From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com [209.85.218.49]) by mx.groups.io with SMTP id smtpd.web11.11509.1675333299778625849 for ; Thu, 02 Feb 2023 02:21:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=mLb9we0x; spf=pass (domain: gmail.com, ip: 209.85.218.49, mailfrom: savvamtr@gmail.com) Received: by mail-ej1-f49.google.com with SMTP id ml19so4716064ejb.0 for ; Thu, 02 Feb 2023 02:21:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=AfNXnA5DXndegAmZrpGxpTx9Fo9syA47Cu+miYhd76o=; b=mLb9we0xCJqlp968xizAMF8zHju3JccJAtOPn7zC8dL6ImWU3pNIaRzS2MuuoH0yGI /5BIwn+HgaV4cxqmZxc3Rxi81HB7y+2+SzOXhegWMc6p8KN5GdohMQSTCQ+x5fCohuRO ZaYk/1rbh9miqcau+sV6CO79el46zUpuWr9hmRj3vHFvl6AfhzrLTtAgUbycEGK33OmC VquPz6deapk27Vf3w2/7kQV5540VN1y06DquEjKtFsZewB5FpRZoJAKwzHjNv0xN0DdO uPy1Qv9lixO33zOIM9dmCHJAYDkOVdkP7lCaVe8/gPCpPRs2OUMyTHqqKUJ+s3PIW3H4 btAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AfNXnA5DXndegAmZrpGxpTx9Fo9syA47Cu+miYhd76o=; b=SE4C9poQkukcdCayg2RzuPvUx8McRTw3UstV2d5TFst6EtNi63Fc4XoWf7usvv1JGz 0nLKqtusWEJsh1068fus3jvctcx2Y1uTtWjEYXZzHfWUnh7RdyRkt/gL8zRjAq7J5GYo G6UpM3njR1jtdro1ZAcVLXuSGKRhAMWbWfqy6qBOfrSXSbA3T5c9ARPuGWm4BBBf3SpN 0Raomc/GkhbpmYGcpC1Ej+5H9Y0HeuW1HR9uAnTGYqpqLnV85xkvxrd44ETrpbqUfy5i VMOl3gCdyev2ajyVFaLgJNZnGMEy3KsIv8+bmkYzhRYMemo/lAbydckQps2QZpUTw7o3 U0RQ== X-Gm-Message-State: AO0yUKUULfnm2DrXULUGKsH2HozzvqdcmaruKZuFpD332Butr6DdhQKF /PZZA5PrQVNrFmb0nxwGkTWYp3P5hPHP7Q== X-Google-Smtp-Source: AK7set+wLOlBaPT6q9JjT2AWGNlX0XMnOZOS3p4zXKK8NHmmr+zKo0kvL8g9Q6mnxRxBGcp7jbDs5Q== X-Received: by 2002:a17:906:b5a:b0:878:72f7:bd99 with SMTP id v26-20020a1709060b5a00b0087872f7bd99mr5850588ejg.6.1675333297979; Thu, 02 Feb 2023 02:21:37 -0800 (PST) Return-Path: Received: from localhost.localdomain ([176.62.67.29]) by smtp.gmail.com with ESMTPSA id ci22-20020a170906c35600b0087bcda2b07bsm10013121ejb.202.2023.02.02.02.21.37 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 02 Feb 2023 02:21:37 -0800 (PST) From: "Savva Mitrofanov" To: devel@edk2.groups.io Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= , Pedro Falcato , Vitaly Cheptsov Subject: [edk2-platforms][PATCH v4 01/12] Ext4Pkg: Fix memory leak in Ext4RetrieveDirent Date: Thu, 2 Feb 2023 16:21:22 +0600 Message-Id: <20230202102133.51606-2-savvamtr@gmail.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230202102133.51606-1-savvamtr@gmail.com> References: <20230202102133.51606-1-savvamtr@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable We need to free buffer on return if BlockRemainder !=3D 0. Also changed return logic from function to use use common exit to prevent code duplication. Cc: Marvin H=C3=A4user Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.") Signed-off-by: Savva Mitrofanov Reviewed-by: Pedro Falcato Reviewed-by: Marvin H=C3=A4user --- Features/Ext4Pkg/Ext4Dxe/Directory.c | 30 +++++++++++--------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/Features/Ext4Pkg/Ext4Dxe/Directory.c b/Features/Ext4Pkg/Ext4Dx= e/Directory.c index 73d21d9f9542..c7992cc72717 100644 --- a/Features/Ext4Pkg/Ext4Dxe/Directory.c +++ b/Features/Ext4Pkg/Ext4Dxe/Directory.c @@ -113,8 +113,7 @@ Ext4RetrieveDirent ( UINTN ToCopy;=0D UINTN BlockOffset;=0D =0D - Status =3D EFI_NOT_FOUND;=0D - Buf =3D AllocatePool (Partition->BlockSize);=0D + Buf =3D AllocatePool (Partition->BlockSize);=0D =0D if (Buf =3D=3D NULL) {=0D return EFI_OUT_OF_RESOURCES;=0D @@ -128,7 +127,8 @@ Ext4RetrieveDirent ( DivU64x32Remainder (DirInoSize, Partition->BlockSize, &BlockRemainder);= =0D if (BlockRemainder !=3D 0) {=0D // Directory inodes need to have block aligned sizes=0D - return EFI_VOLUME_CORRUPTED;=0D + Status =3D EFI_VOLUME_CORRUPTED;=0D + goto Out;=0D }=0D =0D while (Off < DirInoSize) {=0D @@ -137,8 +137,7 @@ Ext4RetrieveDirent ( Status =3D Ext4Read (Partition, Directory, Buf, Off, &Length);=0D =0D if (Status !=3D EFI_SUCCESS) {=0D - FreePool (Buf);=0D - return Status;=0D + goto Out;=0D }=0D =0D for (BlockOffset =3D 0; BlockOffset < Partition->BlockSize; ) {=0D @@ -146,19 +145,19 @@ Ext4RetrieveDirent ( RemainingBlock =3D Partition->BlockSize - BlockOffset;=0D // Check if the minimum directory entry fits inside [BlockOffset, En= dOfBlock]=0D if (RemainingBlock < EXT4_MIN_DIR_ENTRY_LEN) {=0D - FreePool (Buf);=0D - return EFI_VOLUME_CORRUPTED;=0D + Status =3D EFI_VOLUME_CORRUPTED;=0D + goto Out;=0D }=0D =0D if (!Ext4ValidDirent (Entry)) {=0D - FreePool (Buf);=0D - return EFI_VOLUME_CORRUPTED;=0D + Status =3D EFI_VOLUME_CORRUPTED;=0D + goto Out;=0D }=0D =0D if ((Entry->name_len > RemainingBlock) || (Entry->rec_len > Remainin= gBlock)) {=0D // Corrupted filesystem=0D - FreePool (Buf);=0D - return EFI_VOLUME_CORRUPTED;=0D + Status =3D EFI_VOLUME_CORRUPTED;=0D + goto Out;=0D }=0D =0D // Unused entry=0D @@ -193,8 +192,8 @@ Ext4RetrieveDirent ( ToCopy =3D MIN (Entry->rec_len, sizeof (EXT4_DIR_ENTRY));=0D =0D CopyMem (Result, Entry, ToCopy);=0D - FreePool (Buf);=0D - return EFI_SUCCESS;=0D + Status =3D EFI_SUCCESS;=0D + goto Out;=0D }=0D =0D BlockOffset +=3D Entry->rec_len;=0D @@ -203,8 +202,11 @@ Ext4RetrieveDirent ( Off +=3D Partition->BlockSize;=0D }=0D =0D + Status =3D EFI_NOT_FOUND;=0D +=0D +Out:=0D FreePool (Buf);=0D - return EFI_NOT_FOUND;=0D + return Status;=0D }=0D =0D /**=0D --=20 2.39.1