From: Jérémie Galarneau Date: Fri, 27 Mar 2020 15:01:05 +0000 (-0400) Subject: Fix: sessiond: user/group name can be leaked on malformed command X-Git-Tag: v2.12.0-rc2~3 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=d74a5c35a5e21ad8ca220e8ab47c4ffe7b5b7916;p=lttng-tools.git Fix: sessiond: user/group name can be leaked on malformed command process_attr_value_from_comm() can leak a copy of the user/group name when the value type is erroneous. This is not reachable in "normal" execution, but could be triggered by invalid "crafter" lttng-ctl commands. In process_attr_value_from_comm: Leak of memory or pointers to system resources (CWE-404). Reported-by: Coverity Scan Signed-off-by: Jérémie Galarneau Change-Id: I7ef55c0743c954a93e3d27ce17e6478708b49437 --- diff --git a/src/common/tracker.c b/src/common/tracker.c index 532a924b5..c27d97655 100644 --- a/src/common/tracker.c +++ b/src/common/tracker.c @@ -173,6 +173,7 @@ enum lttng_error_code process_attr_value_from_comm( *_value = value; value = NULL; + free(name); return LTTNG_OK; error: free(name);