From 047cf7dcd26e649d45e7e21a3b679bad0bb6c312 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Thu, 13 May 2021 12:04:41 +0100 Subject: [PATCH] daemon/link.c: Fix out of memory error when reading symlinks Commit 0f54df53d2 ("build: Remove gnulib") introduced a bug when I rewrote existing code that used gnulib areadlink(). A missing "continue" statement on the path where fstatat(2) failed caused fall-through to the case where it tries to use malloc(3) on the value from the uninitialized stat buf. This caused a huge amount of memory to be allocated, invoking the oom-killer inside the appliance. Reported-by: Yongkui Guo Fixes: commit 0f54df53d26e4c293871fb30bce88511e1d61d6c Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1960217 --- daemon/link.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/daemon/link.c b/daemon/link.c index acc46891a..909696918 100644 --- a/daemon/link.c +++ b/daemon/link.c @@ -59,9 +59,11 @@ do_internal_readlinklist (const char *path, char *const *names) if (fstatat (fd_cwd, names[i], &statbuf, AT_SYMLINK_NOFOLLOW) == -1) { add_empty_string: if (add_string (&ret, "") == -1) { + add_string_failed: close (fd_cwd); return NULL; } + continue; } if (!S_ISLNK (statbuf.st_mode)) goto add_empty_string; @@ -74,10 +76,8 @@ do_internal_readlinklist (const char *path, char *const *names) goto add_empty_string; link[n] = '\0'; - if (add_string (&ret, link) == -1) { - close (fd_cwd); - return NULL; - } + if (add_string (&ret, link) == -1) + goto add_string_failed; } close (fd_cwd);