From c4340b12f8e0fd4a15cc4c686ef835d110c5e9d8 Mon Sep 17 00:00:00 2001 From: Konstantin Baladurin Date: Mon, 22 Jun 2015 11:51:44 +0300 Subject: [PATCH] [FIX] prevent issues -------------------------------------------------------------------------------------------- | CID | Type | File | Function | |------------------------------------------------------------------------------------------| | 451239 | Uninitialized scalar variable | da_inst.c | ld_add_probes_by_feature | |------------------------------------------------------------------------------------------| | 451189 | Resource leak | FileElf.cpp | makeRelocMap | |------------------------------------------------------------------------------------------| | 451185 | Resource leak | FileElf.cpp | makeRelocMap | |------------------------------------------------------------------------------------------| | 451183 | Resource leak | FileElf.cpp | getAddrPlt | |------------------------------------------------------------------------------------------| | 451178 | Resource leak | FileElf.cpp | readSectionsInfo | |------------------------------------------------------------------------------------------| | 451172 | Resource leak | da_protocol_inst.c | parse_app_inst_list | |------------------------------------------------------------------------------------------| | 451168 | Resource leak | da_protocol_inst.c | add_preload_probes | |------------------------------------------------------------------------------------------| | 451167 | Resource leak | da_protocol_inst.c | add_preload_probes | |------------------------------------------------------------------------------------------| | 451125 | Null pointer dereferences | wsi.c | wsi_set_smack_rules | |------------------------------------------------------------------------------------------| | 451123 | Null pointer dereferences | da_protocol_inst.c | feature_add_func_inst_list | |------------------------------------------------------------------------------------------| | 451122 | Null pointer dereferences | wsi.c | send_request | |------------------------------------------------------------------------------------------| | 451121 | Null pointer dereferences | da_protocol_inst.c | feature_add_func_inst_list | |------------------------------------------------------------------------------------------| | 451076 | Deleting void pointer | FileElf.cpp | putSection | -------------------------------------------------------------------------------------------- Change-Id: If21d9b2983b3c97d6fa94761f49334f975c94b1b Signed-off-by: Konstantin Baladurin --- daemon/cpp/elf/FileElf.cpp | 16 ++++++++++------ daemon/da_inst.c | 16 +++++++++++++++- daemon/da_inst.h | 1 + daemon/da_protocol_inst.c | 32 ++++++++++++++++++++++++++++---- daemon/wsi.c | 17 +++++++++++++++-- 5 files changed, 69 insertions(+), 13 deletions(-) diff --git a/daemon/cpp/elf/FileElf.cpp b/daemon/cpp/elf/FileElf.cpp index fa09d4a..5e1068b 100644 --- a/daemon/cpp/elf/FileElf.cpp +++ b/daemon/cpp/elf/FileElf.cpp @@ -62,7 +62,7 @@ FileElf::Data *FileElf::getSection(const Elf32_Shdr *shdr) return 0; data->size = shdr->sh_size; - data->data = new char[data->size]; + data->data = ::operator new(data->size); if (data->data == 0) { delete data; return 0; @@ -93,7 +93,7 @@ FileElf::Data *FileElf::getSection(const std::string &name) void FileElf::putSection(const Data *data) { - delete []data->data; + ::operator delete(data->data); delete data; } @@ -125,8 +125,10 @@ int FileElf::readSectionsInfo() const char *strData = reinterpret_cast(data->data); const char *strDataEnd = strData + data->size; - if (strData == 0) - return -ENOMEM; + if (strData == 0) { + ret = -ENOMEM; + goto putSect; + } for (int i = 0; i < _fhdr.e_shnum; ++i) { Elf32_Shdr shdr; @@ -190,7 +192,8 @@ int FileElf::makeRelocMap(const uint8_t jump_slot) if (dataRel->size % sizeof(Elf32_Rel)) { LOGE("'%s' section incorrect\n", nameRel); - return -EINVAL; + ret = -EINVAL; + goto putSectRel; } rel = reinterpret_cast(dataRel->data); relCnt = dataRel->size / sizeof(Elf32_Rel); @@ -206,7 +209,7 @@ int FileElf::makeRelocMap(const uint8_t jump_slot) if (dataSym->size % sizeof(Elf32_Sym)) { LOGE("'%s' section incorrect\n", nameSym); ret = -EINVAL; - goto putSectRel; + goto putSectSym; } sym = reinterpret_cast(dataSym->data); symCnt = dataSym->size / sizeof(Elf32_Sym); @@ -324,6 +327,7 @@ int FileElf::getAddrPlt(const char *names[], uint32_t addrs[], size_t cnt) addrs[i] = it == funcMap.end() ? 0 : it->second; } + putSection(data); return 0; } diff --git a/daemon/da_inst.c b/daemon/da_inst.c index 06c1a82..83f4562 100644 --- a/daemon/da_inst.c +++ b/daemon/da_inst.c @@ -171,6 +171,20 @@ exit_fail: return NULL; } +void free_app(struct app_list_t *app) +{ + free_app_info(app->app); + app->app = NULL; + free_data((struct data_list_t *)app); +} + +void free_app_info(struct app_info_t *app_info) +{ + free(app_info->app_id); + free(app_info->exe_path); + free(app_info); +} + struct probe_list_t *new_probe(void) { struct probe_list_t *probe; @@ -1038,7 +1052,7 @@ int ld_add_probes_by_feature(uint64_t to_enable_features_0, struct msg_t **msg_reply_add, struct msg_t **msg_reply_remove) { - int i, res; + int i, res = 0; char *p; struct feature_list_t f; char buf[1024] = ""; diff --git a/daemon/da_inst.h b/daemon/da_inst.h index bf26b54..ef78809 100644 --- a/daemon/da_inst.h +++ b/daemon/da_inst.h @@ -86,6 +86,7 @@ struct app_list_t *new_app(void); int probe_list_append(struct data_list_t *to, struct probe_list_t *from); int data_list_append(struct data_list_t **to, struct data_list_t *from); void free_data_list(struct data_list_t **data); +void free_app(struct app_list_t *app); struct app_info_t *app_info_get_first(struct app_list_t **app_list); struct app_info_t *app_info_get_next(struct app_list_t **app_list); diff --git a/daemon/da_protocol_inst.c b/daemon/da_protocol_inst.c index dd5e0ae..132e0a2 100644 --- a/daemon/da_protocol_inst.c +++ b/daemon/da_protocol_inst.c @@ -409,6 +409,7 @@ int parse_app_inst_list(struct msg_buf_t *msg, info->setup_data.data, info->setup_data.size); if (err) { LOGE("add app, ret=%d\n", err); + free_app(app); return 0; } @@ -452,8 +453,20 @@ static int feature_add_func_inst_list(struct ld_lib_list_el_t ld_lib, for (i = 0; i < num; i++) { parse_deb("app_int #%d\n", i); probe_el = new_probe(); + + if (probe_el == NULL) { + LOGE("probe alloc error\n"); + return 0; + } + func = malloc(sizeof(struct ld_preload_probe_t)); + if (func == NULL) { + LOGE("func alloc error\n"); + free(probe_el); + return 0; + } + func->orig_addr = ld_lib.probes[i].orig_addr; func->probe_type = SWAP_LD_PROBE; func->handler_addr = ld_lib.probes[i].handler_addr; @@ -555,12 +568,14 @@ int add_preload_probes(struct lib_list_t **lib_list) if (preload_lib == NULL) { LOGE("preload lib alloc error\n"); - return 0; + ret = 0; + goto free_caller_probe; } if (get_caller_probe == NULL || get_call_type_probe == NULL) { LOGE("probe alloc error\n"); - return 0; + ret = 0; + goto free_caller_probe; } preload_lib->lib->bin_path = probe_lib; @@ -569,13 +584,15 @@ int add_preload_probes(struct lib_list_t **lib_list) /* Add get_caller probe */ ret = create_preload_probe_func(&get_caller_probe, get_caller_addr, 4); if (ret != 0) - return ret; + goto free_caller_probe; + probe_list_append(preload_lib, get_caller_probe); /* Add get_call_type probe */ ret = create_preload_probe_func(&get_call_type_probe, get_call_type_addr, 5); if (ret != 0) - return ret; + goto free_call_type_probe; + probe_list_append(preload_lib, get_call_type_probe); preload_lib->func_num = 2; @@ -585,4 +602,11 @@ int add_preload_probes(struct lib_list_t **lib_list) data_list_append((struct data_list_t **)lib_list, (struct data_list_t *)preload_lib); return 1; + +free_caller_probe: + free(get_caller_probe); +free_call_type_probe: + free(get_call_type_probe); + + return ret; } diff --git a/daemon/wsi.c b/daemon/wsi.c index 30438af..a3a48f1 100644 --- a/daemon/wsi.c +++ b/daemon/wsi.c @@ -141,6 +141,13 @@ int wsi_set_smack_rules(const struct app_info_t *app_info) size_t id_maxlen = 128; app_id = malloc(sizeof(char) * (strnlen(app_info->app_id, id_maxlen) + 1)); + + if (app_id == NULL) { + LOGE("app id alloc error\n"); + ret = 1; + goto exit; + } + strcpy(app_id, app_info->app_id); package_id = strtok(app_id, delim); @@ -152,7 +159,7 @@ int wsi_set_smack_rules(const struct app_info_t *app_info) } free(app_id); - +exit: return ret; } @@ -184,11 +191,17 @@ static void send_request(const char *method) { #define MAX_REQUEST_LENGTH 128 - json_object *jobj = json_object_new_object(); + json_object *jobj = NULL; char buf[LWS_SEND_BUFFER_PRE_PADDING + MAX_REQUEST_LENGTH + LWS_SEND_BUFFER_POST_PADDING]; const char *payload; + jobj = json_object_new_object(); + if (jobj == NULL) { + LOGE("cannot create json object\n"); + return; + } + memset(&buf[LWS_SEND_BUFFER_PRE_PADDING], 0, MAX_REQUEST_LENGTH); json_object_object_add(jobj, "id", json_object_new_int(request_id++)); -- 2.7.4