From 037bb3538f81b1bcb4a8a3f6cc9a56bc0dfb0229 Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Mon, 9 Feb 2026 10:38:33 +0100 Subject: [PATCH 1/2] Fixed memory leak in isreadable() policy function Changelog: Title Signed-off-by: Lars Erik Wik (cherry picked from commit 4249c1997afd6b51badc4752788803eea15acaab) --- libpromises/evalfunction.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/libpromises/evalfunction.c b/libpromises/evalfunction.c index e876ef7d01..3ab5ad0251 100644 --- a/libpromises/evalfunction.c +++ b/libpromises/evalfunction.c @@ -9664,7 +9664,7 @@ struct IsReadableThreadData pthread_cond_t cond; pthread_mutex_t mutex; const char *path; - FnCallResult result; + bool success; }; static void *IsReadableThreadRoutine(void *data) @@ -9681,7 +9681,7 @@ static void *IsReadableThreadRoutine(void *data) GetErrorStrFromCode(ret)); } - thread_data->result = FnReturnContext(false); + thread_data->success = false; // Allow main thread to require lock on pthread_cond_timedwait(3) ret = pthread_mutex_unlock(&thread_data->mutex); @@ -9706,7 +9706,7 @@ static void *IsReadableThreadRoutine(void *data) else { close(fd); - thread_data->result = FnReturnContext(true); + thread_data->success = true; } ret = pthread_cond_signal(&(thread_data->cond)); @@ -9808,13 +9808,13 @@ static FnCallResult FnCallIsReadable(ARG_UNUSED EvalContext *const ctx, return FnFailure(); } - FnCallResult result; + bool success = false; // Wait on thread to finish or timeout ret = ThreadWait(&thread_data.cond, &thread_data.mutex, timeout); switch (ret) { case 0: // Thread finished in time - result = thread_data.result; + success = thread_data.success; break; case ETIMEDOUT: // Thread timed out @@ -9828,8 +9828,6 @@ static FnCallResult FnCallIsReadable(ARG_UNUSED EvalContext *const ctx, Log(LOG_LEVEL_ERR, "Failed to cancel thread"); return FnFailure(); } - - result = FnReturnContext(false); break; default: @@ -9859,7 +9857,7 @@ static FnCallResult FnCallIsReadable(ARG_UNUSED EvalContext *const ctx, Log(LOG_LEVEL_DEBUG, "Thread was canceled"); } - return result; + return FnReturnContext(success); } /*********************************************************************/ From 9f491efe7d1e24793028479a2dc5554d328c1e05 Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Mon, 9 Feb 2026 13:10:00 +0100 Subject: [PATCH 2/2] Fixed NULL pointer dereference in AddSimpleUidItem() and AddSimpleGidItem() This was caught by cppcheck. It's actually a false positive, because the xstrdup branch wouldn't be taken when `uidname == 0`. This change makes it more explicit. Signed-off-by: Lars Erik Wik (cherry picked from commit d8f6a15ab8d133da0cea4ae03c15c2060a3a5fca) --- libpromises/conversion.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libpromises/conversion.c b/libpromises/conversion.c index bf9be81bf3..71c5f87312 100644 --- a/libpromises/conversion.c +++ b/libpromises/conversion.c @@ -957,7 +957,7 @@ static void AddSimpleUidItem(UidList ** uidlist, uid_t uid, char *uidname) ulp->uid = uid; - if (uid == CF_UNKNOWN_OWNER) /* unknown user */ + if (uid == CF_UNKNOWN_OWNER && uidname != NULL) /* unknown user */ { ulp->uidname = xstrdup(uidname); } @@ -1019,7 +1019,7 @@ static void AddSimpleGidItem(GidList ** gidlist, gid_t gid, char *gidname) glp->gid = gid; - if (gid == CF_UNKNOWN_GROUP) /* unknown group */ + if (gid == CF_UNKNOWN_GROUP && gidname != NULL) /* unknown group */ { glp->gidname = xstrdup(gidname); }