acl_from_text leaking memory

Christian Brueffer brueffer at FreeBSD.org
Mon Nov 16 09:43:06 UTC 2009


On Sun, Nov 15, 2009 at 11:04:19AM -0500, Jim Wilcoxson wrote:
> I've been working on a new backup program, HashBackup, and believe I
> have found a memory leak with ACLs in PCBSD/FreeBSD 7.1 and OSX
> (Leopard).
> 
> acl_from_text is a function that takes a text string as input, and
> returns a pointer to a malloc'd acl.  This acl is then freed with
> acl_free.  I noticed that acl_from_text appears to leak memory.  This
> is not used during the backup of a filesystem, but is needed to do a
> restore.
> 
> After looking at the acl_from_text source in /usr/src/lib/libc/posix1e
> (from PCBSD7.1), I believe the problem is that the duplicate text
> string, mybuf_p, is not freed on normal return of this function.  Here
> is the end of this function:
> 
>         }
> 
> #if 0
>         /* XXX Should we only return ACLs valid according to acl_valid? */
>         /* Verify validity of the ACL we read in. */
>         if (acl_valid(acl) == -1) {
>                 errno = EINVAL;
>                 goto error_label;
>         }
> #endif
> 
>         return(acl);
> 
> error_label:
>         acl_free(acl);
>         free(mybuf_p);
>         return(NULL);
> }
> 
> I think there should be a free(mybuf_p) before return(acl).
> 
> Here is a PCBSD/FreeBSD test program that causes the memory leak:
> 
> #include <stdio.h>
> #include <sys/types.h>
> #include <sys/acl.h>
> 
> main() {
>    acl_t acl;
>    char* acltext;
> 
>    acltext = "user::rw-\n group::r--\n mask::r--\n other::r--\n";
>    while (1) {
>       acl = acl_from_text(acltext);
>       if (acl == NULL)
>         printf("acl_from_text failed\n");
>       if (acl_free(acl) != 0)
>         printf("acl_free failed\n");
>   }
> }
> 
> I've subscribed to the lists for a few days in case there are
> questions or I can help test something.
> 

Hi Jim,

this looks good, I`ve just committed it to HEAD.  I will merge it to
the stable branches next week.  Thanks for the submission!

- Christian

-- 
Christian Brueffer	chris at unixpages.org	brueffer at FreeBSD.org
GPG Key:	 http://people.freebsd.org/~brueffer/brueffer.key.asc
GPG Fingerprint: A5C8 2099 19FF AACA F41B  B29B 6C76 178C A0ED 982D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-bugs/attachments/20091116/0fa960c4/attachment.pgp


More information about the freebsd-bugs mailing list