Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 2cbdc3b
Final round of low hanging leaks.
Keve committed 1 year ago
commit 2cbdc3b88ea20d2db3a8c7212b2d7ebbae70f163
parent 8186d23
9 files changed +49 -7
modified Leak.suppress.in
@@ -11,4 +11,12 @@ leak:dyld4::Loader::*
#    #3 0x7f2a7f11b004 in BUF_MEM_new_ex (/lib/x86_64-linux-gnu/libcrypto.so.3+0x11b004) (BuildId: c503df82cf13681b2f81e1097e857e3fc50679b1)

#    #4 0x7f2a7f0f79dd  (/lib/x86_64-linux-gnu/libcrypto.so.3+0xf79dd) (BuildId: c503df82cf13681b2f81e1097e857e3fc50679b1)

#    #5 0x7f2a7f0ed883 in BIO_new_ex (/lib/x86_64-linux-gnu/libcrypto.so.3+0xed883) (BuildId: c503df82cf13681b2f81e1097e857e3fc50679b1)
- 
leak:BIO_new_ex
 

\ No newline at end of file
+ 
leak:BIO_new_ex
+
+ 
# UCL should be investigated first within UCL, there is plenty to look at
+ 
leak:ucl_parser_add_fd
+
+ 
## FIXME: Temporarily suppress inside pkg source
+
+ 
# this could be a dangling pointer false positive report, the whole function should be re-structured
+ 
leak:pkgdb_open_all2
 

\ No newline at end of file
modified libpkg/pkg.c
@@ -67,6 +67,7 @@ pkg_free(struct pkg *pkg)
	free(pkg->desc);

	free(pkg->sum);

	free(pkg->repopath);
+ 
	free(pkg->reponame);

	free(pkg->repourl);

	free(pkg->reason);

	free(pkg->dep_formula);
modified libpkg/pkg_delete.c
@@ -269,8 +269,10 @@ pkg_effective_rmdir(struct pkgdb *db, struct pkg *pkg)
	char prefix_r[MAXPATHLEN];



	snprintf(prefix_r, sizeof(prefix_r), "%s", pkg->prefix[0] ? pkg->prefix + 1 : "");
- 
	tll_foreach(pkg->dir_to_del, d)
+ 
	tll_foreach(pkg->dir_to_del, d) {

		rmdir_p(db, pkg, d->item, prefix_r);
+ 
		tll_remove_and_free(pkg->dir_to_del, d, free);
+ 
	}

}



void
modified libpkg/pkg_jobs_universe.c
@@ -689,6 +689,7 @@ pkg_jobs_universe_free(struct pkg_jobs_universe *universe)
	while (pkghash_next(&it))

		pkg_jobs_universe_provide_free(it.value);

	pkghash_destroy(universe->provides);
+ 
	free(universe);

}



struct pkg_jobs_universe *
modified libpkg/pkg_manifest.c
@@ -609,7 +609,6 @@ pkg_set_files_from_object(struct pkg *pkg, const ucl_object_t *obj)
	const char *sum = NULL;

	const char *uname = NULL;

	const char *gname = NULL;
- 
	void *set = NULL;

	mode_t perm = 0;

	xstring *fname = NULL;

	const char *key, *okey;
@@ -631,11 +630,13 @@ pkg_set_files_from_object(struct pkg *pkg, const ucl_object_t *obj)
			sum = ucl_object_tostring(cur);

		else if (STRIEQ(key, "perm") &&

			 (cur->type == UCL_STRING || cur->type == UCL_INT)) {
+ 
			void *set = 0;

			if ((set = setmode(ucl_object_tostring_forced(cur))) == NULL)

				pkg_emit_error("Not a valid mode: %s",

				    ucl_object_tostring(cur));

			else

				perm = getmode(set, 0);
+ 
			free(set);

		} else {

			dbg(1, "Skipping unknown key for file(%s): %s",

			    fname->buf, key);
@@ -656,7 +657,6 @@ pkg_set_dirs_from_object(struct pkg *pkg, const ucl_object_t *obj)
	ucl_object_iter_t it = NULL;

	const char *uname = NULL;

	const char *gname = NULL;
- 
	void *set;

	mode_t perm = 0;

	xstring *dirname = NULL;

	const char *key, *okey;
@@ -675,11 +675,13 @@ pkg_set_dirs_from_object(struct pkg *pkg, const ucl_object_t *obj)
			gname = ucl_object_tostring(cur);

		else if (STRIEQ(key, "perm") &&

			 (cur->type == UCL_STRING || cur->type == UCL_INT)) {
+ 
			void *set = 0;

			if ((set = setmode(ucl_object_tostring_forced(cur))) == NULL)

				pkg_emit_error("Not a valid mode: %s",

				    ucl_object_tostring(cur));

			else

				perm = getmode(set, 0);
+ 
			free(set);

		} else if (STRIEQ(key, "try") && cur->type == UCL_BOOLEAN) {

			/* ignore on purpose : compatibility*/

		} else {
modified libpkg/pkg_repo_create.c
@@ -1020,6 +1020,7 @@ pkg_repo_sign(const char *path, char **argv, int argc, char **sig, size_t *sigle
			fwrite(line, linelen, 1, buf->fp);

		}

	}
+ 
	free(line);



	*sigtype = xstring_get(typestr);

	*cert = xstring_get_binary(certstr, certlen);
@@ -1131,6 +1132,8 @@ pack_command_sign(struct packing *pack, const char *path, char **argv, int argc,


		iov[offset].iov_base = buf;

		iov[offset++].iov_len = size;
+ 
	} else {
+ 
		free(sigtype);

	}



	iov[offset].iov_base = sig;
modified src/updating.c
@@ -56,6 +56,25 @@ struct regex_cache {
	regex_t reg;

};
+
+ 
static void
+ 
installed_ports_free(struct installed_ports *p)
+ 
{
+ 
	if (!p)
+ 
		return;
+ 
	free(p->origin);
+ 
	free(p);
+ 
}
+
+ 
static void
+ 
regex_cache_free(struct regex_cache *p)
+ 
{
+ 
	if (!p)
+ 
		return;
+ 
	free(p->pattern);
+ 
	free(p);
+ 
}
+ 


void

usage_updating(void)

{
@@ -199,14 +218,13 @@ matcher(const char *affects, const char *origin, bool ignorecase)
				goto out;

			}

			if ((ent->pattern = strdup(words[i])) == NULL) {
- 
				free(ent);
+ 
				regex_cache_free(ent);

				ret = 0;

				goto out;

			}

			re = convert_re(words[i]);

			if (re == NULL) {
- 
				free(ent->pattern);
- 
				free(ent);
+ 
				regex_cache_free(ent);

				ret = 0;

				goto out;

			}
@@ -221,6 +239,8 @@ matcher(const char *affects, const char *origin, bool ignorecase)
	}



out:
+ 
	tll_foreach(cache, it)
+ 
		tll_remove_and_free(cache, it, regex_cache_free);

	free(words);

	free(buf);

	return (ret);
@@ -381,6 +401,8 @@ exec_updating(int argc, char **argv)
	fclose(fd);



cleanup:
+ 
	tll_foreach(origins, it)
+ 
		tll_remove_and_free(origins, it, installed_ports_free);

	pkgdb_it_free(it);

	pkgdb_release_lock(db, PKGDB_LOCK_READONLY);

	pkgdb_close(db);
modified src/upgrade.c
@@ -217,6 +217,8 @@ add_vulnerable_upgrades(struct pkg_jobs *jobs, struct pkgdb *db)
		}

	}
+ 
	free(line);
+ 


	fclose(in);



	while (waitpid(cld, &retcode, 0) == -1) {
modified src/utils.c
@@ -191,6 +191,7 @@ vquery_yesno(bool deft, const char *msg, va_list ap)
		}

	}
+ 
	free(line);

	free(out);



	return (r);