Hon Ching(Vicky) Lo
2014-11-03 19:32:31 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Trousers".
The branch, master has been updated
via c637981cf34acc3481797482249ad2cec3f9ed0b (commit)
from 000b13eca6b3946a008c96afe96190d9989c648c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=c637981cf34acc3481797482249ad2cec3f9ed0b
commit c637981cf34acc3481797482249ad2cec3f9ed0b
Author: Anderson Fonseca <***@gmail.com>
Date: Fri Oct 31 19:36:21 2014 -0400
Fixed the problem of the function Tspi_Context_Close when is enabled
remote connection uncommenting the remote_ops in the file tcsd.conf.
All the time that this function is called, it was returning:
*** double free or corruption (fasttop): 0x0000000001487af0 ***
Aborted (core dumped)
The functions RPC_OpenContext and obj_context_set_machine_name
in Tspi_Context_Connect were receiving the same memory address
from the variable machine_name.
With that, when Tspi_Context_Close called obj_close_context,
this function called the function free passing as argument the
variable machineName that had the same memory address from that
one pointed by RPC_OpenContext.
However remove_table_entry in RPC_CloseContext had already
called the function free to that memory address. The result is
the error message described above.
diff --git a/src/tspi/obj_context.c b/src/tspi/obj_context.c
index 7bbd869..5db6d8c 100644
--- a/src/tspi/obj_context.c
+++ b/src/tspi/obj_context.c
@@ -272,7 +272,14 @@ obj_context_set_machine_name(TSS_HCONTEXT tspContext, BYTE *name, UINT32 len)
context = (struct tr_context_obj *)obj->data;
free(context->machineName);
- context->machineName = name;
+
+ context->machineName = (BYTE *)calloc(1, len);
+ if (context->machineName == NULL) {
+ LogError("malloc of %u bytes failed.", len);
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ }
+ memcpy(context->machineName, name, len);
+
context->machineNameLength = len;
obj_list_put(&context_list);
diff --git a/src/tspi/rpc/hosttable.c b/src/tspi/rpc/hosttable.c
index 41e7da2..c4d8563 100644
--- a/src/tspi/rpc/hosttable.c
+++ b/src/tspi/rpc/hosttable.c
@@ -82,25 +82,35 @@ static void __attribute__ ((destructor)) my_fini(void)
TSS_RESULT
__tspi_add_table_entry(TSS_HCONTEXT tspContext, BYTE *host, int type, struct host_table_entry **ret)
{
- struct host_table_entry *entry, *tmp;
-
- entry = calloc(1, sizeof(struct host_table_entry));
- if (entry == NULL) {
- LogError("malloc of %zd bytes failed.", sizeof(struct host_table_entry));
- return TSPERR(TSS_E_OUTOFMEMORY);
- }
-
- entry->tspContext = tspContext;
- entry->hostname = host;
- entry->type = type;
- entry->comm.buf_size = TCSD_INIT_TXBUF_SIZE;
- entry->comm.buf = calloc(1, entry->comm.buf_size);
- if (entry->comm.buf == NULL) {
- LogError("malloc of %u bytes failed.", entry->comm.buf_size);
- free(entry);
- return TSPERR(TSS_E_OUTOFMEMORY);
- }
- MUTEX_INIT(entry->lock);
+ struct host_table_entry *entry, *tmp;
+ int hostlen;
+
+ entry = calloc(1, sizeof(struct host_table_entry));
+ if (entry == NULL) {
+ LogError("malloc of %zd bytes failed.", sizeof(struct host_table_entry));
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ }
+
+ entry->tspContext = tspContext;
+
+ hostlen = strlen((char *)host)+1;
+ entry->hostname = (BYTE *)calloc(1, hostlen);
+ if (entry->hostname == NULL) {
+ LogError("malloc of %u bytes failed.", hostlen);
+ free(entry);
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ }
+ memcpy(entry->hostname, host, hostlen);
+
+ entry->type = type;
+ entry->comm.buf_size = TCSD_INIT_TXBUF_SIZE;
+ entry->comm.buf = calloc(1, entry->comm.buf_size);
+ if (entry->comm.buf == NULL) {
+ LogError("malloc of %u bytes failed.", entry->comm.buf_size);
+ free(entry);
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ }
+ MUTEX_INIT(entry->lock);
MUTEX_LOCK(ht->lock);
diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c
index 77f7999..786787f 100644
--- a/src/tspi/tspi_context.c
+++ b/src/tspi/tspi_context.c
@@ -97,6 +97,8 @@ Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */
if ((result = obj_context_set_machine_name(tspContext, machine_name,
strlen((char *)machine_name)+1)))
return result;
+
+ free(machine_name);
}
if ((obj_tpm_add(tspContext, &hTpm)))
-----------------------------------------------------------------------
Summary of changes:
src/tspi/obj_context.c | 9 +++++++-
src/tspi/rpc/hosttable.c | 48 +++++++++++++++++++++++++++------------------
src/tspi/tspi_context.c | 2 +
3 files changed, 39 insertions(+), 20 deletions(-)
hooks/post-receive
generated because a ref change was pushed to the repository containing
the project "Trousers".
The branch, master has been updated
via c637981cf34acc3481797482249ad2cec3f9ed0b (commit)
from 000b13eca6b3946a008c96afe96190d9989c648c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=c637981cf34acc3481797482249ad2cec3f9ed0b
commit c637981cf34acc3481797482249ad2cec3f9ed0b
Author: Anderson Fonseca <***@gmail.com>
Date: Fri Oct 31 19:36:21 2014 -0400
Fixed the problem of the function Tspi_Context_Close when is enabled
remote connection uncommenting the remote_ops in the file tcsd.conf.
All the time that this function is called, it was returning:
*** double free or corruption (fasttop): 0x0000000001487af0 ***
Aborted (core dumped)
The functions RPC_OpenContext and obj_context_set_machine_name
in Tspi_Context_Connect were receiving the same memory address
from the variable machine_name.
With that, when Tspi_Context_Close called obj_close_context,
this function called the function free passing as argument the
variable machineName that had the same memory address from that
one pointed by RPC_OpenContext.
However remove_table_entry in RPC_CloseContext had already
called the function free to that memory address. The result is
the error message described above.
diff --git a/src/tspi/obj_context.c b/src/tspi/obj_context.c
index 7bbd869..5db6d8c 100644
--- a/src/tspi/obj_context.c
+++ b/src/tspi/obj_context.c
@@ -272,7 +272,14 @@ obj_context_set_machine_name(TSS_HCONTEXT tspContext, BYTE *name, UINT32 len)
context = (struct tr_context_obj *)obj->data;
free(context->machineName);
- context->machineName = name;
+
+ context->machineName = (BYTE *)calloc(1, len);
+ if (context->machineName == NULL) {
+ LogError("malloc of %u bytes failed.", len);
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ }
+ memcpy(context->machineName, name, len);
+
context->machineNameLength = len;
obj_list_put(&context_list);
diff --git a/src/tspi/rpc/hosttable.c b/src/tspi/rpc/hosttable.c
index 41e7da2..c4d8563 100644
--- a/src/tspi/rpc/hosttable.c
+++ b/src/tspi/rpc/hosttable.c
@@ -82,25 +82,35 @@ static void __attribute__ ((destructor)) my_fini(void)
TSS_RESULT
__tspi_add_table_entry(TSS_HCONTEXT tspContext, BYTE *host, int type, struct host_table_entry **ret)
{
- struct host_table_entry *entry, *tmp;
-
- entry = calloc(1, sizeof(struct host_table_entry));
- if (entry == NULL) {
- LogError("malloc of %zd bytes failed.", sizeof(struct host_table_entry));
- return TSPERR(TSS_E_OUTOFMEMORY);
- }
-
- entry->tspContext = tspContext;
- entry->hostname = host;
- entry->type = type;
- entry->comm.buf_size = TCSD_INIT_TXBUF_SIZE;
- entry->comm.buf = calloc(1, entry->comm.buf_size);
- if (entry->comm.buf == NULL) {
- LogError("malloc of %u bytes failed.", entry->comm.buf_size);
- free(entry);
- return TSPERR(TSS_E_OUTOFMEMORY);
- }
- MUTEX_INIT(entry->lock);
+ struct host_table_entry *entry, *tmp;
+ int hostlen;
+
+ entry = calloc(1, sizeof(struct host_table_entry));
+ if (entry == NULL) {
+ LogError("malloc of %zd bytes failed.", sizeof(struct host_table_entry));
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ }
+
+ entry->tspContext = tspContext;
+
+ hostlen = strlen((char *)host)+1;
+ entry->hostname = (BYTE *)calloc(1, hostlen);
+ if (entry->hostname == NULL) {
+ LogError("malloc of %u bytes failed.", hostlen);
+ free(entry);
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ }
+ memcpy(entry->hostname, host, hostlen);
+
+ entry->type = type;
+ entry->comm.buf_size = TCSD_INIT_TXBUF_SIZE;
+ entry->comm.buf = calloc(1, entry->comm.buf_size);
+ if (entry->comm.buf == NULL) {
+ LogError("malloc of %u bytes failed.", entry->comm.buf_size);
+ free(entry);
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ }
+ MUTEX_INIT(entry->lock);
MUTEX_LOCK(ht->lock);
diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c
index 77f7999..786787f 100644
--- a/src/tspi/tspi_context.c
+++ b/src/tspi/tspi_context.c
@@ -97,6 +97,8 @@ Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */
if ((result = obj_context_set_machine_name(tspContext, machine_name,
strlen((char *)machine_name)+1)))
return result;
+
+ free(machine_name);
}
if ((obj_tpm_add(tspContext, &hTpm)))
-----------------------------------------------------------------------
Summary of changes:
src/tspi/obj_context.c | 9 +++++++-
src/tspi/rpc/hosttable.c | 48 +++++++++++++++++++++++++++------------------
src/tspi/tspi_context.c | 2 +
3 files changed, 39 insertions(+), 20 deletions(-)
hooks/post-receive
--
Trousers
------------------------------------------------------------------------------
Trousers
------------------------------------------------------------------------------