030: 0030-sd-event-when-exiting-no-signal-event-are-pending-is.patch
Patch0031: 0031-journal-gatewayd-fix-segfault-with-certain-request-3.patch
Patch0032: 0032-boot-fix-bootctl-install-segfault-4404.patch
Patch0033: 0033-sysusers-fix-memleak-4430.patch
Patch0034: 0034-sysusers-fix-memleak-4443.patch
Patch0035: 0035-journalctl-fix-memleak.patch
Patch0036: 0036-acl-util-fix-memleak.patch
Patch0037: 0037-core-fix-memleak-in-bus_exec_context_set_transient_p.patch
Patch0038: 0038-core-dbus-fix-two-strv-memleaks.patch
Patch0039: 0039-resolve-fix-strv-memleak.patch
Patch0040: 0040-sd-device-replace-lstat-open-with-open-O_NOFOLLOW.patch
Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
@ -960,6 +977,7 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
%changelog
* Wed Feb 22 2017 Michal Sekletar <msekleta@redhat.com> - 231-14
- Backport support for phys_port_name to net_id (#1425737)
- Backport bunch of bugfixes (asserts, segv, memleaks) from upstream
* Tue Jan 17 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-13
- Backport mtime==0 fix (#1384150)