Close the sk, if coverity wants this:
--------------------------------------------------------------------
*** CID 181221: Resource leaks (RESOURCE_LEAK)
/test/zdtm/static/userns-leaked-sock.c: 91 in child_fn()
85 /* This must complete w/o errors, as orig_sk is from another
net namespace */
86 if (bind(sk, (struct sockaddr *)&addr, len) < 0) {
87 pr_perror("bind");
88 goto err;
89 }
90
>>> CID 181221: Resource leaks (RESOURCE_LEAK)
>>> Handle variable "sk" going out of scope leaks the handle.
91 return 0;
92 err:
93 futex_set_and_wake(futex, EMERGENCY_ABORT);
94 return 1;
95 }
--------------------------------------------------------------------
And obfuscate stack address in this one:
--------------------------------------------------------------------
*** CID 181215: Memory - corruptions (ARRAY_VS_SINGLETON)
/test/zdtm/static/userns-leaked-sock.c: 130 in main()
124 fail("bind");
125 return 1;
126 }
127
128 {
129 char stack;
>>> CID 181215: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "&stack" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
130 pid = clone(child_fn, &stack - 256,
CLONE_NEWUSER|CLONE_NEWNET|CLONE_NEWPID, (void *)(long)sk);
131 if (pid == -1) {
132 fail("clone");
133 return 1;
134 }
135 }
--------------------------------------------------------------------
Signed-off-by: Kirill Tkhai <[email protected]>
---
test/zdtm/static/userns-leaked-sock.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/test/zdtm/static/userns-leaked-sock.c
b/test/zdtm/static/userns-leaked-sock.c
index 8a84efe6a..5f4e9145f 100644
--- a/test/zdtm/static/userns-leaked-sock.c
+++ b/test/zdtm/static/userns-leaked-sock.c
@@ -52,25 +52,25 @@ int write_map(pid_t pid, char *file, char *map)
int child_fn(void *arg)
{
- int sk, orig_sk = (int)(long)arg;
+ int ret = 1, sk = -1, orig_sk = (int)(long)arg;
struct sockaddr_un addr;
socklen_t len = sizeof(addr);
if (getsockname(orig_sk, &addr, &len) < 0) {
pr_perror("getsockname()");
- goto err;
+ goto out;
}
futex_wait_while_lt(futex, MAPS_SET);
if (futex_get(futex) == EMERGENCY_ABORT)
- return 1;
+ goto out;
if (setuid(0)) {
pr_perror("Can't set uid");
- goto err;
+ goto out;
}
if (setgid(0)) {
pr_perror("Can't set gid");
- goto err;
+ goto out;
}
futex_set_and_wake(futex, CHILD_PREPARED);
@@ -79,19 +79,22 @@ int child_fn(void *arg)
sk = socket(PF_UNIX, SOCK_DGRAM, 0);
if (sk < 0) {
pr_perror("socket");
- goto err;
+ goto out;
}
/* This must complete w/o errors, as orig_sk is from another net
namespace */
if (bind(sk, (struct sockaddr *)&addr, len) < 0) {
pr_perror("bind");
- goto err;
+ goto out;
}
- return 0;
-err:
- futex_set_and_wake(futex, EMERGENCY_ABORT);
- return 1;
+ ret = 0;
+out:
+ if (sk >= 0)
+ close(sk);
+ if (ret)
+ futex_set_and_wake(futex, EMERGENCY_ABORT);
+ return ret;
}
int main(int argc, char **argv)
@@ -127,7 +130,8 @@ int main(int argc, char **argv)
{
char stack;
- pid = clone(child_fn, &stack - 256,
CLONE_NEWUSER|CLONE_NEWNET|CLONE_NEWPID, (void *)(long)sk);
+ pid = clone(child_fn, (void *)(((unsigned long)&stack) - 256),
+ CLONE_NEWUSER|CLONE_NEWNET|CLONE_NEWPID, (void
*)(long)sk);
if (pid == -1) {
fail("clone");
return 1;
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
