daemon/direct.c:
1045 int handle_packet_expire_direct(struct autofs_point *ap,
autofs_packet_expire_direct_t *pkt)
...
1087 crit(ap->logopt, "can't find map entry for
(%lu,%lu)",
1088 (unsigned long) pkt->dev, (unsigned long)
pkt->ino);
1089 master_source_unlock(ap->entry);
1090 master_mutex_unlock();
1091 pthread_setcancelstate(state, NULL);
1092 return 1;
...
1099 if (ioctlfd == -1) {
1100 crit(ap->logopt, "can't open ioctlfd for
%s",
1101 me->key);
1102 pthread_setcancelstate(state, NULL);
1103 return 1;
1104 }
`mc->rwlock' and `ap->entry->source_lock' are still held at line 1103.
Also, is line 1090 unlocking the right thing?
modules/lookup_multi.c:
137 int lookup_init(const char *my_mapfmt, int argc, const char *const
*argv, void **context)
...
162 if (!(ctxt->m = malloc(ctxt->n * sizeof(struct
module_info))) ||
163 !(ctxt->argl = malloc((argc + 1) * sizeof(const char
*))))
164 goto nomem;
...
210 nomem:
211 estr = strerror_r(errno, buf, MAX_ERR_BUF);
212 logerr(MODPREFIX "error: %s", estr);
213 error_out:
214 if (ctxt) {
215 for (i = 0; i < ctxt->n; i++) {
216 if (ctxt->m[i].mod)
217 close_lookup(ctxt->m[i].mod);
218 if (ctxt->m[i].argv)
219 free_argv(ctxt->m[i].argc,
ctxt->m[i].argv);
220 }
`ctxt->m' is unchecked within the loop.
modules/lookup_program.c:
106 int lookup_mount(struct autofs_point *ap, const char *name, int
name_len, void *context)
...
199 mapent = (char *) malloc(MAPENT_MAX_LEN + 1);
...
395 cache_writelock(mc);
396 ret = cache_update(mc, source, name, mapent, time(NULL));
397 cache_unlock(mc);
398 if (ret == CHE_FAIL)
399 return NSS_STATUS_UNAVAIL;
That is a memory leak.
modules/mount_nfs.c:
57 int mount_mount(struct autofs_point *ap, const char *root, const
char *name, int name_len,
...
223 loc = malloc(strlen(this->name) + 1 +
strlen(this->path) + 1);
224 strcpy(loc, this->name);
225 strcat(loc, ":");
226 strcat(loc, this->path);
That is an unchecked malloc(3) call.
lib/mounts.c:
206 struct mnt_list *get_mnt_list(const char *table, const char *path,
int include)
...
265 ent->path = malloc(len + 1);
266 if (!ent->path) {
267 endmntent(tab);
268 free_mnt_list(list);
269 return NULL;
270 }
271 strcpy(ent->path, mnt->mnt_dir);
272
273 ent->fs_name = malloc(strlen(mnt->mnt_fsname) + 1);
274 if (!ent->fs_name) {
275 endmntent(tab);
276 free_mnt_list(list);
277 return NULL;
278 }
279 strcpy(ent->fs_name, mnt->mnt_fsname);
280
281 ent->fs_type = malloc(strlen(mnt->mnt_type) + 1);
282 if (!ent->fs_type) {
283 endmntent(tab);
284 free_mnt_list(list);
285 return NULL;
286 }
287 strcpy(ent->fs_type, mnt->mnt_type);
288
289 ent->opts = malloc(strlen(mnt->mnt_opts) + 1);
290 if (!ent->opts) {
291 endmntent(tab);
292 free_mnt_list(list);
293 return NULL;
294 }
295 strcpy(ent->opts, mnt->mnt_opts);
...
659 struct mnt_list *tree_make_mnt_tree(const char *table, const char
*path)
...
705 ent->path = malloc(len + 1);
706 if (!ent->path) {
707 endmntent(tab);
708 tree_free_mnt_tree(tree);
709 return NULL;
710 }
711 strcpy(ent->path, mnt->mnt_dir);
Those are memory leaks. (`ent' isn't cleaned up and/or freed.)
Also, strdup(3) is useful. :P
modules/parse_sun.c:
840 static int parse_mapent(const char *ent, char *g_options, char
**options, char **location, int logopt)
...
895 if (*p == '/') {
896 warn(logopt, MODPREFIX "error location begins with
\"/\"");
897 free(myoptions);
898 return 0;
899 }
...
1316 int parse_mount(struct autofs_point *ap, const char *name,
...
1637 if (*p == '/') {
1638 free(options);
1639 warn(ap->logopt,
1640 MODPREFIX "error location begins with
\"/\"");
1641 return 1;
1642 }
Those are memory leaks. (`loc' isn't freed.)
modules/parse_sun.c:
266 int parse_init(int argc, const char *const *argv, void **context)
...
387 } else {
388 noptstr = (char *) malloc(len + 1);
389 strcpy(noptstr, argv[i] + offset);
390 optlen = len;
391 }
That is an unchecked malloc(3) call.
_______________________________________________
autofs mailing list
autofs@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/autofs
