[Midnightbsd-cvs] src [6885] trunk/sys/kern/vfs_lookup.c: The namei facility will leak a small amount of kernel memory every

Tue Oct 21 18:32:29 EDT 2014

Revision: 6885
          http://svnweb.midnightbsd.org/src/?rev=6885
Author:   laffer1
Date:     2014-10-21 18:32:29 -0400 (Tue, 21 Oct 2014)
Log Message:
-----------
The namei facility will leak a small amount of kernel memory every
time a sandboxed process looks up a nonexistent path name.

Obtained from: FreeBSD

Modified Paths:
--------------
    trunk/sys/kern/vfs_lookup.c

Modified: trunk/sys/kern/vfs_lookup.c
===================================================================

--- trunk/sys/kern/vfs_lookup.c	2014-10-21 22:30:33 UTC (rev 6884)
+++ trunk/sys/kern/vfs_lookup.c	2014-10-21 22:32:29 UTC (rev 6885)
@@ -121,6 +121,16 @@
  *		if symbolic link, massage name in buffer and continue
  *	}
  */
+static void
+namei_cleanup_cnp(struct componentname *cnp)
+{
+	uma_zfree(namei_zone, cnp->cn_pnbuf);
+#ifdef DIAGNOSTIC
+	cnp->cn_pnbuf = NULL;
+	cnp->cn_nameptr = NULL;
+#endif
+}
+
 int
 namei(struct nameidata *ndp)
 {
@@ -193,11 +203,7 @@
 	}
 #endif
 	if (error) {
-		uma_zfree(namei_zone, cnp->cn_pnbuf);
-#ifdef DIAGNOSTIC
-		cnp->cn_pnbuf = NULL;
-		cnp->cn_nameptr = NULL;
-#endif
+		namei_cleanup_cnp(cnp);
 		ndp->ni_vp = NULL;
 		return (error);
 	}
@@ -251,11 +257,7 @@
 			}
 		}
 		if (error) {
-			uma_zfree(namei_zone, cnp->cn_pnbuf);
-#ifdef DIAGNOSTIC
-			cnp->cn_pnbuf = NULL;
-			cnp->cn_nameptr = NULL;
-#endif
+			namei_cleanup_cnp(cnp);
 			return (error);
 		}
 	}
@@ -281,8 +283,10 @@
 		if (*(cnp->cn_nameptr) == '/') {
 			vrele(dp);
 			VFS_UNLOCK_GIANT(vfslocked);
-			if (ndp->ni_strictrelative != 0)
+			if (ndp->ni_strictrelative != 0) {
+				namei_cleanup_cnp(cnp);
 				return (ENOTCAPABLE);
+			}
 			while (*(cnp->cn_nameptr) == '/') {
 				cnp->cn_nameptr++;
 				ndp->ni_pathlen--;
@@ -296,11 +300,7 @@
 		ndp->ni_startdir = dp;
 		error = lookup(ndp);
 		if (error) {
-			uma_zfree(namei_zone, cnp->cn_pnbuf);
-#ifdef DIAGNOSTIC
-			cnp->cn_pnbuf = NULL;
-			cnp->cn_nameptr = NULL;
-#endif
+			namei_cleanup_cnp(cnp);
 			SDT_PROBE(vfs, namei, lookup, return, error, NULL, 0,
 			    0, 0);
 			return (error);
@@ -312,11 +312,7 @@
 		 */
 		if ((cnp->cn_flags & ISSYMLINK) == 0) {
 			if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) {
-				uma_zfree(namei_zone, cnp->cn_pnbuf);
-#ifdef DIAGNOSTIC
-				cnp->cn_pnbuf = NULL;
-				cnp->cn_nameptr = NULL;
-#endif
+				namei_cleanup_cnp(cnp);
 			} else
 				cnp->cn_flags |= HASBUF;
 
@@ -382,11 +378,7 @@
 		vput(ndp->ni_vp);
 		dp = ndp->ni_dvp;
 	}
-	uma_zfree(namei_zone, cnp->cn_pnbuf);
-#ifdef DIAGNOSTIC
-	cnp->cn_pnbuf = NULL;
-	cnp->cn_nameptr = NULL;
-#endif
+	namei_cleanup_cnp(cnp);
 	vput(ndp->ni_vp);
 	ndp->ni_vp = NULL;
 	vrele(ndp->ni_dvp);

