Skip to content

Commit

Permalink
bugfix: fix various resource leaks (#6367)
Browse files Browse the repository at this point in the history
Fix memory and descriptor leaks.

Signed-off-by: Ilya Pankratov <[email protected]>
  • Loading branch information
i-pankrat authored Jun 5, 2024
1 parent 53ad8d7 commit 03ea436
Show file tree
Hide file tree
Showing 11 changed files with 29 additions and 4 deletions.
2 changes: 1 addition & 1 deletion src/fids/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -106,9 +106,9 @@ static void file_checksum(const char *fname) {
}
else {
content = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
close(fd);
mmapped = 1;
}
close(fd);

unsigned char checksum[KEY_SIZE / 8];
blake2b(checksum, sizeof(checksum), content, size);
Expand Down
3 changes: 3 additions & 0 deletions src/firecfg/desktop_files.c
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,7 @@ void fix_desktop_files(const char *homedir) {

if (stat(outname, &sb) == 0) {
printf(" %s skipped: file exists\n", filename);
free(outname);
if (change_exec)
free(change_exec);
continue;
Expand All @@ -308,6 +309,7 @@ void fix_desktop_files(const char *homedir) {
FILE *fpin = fopen(filename, "r");
if (!fpin) {
fprintf(stderr, "Warning: cannot open /usr/share/applications/%s\n", filename);
free(outname);
if (change_exec)
free(change_exec);
continue;
Expand All @@ -317,6 +319,7 @@ void fix_desktop_files(const char *homedir) {
if (!fpout) {
fprintf(stderr, "Warning: cannot open ~/.local/share/applications/%s\n", outname);
fclose(fpin);
free(outname);
if (change_exec)
free(change_exec);
continue;
Expand Down
3 changes: 3 additions & 0 deletions src/firejail/bandwidth.c
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,8 @@ static void read_bandwidth_file(pid_t pid) {

fclose(fp);
}

free(fname);
}

static void write_bandwidth_file(pid_t pid) {
Expand All @@ -217,6 +219,7 @@ static void write_bandwidth_file(pid_t pid) {
ptr = ptr->next;
}
fclose(fp);
free(fname);
}
else
goto errout;
Expand Down
12 changes: 9 additions & 3 deletions src/firejail/fs_home.c
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,10 @@ static void skel(const char *homedir) {
if (asprintf(&fname, "%s/.zshrc", homedir) == -1)
errExit("asprintf");
// don't copy it if we already have the file
if (access(fname, F_OK) == 0)
if (access(fname, F_OK) == 0) {
free(fname);
return;
}
if (is_link(fname)) { // access(3) on dangling symlinks fails, try again using lstat
fprintf(stderr, "Error: invalid %s file\n", fname);
exit(1);
Expand All @@ -91,8 +93,10 @@ static void skel(const char *homedir) {
if (asprintf(&fname, "%s/.cshrc", homedir) == -1)
errExit("asprintf");
// don't copy it if we already have the file
if (access(fname, F_OK) == 0)
if (access(fname, F_OK) == 0) {
free(fname);
return;
}
if (is_link(fname)) { // access(3) on dangling symlinks fails, try again using lstat
fprintf(stderr, "Error: invalid %s file\n", fname);
exit(1);
Expand All @@ -115,8 +119,10 @@ static void skel(const char *homedir) {
if (asprintf(&fname, "%s/.bashrc", homedir) == -1)
errExit("asprintf");
// don't copy it if we already have the file
if (access(fname, F_OK) == 0)
if (access(fname, F_OK) == 0) {
free(fname);
return;
}
if (is_link(fname)) { // access(3) on dangling symlinks fails, try again using lstat
fprintf(stderr, "Error: invalid %s file\n", fname);
exit(1);
Expand Down
2 changes: 2 additions & 0 deletions src/firejail/ids.c
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ static void ids_init(void) {
if (dup(fd) != STDOUT_FILENO)
errExit("dup");
close(fd);
free(fname);

sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FIDS, "--init", cfg.homedir);
}
Expand All @@ -63,6 +64,7 @@ static void ids_check(void) {
if (dup(fd) != STDIN_FILENO)
errExit("dup");
close(fd);
free(fname);

sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP| SBOX_ALLOW_STDIN, 3, PATH_FIDS, "--check", cfg.homedir);
}
Expand Down
2 changes: 2 additions & 0 deletions src/firejail/run_files.c
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ void set_name_run_file(pid_t pid) {
// mode and ownership
SET_PERMS_STREAM(fp, 0, 0, 0644);
fclose(fp);
free(fname);
}


Expand All @@ -141,6 +142,7 @@ void set_x11_run_file(pid_t pid, int display) {
// mode and ownership
SET_PERMS_STREAM(fp, 0, 0, 0644);
fclose(fp);
free(fname);
}

void set_profile_run_file(pid_t pid, const char *fname) {
Expand Down
1 change: 1 addition & 0 deletions src/firejail/util.c
Original file line number Diff line number Diff line change
Expand Up @@ -1392,6 +1392,7 @@ void enter_network_namespace(pid_t pid) {
fprintf(stderr, "Error: the sandbox doesn't use a new network namespace\n");
exit(1);
}
free(name);

// join the namespace
EUID_ROOT();
Expand Down
2 changes: 2 additions & 0 deletions src/firemon/netstats.c
Original file line number Diff line number Diff line change
Expand Up @@ -152,10 +152,12 @@ static void print_proc(int index, int itv, int col) {
struct stat s;
if (stat(name, &s) == -1) {
// the sandbox doesn't have a --net= option, don't print
free(name);
if (cmd)
free(cmd);
return;
}
free(name);

// pid
char pidstr[11];
Expand Down
3 changes: 3 additions & 0 deletions src/jailcheck/access.c
Original file line number Diff line number Diff line change
Expand Up @@ -80,10 +80,13 @@ void access_setup(const char *directory) {
FILE *fp = fopen(test_file, "w");
if (!fp) {
printf("Warning: I cannot create test file in directory %s, skipping...\n", directory);
free(test_file);
free(path);
return;
}
fprintf(fp, "this file was created by firetest utility, you can safely delete it\n");
fclose(fp);
free(path);
int rv = chown(test_file, user_uid, user_gid);
if (rv)
errExit("chown");
Expand Down
2 changes: 2 additions & 0 deletions src/jailcheck/noexec.c
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ void noexec_setup(void) {
execfile_len = s.st_size;
close(fd);
}
free(self);
}
}

Expand Down Expand Up @@ -110,4 +111,5 @@ void noexec_test(const char *path) {
wait(&status);
int rv = unlink(fname);
(void) rv;
free(fname);
}
1 change: 1 addition & 0 deletions src/jailcheck/virtual.c
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ void virtual_setup(const char *directory) {
FILE *fp = fopen(test_file, "w");
if (!fp) {
printf("Warning: I cannot create test file in directory %s, skipping...\n", directory);
free(test_file);
return;
}
fprintf(fp, "this file was created by firetest utility, you can safely delete it\n");
Expand Down

0 comments on commit 03ea436

Please sign in to comment.