From d940fd122d8e04dfc1122ca6b224703eead55f66 Mon Sep 17 00:00:00 2001
From: Robert Morris <rtm@csail.mit.edu>
Date: Sat, 21 Sep 2019 04:54:25 -0400
Subject: don't leak memory if exec() arguments are invalid.

---
 kernel/sysfile.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'kernel')

diff --git a/kernel/sysfile.c b/kernel/sysfile.c
index 5b09d93..7768d20 100644
--- a/kernel/sysfile.c
+++ b/kernel/sysfile.c
@@ -421,10 +421,10 @@ sys_exec(void)
   memset(argv, 0, sizeof(argv));
   for(i=0;; i++){
     if(i >= NELEM(argv)){
-      return -1;
+      goto bad;
     }
     if(fetchaddr(uargv+sizeof(uint64)*i, (uint64*)&uarg) < 0){
-      return -1;
+      goto bad;
     }
     if(uarg == 0){
       argv[i] = 0;
@@ -434,7 +434,7 @@ sys_exec(void)
     if(argv[i] == 0)
       panic("sys_exec kalloc");
     if(fetchstr(uarg, argv[i], PGSIZE) < 0){
-      return -1;
+      goto bad;
     }
   }
 
@@ -444,6 +444,11 @@ sys_exec(void)
     kfree(argv[i]);
 
   return ret;
+
+ bad:
+  for(i = 0; i < NELEM(argv) && argv[i] != 0; i++)
+    kfree(argv[i]);
+  return -1;
 }
 
 uint64
-- 
cgit v1.2.3