From 80ff3ed6672ea8b2d97ff4f9e72ac728941fffde Mon Sep 17 00:00:00 2001 From: Wenchao Hao Date: Mon, 1 Mar 2021 10:57:51 +0800 Subject: [PATCH] Fix iscsiadm segfault when exiting Signed-off-by: Wenchao Hao --- ...iscsiadm-Fix-memory-leak-in-iscsiadm.patch | 160 ++++++++++++++++++ 0014-Fix-iscsiadm-segfault-when-exiting.patch | 51 ++++++ open-iscsi.spec | 7 +- 3 files changed, 217 insertions(+), 1 deletion(-) create mode 100644 0013-iscsiadm-Fix-memory-leak-in-iscsiadm.patch create mode 100644 0014-Fix-iscsiadm-segfault-when-exiting.patch diff --git a/0013-iscsiadm-Fix-memory-leak-in-iscsiadm.patch b/0013-iscsiadm-Fix-memory-leak-in-iscsiadm.patch new file mode 100644 index 0000000..a9f75e2 --- /dev/null +++ b/0013-iscsiadm-Fix-memory-leak-in-iscsiadm.patch @@ -0,0 +1,160 @@ +From b24f8ff48e2285e42d151f73e464531c49a9509e Mon Sep 17 00:00:00 2001 +From: Wenchao Hao +Date: Tue, 29 Dec 2020 20:30:25 +0800 +Subject: [PATCH] iscsiadm: Fix memory leak in iscsiadm + +Memory allocated by iscsi_context_new() would not be freed if +error occurred during parameters parser stage and goto free_ifaces +is used to jump to resource clean. + +Since all resource clean is performed after verified, so change +all goto free_ifaces to goto out where handles resource better. + +Signed-off-by: Wenchao Hao +--- + libopeniscsiusr/context.c | 6 +++++- + usr/iscsiadm.c | 27 +++++++++++++-------------- + 2 files changed, 18 insertions(+), 15 deletions(-) + +diff --git a/libopeniscsiusr/context.c b/libopeniscsiusr/context.c +index fe92155..c5e869f 100644 +--- a/libopeniscsiusr/context.c ++++ b/libopeniscsiusr/context.c +@@ -55,8 +55,12 @@ struct iscsi_context *iscsi_context_new(void) + + void iscsi_context_free(struct iscsi_context *ctx) + { +- if (ctx != NULL) ++ if (ctx == NULL) ++ return; ++ ++ if (ctx->db) + _idbm_free(ctx->db); ++ + free(ctx); + } + +diff --git a/usr/iscsiadm.c b/usr/iscsiadm.c +index ea1643b..3987168 100644 +--- a/usr/iscsiadm.c ++++ b/usr/iscsiadm.c +@@ -3627,7 +3627,7 @@ main(int argc, char **argv) + "Priority must be greater than or " + "equal to zero.", killiscsid); + rc = ISCSI_ERR_INVAL; +- goto free_ifaces; ++ goto out; + } + break; + case 't': +@@ -3639,7 +3639,7 @@ main(int argc, char **argv) + log_error("can not recognize operation: '%s'", + optarg); + rc = ISCSI_ERR_INVAL; +- goto free_ifaces; ++ goto out; + } + break; + case 'n': +@@ -3651,7 +3651,7 @@ main(int argc, char **argv) + case 'H': + host_no = parse_host_info(optarg, &rc); + if (rc) +- goto free_ifaces; ++ goto out; + break; + case 'r': + sid = iscsi_sysfs_get_sid_from_path(optarg); +@@ -3659,7 +3659,7 @@ main(int argc, char **argv) + log_error("invalid sid '%s'", + optarg); + rc = ISCSI_ERR_INVAL; +- goto free_ifaces; ++ goto out; + } + break; + case 'R': +@@ -3710,7 +3710,7 @@ main(int argc, char **argv) + mode = str_to_mode(optarg); + rc = verify_mode_params(argc, argv, mode); + if (ISCSI_SUCCESS != rc) +- goto free_ifaces; ++ goto out; + break; + case 'C': + sub_mode = str_to_submode(optarg); +@@ -3739,11 +3739,11 @@ main(int argc, char **argv) + printf("Invalid iface name %s. Must be from " + "1 to %d characters.\n", + optarg, ISCSI_MAX_IFACE_LEN - 1); +- goto free_ifaces; ++ goto out; + } else if (!iface || rc) { + printf("Could not add iface %s.", optarg); + rc = ISCSI_ERR_INVAL; +- goto free_ifaces; ++ goto out; + } + + list_add_tail(&iface->list, &ifaces); +@@ -3760,7 +3760,7 @@ main(int argc, char **argv) + log_error("Invalid index %s. %s.", + optarg, strerror(errno)); + rc = ISCSI_ERR_INVAL; +- goto free_ifaces; ++ goto out; + } + break; + case 'A': +@@ -3778,7 +3778,7 @@ main(int argc, char **argv) + if (!param) { + log_error("Cannot allocate memory for params."); + rc = ISCSI_ERR_NOMEM; +- goto free_ifaces; ++ goto out; + } + list_add_tail(¶m->list, ¶ms); + name = NULL; +@@ -3789,12 +3789,12 @@ main(int argc, char **argv) + if (optopt) { + log_error("unrecognized character '%c'", optopt); + rc = ISCSI_ERR_INVAL; +- goto free_ifaces; ++ goto out; + } + + if (killiscsid >= 0) { + kill_iscsid(killiscsid, timeout); +- goto free_ifaces; ++ goto out; + } + + if (mode < 0) +@@ -3802,14 +3802,14 @@ main(int argc, char **argv) + + if (mode == MODE_FW) { + rc = exec_fw_op(NULL, NULL, info_level, do_login, op); +- goto free_ifaces; ++ goto out; + } + + increase_max_files(); + if (idbm_init(get_config_file)) { + log_warning("exiting due to idbm configuration error"); + rc = ISCSI_ERR_IDBM; +- goto free_ifaces; ++ goto out; + } + + switch (mode) { +@@ -4070,7 +4070,6 @@ out: + free(rec); + iscsi_sessions_free(ses, se_count); + idbm_terminate(); +-free_ifaces: + list_for_each_entry_safe(iface, tmp, &ifaces, list) { + list_del(&iface->list); + free(iface); +-- +2.27.0 + diff --git a/0014-Fix-iscsiadm-segfault-when-exiting.patch b/0014-Fix-iscsiadm-segfault-when-exiting.patch new file mode 100644 index 0000000..544b9c8 --- /dev/null +++ b/0014-Fix-iscsiadm-segfault-when-exiting.patch @@ -0,0 +1,51 @@ +From 76a5ebf955702f676a5ea5f7b43bb8fb436edc40 Mon Sep 17 00:00:00 2001 +From: Lee Duncan +Date: Tue, 26 Jan 2021 11:48:32 -0800 +Subject: [PATCH] Fix iscsiadm segfault when exiting + +Commit b532ad67d495d added some cleanup code +to iscsiadm right before it exits, but it +used a list_for_each_entry() to iterate through +a list was being deleted, when it should use +list_for_each_entry_safe(). + +Fixes: b532ad67d495d +--- + usr/iscsiadm.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/usr/iscsiadm.c b/usr/iscsiadm.c +index 4249af8..41b7e6f 100644 +--- a/usr/iscsiadm.c ++++ b/usr/iscsiadm.c +@@ -3582,11 +3582,11 @@ main(int argc, char **argv) + struct sigaction sa_old; + struct sigaction sa_new; + LIST_HEAD(ifaces); +- struct iface_rec *iface = NULL, *tmp; ++ struct iface_rec *iface = NULL, *tmp_iface; + struct node_rec *rec = NULL; + uint32_t host_no = MAX_HOST_NO + 1; + uint64_t index = ULLONG_MAX; +- struct user_param *param; ++ struct user_param *param, *tmp_param; + LIST_HEAD(params); + struct iscsi_context *ctx = NULL; + int librc = LIBISCSI_OK; +@@ -4070,11 +4070,11 @@ out: + free(rec); + iscsi_sessions_free(ses, se_count); + idbm_terminate(); +- list_for_each_entry_safe(iface, tmp, &ifaces, list) { ++ list_for_each_entry_safe(iface, tmp_iface, &ifaces, list) { + list_del(&iface->list); + free(iface); + } +- list_for_each_entry(param, ¶ms, list) { ++ list_for_each_entry_safe(param, tmp_param, ¶ms, list) { + list_del(¶m->list); + idbm_free_user_param(param); + } +-- +2.27.0 + diff --git a/open-iscsi.spec b/open-iscsi.spec index afc5556..359adb7 100644 --- a/open-iscsi.spec +++ b/open-iscsi.spec @@ -4,7 +4,7 @@ Name: open-iscsi Version: 2.1.3 -Release: 2 +Release: 3 Summary: ISCSI software initiator daemon and utility programs License: GPLv2+ and BSD URL: http://www.open-iscsi.org @@ -21,6 +21,8 @@ patch9: 0009-Modify-iscsid.service-to-keep-same-with-previous-ver.patch patch10: 0010-iscsiadm-fix-infinite-loop-while-recv-returns-0.patch patch11: 0011-not-send-stop-message-if-iscsid-absent.patch patch12: 0012-fix-iscsiadm-op-new-report-to-cannot-rename-error.patch +patch13: 0013-iscsiadm-Fix-memory-leak-in-iscsiadm.patch +patch14: 0014-Fix-iscsiadm-segfault-when-exiting.patch BuildRequires: flex bison doxygen kmod-devel systemd-units gcc git isns-utils-devel systemd-devel BuildRequires: autoconf automake libtool libmount-devel openssl-devel pkg-config gdb @@ -153,6 +155,9 @@ fi %{_mandir}/man8/* %changelog +* Mon Mar 1 2021 haowenchao - 2.1.3-3 +- Fix iscsiadm segfault when exiting + * Mon Feb 22 2021 haowenchao - 2.1.3-2 - Fix iscsiadm op new report to can not rename error -- Gitee