Fix: fd-tracker: error path lead to null dereference of handle

author Jérémie Galarneau <jeremie.galarneau@efficios.com>

Mon, 25 Nov 2019 19:37:54 +0000 (14:37 -0500)

committer Jérémie Galarneau <jeremie.galarneau@efficios.com>

Mon, 25 Nov 2019 19:37:54 +0000 (14:37 -0500)
author Jérémie Galarneau <jeremie.galarneau@efficios.com>
Mon, 25 Nov 2019 19:37:54 +0000 (14:37 -0500)
committer Jérémie Galarneau <jeremie.galarneau@efficios.com>
Mon, 25 Nov 2019 19:37:54 +0000 (14:37 -0500)
diff --git a/src/common/fd-tracker/fd-tracker.c b/src/common/fd-tracker/fd-tracker.c

index 6f95ffc986373e91880f69eba159b2ea53c27b5b..acbee670a0acdf4086853a98460b7f923f0e444d 100644 (file)
--- a/src/common/fd-tracker/fd-tracker.c
+++ b/src/common/fd-tracker/fd-tracker.c
@@ -500,18 +500,17 @@ struct fs_handle *fd_tracker_open_fs_handle(struct fd_tracker *tracker,
                 if (tracker->count.suspendable.active > 0) {
                         ret = fd_tracker_suspend_handles(tracker, 1);
                         if (ret) {
                 if (tracker->count.suspendable.active > 0) {
                         ret = fd_tracker_suspend_handles(tracker, 1);
                         if (ret) {
-                               goto error_destroy;
+                               goto end;
                         }
                 } else {
                         /*
                          * There are not enough active suspendable file
                         }
                 } else {
                         /*
                          * There are not enough active suspendable file
-                        * descriptors to open a new fd and still accomodate the
-                        * tracker's capacity.
+                        * descriptors to open a new fd and still accommodate
+                        * the tracker's capacity.
                          */
                         WARN("Cannot open file system handle, too many unsuspendable file descriptors are opened (%u)",
                                         tracker->count.unsuspendable);
                          */
                         WARN("Cannot open file system handle, too many unsuspendable file descriptors are opened (%u)",
                                         tracker->count.unsuspendable);
-                       ret = -EMFILE;
-                       goto error_destroy;
+                       goto end;
                 }
         }
  
                 }
         }
  
@@ -524,15 +523,13 @@ struct fs_handle *fd_tracker_open_fs_handle(struct fd_tracker *tracker,
         ret = pthread_mutex_init(&handle->lock, NULL);
         if (ret) {
                 PERROR("Failed to initialize handle mutex while creating fs handle");
         ret = pthread_mutex_init(&handle->lock, NULL);
         if (ret) {
                 PERROR("Failed to initialize handle mutex while creating fs handle");
-               free(handle);
-               goto error_free;
+               goto error_mutex_init;
         }
  
         handle->fd = open_from_properties(path, &properties);
         if (handle->fd < 0) {
                 PERROR("Failed to open fs handle to %s, open() returned", path);
         }
  
         handle->fd = open_from_properties(path, &properties);
         if (handle->fd < 0) {
                 PERROR("Failed to open fs handle to %s, open() returned", path);
-               ret = -errno;
-               goto error_destroy;
+               goto error;
         }
  
         handle->properties = properties;
         }
  
         handle->properties = properties;
@@ -542,28 +539,26 @@ struct fs_handle *fd_tracker_open_fs_handle(struct fd_tracker *tracker,
         if (!handle->inode) {
                 ERR("Failed to get lttng_inode corresponding to file %s",
                                 path);
         if (!handle->inode) {
                 ERR("Failed to get lttng_inode corresponding to file %s",
                                 path);
-               goto error_destroy;
+               goto error;
         }
  
         if (fstat(handle->fd, &fd_stat)) {
                 PERROR("Failed to retrieve file descriptor inode while creating fs handle, fstat() returned");
         }
  
         if (fstat(handle->fd, &fd_stat)) {
                 PERROR("Failed to retrieve file descriptor inode while creating fs handle, fstat() returned");
-               ret = -errno;
-               goto error_destroy;
+               goto error;
         }
         handle->ino = fd_stat.st_ino;
  
         fd_tracker_track(tracker, handle);
         }
         handle->ino = fd_stat.st_ino;
  
         fd_tracker_track(tracker, handle);
-       pthread_mutex_unlock(&tracker->lock);
  end:
  end:
+       pthread_mutex_unlock(&tracker->lock);
         return handle;
         return handle;
-error_destroy:
-       pthread_mutex_destroy(&handle->lock);
-error_free:
+error:
         if (handle->inode) {
                 lttng_inode_put(handle->inode);
         }
         if (handle->inode) {
                 lttng_inode_put(handle->inode);
         }
+       pthread_mutex_destroy(&handle->lock);
+error_mutex_init:
         free(handle);
         free(handle);
-       pthread_mutex_unlock(&tracker->lock);
         handle = NULL;
         goto end;
  }
         handle = NULL;
         goto end;
  }
author	Jérémie Galarneau <jeremie.galarneau@efficios.com>
	Mon, 25 Nov 2019 19:37:54 +0000 (14:37 -0500)
committer	Jérémie Galarneau <jeremie.galarneau@efficios.com>
	Mon, 25 Nov 2019 19:37:54 +0000 (14:37 -0500)