From 736b88cf53fefc6d498873b8ecf2e9320ec56864 Mon Sep 17 00:00:00 2001 From: David van Moolenbroek Date: Mon, 24 Aug 2015 12:18:40 +0200 Subject: [PATCH] DS: fix regex memory leaks The regcomp(3) calls had no matching regfree(3) calls. Change-Id: I5250d62e6ab22821aff18bcdc336cb485df6868e --- minix/servers/ds/inc.h | 1 + minix/servers/ds/store.c | 36 +++++++++++++++++++++++++++--------- 2 files changed, 28 insertions(+), 9 deletions(-) diff --git a/minix/servers/ds/inc.h b/minix/servers/ds/inc.h index 946bfafa7..92860304c 100644 --- a/minix/servers/ds/inc.h +++ b/minix/servers/ds/inc.h @@ -27,6 +27,7 @@ #include #include #include +#include #include "proto.h" #endif diff --git a/minix/servers/ds/store.c b/minix/servers/ds/store.c index e6fb5e10c..f9d2407ac 100644 --- a/minix/servers/ds/store.c +++ b/minix/servers/ds/store.c @@ -26,7 +26,7 @@ static struct data_store *alloc_data_slot(void) *===========================================================================*/ static struct subscription *alloc_sub_slot(void) { -/* Allocate a new subscription slot. */ +/* Return a free subscription slot. */ int i; for (i = 0; i < NR_DS_SUBS; i++) { @@ -37,6 +37,20 @@ static struct subscription *alloc_sub_slot(void) return NULL; } +/*===========================================================================* + * free_sub_slot * + *===========================================================================*/ +static void free_sub_slot(struct subscription *subp) +{ +/* Clean up a previously successfully) allocated subscription slot. */ + assert(subp->flags & DSF_IN_USE); + + regfree(&subp->regex); + memset(&subp->regex, 0, sizeof(subp->regex)); + + subp->flags = 0; +} + /*===========================================================================* * lookup_entry * *===========================================================================*/ @@ -454,15 +468,18 @@ int do_subscribe(message *m_ptr) return ESRCH; /* See if the owner already has an existing subscription. */ - if((subp = lookup_sub(owner)) == NULL) { - /* The subscription doesn't exist, allocate a new one. */ - if((subp = alloc_sub_slot()) == NULL) - return EAGAIN; - } else if(!(m_ptr->m_ds_req.flags & DSF_OVERWRITE)) { - /* The subscription exists but we can't overwrite, return error. */ - return EEXIST; + if ((subp = lookup_sub(owner)) != NULL) { + /* If a subscription exists but we can't overwrite, return error. */ + if (!(m_ptr->m_ds_req.flags & DSF_OVERWRITE)) + return EEXIST; + /* Otherwise just free the old one. */ + free_sub_slot(subp); } + /* Find a free subscription slot. */ + if ((subp = alloc_sub_slot()) == NULL) + return EAGAIN; + /* Copy key name from the caller. Anchor the subscription with "^regexp$" so * substrings don't match. The caller will probably not expect this, * and the usual case is for a complete match. @@ -476,6 +493,7 @@ int do_subscribe(message *m_ptr) if((e=regcomp(&subp->regex, regex, REG_EXTENDED)) != 0) { regerror(e, &subp->regex, errbuf, sizeof(errbuf)); printf("DS: subscribe: regerror: %s\n", errbuf); + memset(&subp->regex, 0, sizeof(subp->regex)); return EINVAL; } @@ -598,7 +616,7 @@ int do_delete(message *m_ptr) for (i = 0; i < NR_DS_SUBS; i++) { if ((ds_subs[i].flags & DSF_IN_USE) && !strcmp(ds_subs[i].owner, label)) { - ds_subs[i].flags = 0; + free_sub_slot(&ds_subs[i]); } } -- 2.44.0