From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gladkov.alexey@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=0.7 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED,
 DNS_FROM_AHBL_RHSBL,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED,SPF_SOFTFAIL
 autolearn=no autolearn_force=no version=3.4.0
To: Linux console tools development discussion <kbd@lists.altlinux.org>
References: <1435334357.32247.15.camel@intel.com>
From: Alexey Gladkov <gladkov.alexey@gmail.com>
Message-ID: <5590711F.8010309@gmail.com>
Date: Mon, 29 Jun 2015 01:11:43 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <1435334357.32247.15.camel@intel.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: jose.r.guzman.mosqueda@intel.com
Subject: Re: [kbd] Issue in kbd package
X-BeenThere: kbd@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Linux console tools development discussion <kbd@lists.altlinux.org>
List-Id: Linux console tools development discussion <kbd.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/kbd>,
 <mailto:kbd-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/kbd>
List-Post: <mailto:kbd@lists.altlinux.org>
List-Help: <mailto:kbd-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/kbd>,
 <mailto:kbd-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Jun 2015 22:10:52 -0000
Archived-At: <http://lore.altlinux.org/kbd/5590711F.8010309@gmail.com/>
List-Archive: <http://lore.altlinux.org/kbd/>

On 26.06.2015 18:58, Guzman Mosqueda, Jose R wrote:
> 
> Hi all
> 
> I'm Jose R. Guzman from a security team at Intel.
> We have included kbd package in a GNU-Linux project and I'm analyzing
> the code to try to find some possible vulnerabilities, issues or risks.
> 
> Since I'm not too familiar with the package yet I think I have found an
> issue and I'd like you to help me checking it. It could result in a
> memory leak.
> 
> Package version: kbd-2.0.2
> File: src/setfont.c
> Function: static void loadnewfonts(int fd, char **ifiles, int ifilct,
> int iunit, int hwunit, int no_m, int no_u)
> Line: ~459
> Description: There is a variable "bigfontbuf" that contains memory
> allocated dynamically in a "for" loop by calling "xrealloc" function.
> After the loop the variable is passed as parameter in "do_loadfont"
> call, however I don't see any point where such memory get free befor
> returning from function. Also variable is local and the pointer is not
> stored in any other variable. So I think that is a memory leak. Is it?
> 
> Another issue that I found is a handler being not closed:
> File: src/openvt.c
> Function: static char *authenticate_user(int curvt)
> Line: ~119
> Description: There is a variable "dp" used to store a file handler of a
> proc dir. I don't see any point inside the function where such handler
> is freed after being used.
> 
> I really appreciate if someone can take a look and tell me whether they
> are really issues or not.

You are right. Fixed in the master.

http://git.kernel.org/cgit/linux/kernel/git/legion/kbd.git

-- 
Rgrds, legion