tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
veriexec
While looking at Sevan's recent PR, I notice a couple of problems with 
the current code.
In sys/kern_veriexec.c routine veriexec_file_add(), at line 1072 we 
allocate a vfe entry, and initialize the rw_lock contained therein.
Then there are some error branches at lines 1082 and 1090 that simply 
"goto out" without ever destroying the rw_lock nor free()ing the vfe.
I suggest the following diffs to fix this problem:
Index: kern_veriexec.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_veriexec.c,v
retrieving revision 1.12
diff -u -p -r1.12 kern_veriexec.c
--- kern_veriexec.c	12 Apr 2017 10:30:02 -0000	1.12
+++ kern_veriexec.c	29 Aug 2017 02:17:58 -0000
@@ -1079,7 +1079,7 @@ veriexec_file_add(struct lwp *l, prop_di
 		log(LOG_ERR, "Veriexec: Invalid or unknown fingerprint type "
 		    "`%s' for file `%s'.\n", fp_type, file);
 		error = EOPNOTSUPP;
-		goto out;
+		goto free_out;
 	}
 	if (prop_data_size(prop_dictionary_get(dict, "fp")) !=
@@ -1087,7 +1087,7 @@ veriexec_file_add(struct lwp *l, prop_di
 		log(LOG_ERR, "Veriexec: Bad fingerprint length for `%s'.\n",
 		    file);
 		error = EINVAL;
-		goto out;
+		goto free_out;
 	}
 	vfe->fp = kmem_alloc(vfe->ops->hash_len, KM_SLEEP);
@@ -1158,6 +1158,10 @@ veriexec_file_add(struct lwp *l, prop_di
   unlock_out:
 	rw_exit(&veriexec_op_lock);
+  free_out:
+	rw_destroy(&vfe->lock);
+	kmem_free(vfe, sizeof(*vfe));
+
   out:
 	vrele(vp);
 	if (error)
Comments or other suggestions?
+------------------+--------------------------+----------------------------+
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:          |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee dot com   |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd dot org |
+------------------+--------------------------+----------------------------+
Home |
Main Index |
Thread Index |
Old Index