Bug 2013934

Summary: watchdog: memory leak when verbose mode is on
Product: [Fedora] Fedora Reporter: Josef Ridky <jridky>
Component: watchdogAssignee: Richard W.M. Jones <rjones>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: rawhideCC: jridky, rjones
Target Milestone: ---Keywords: Security, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: watchdog-5.16-2.fc33 watchdog-5.16-2.fc34 watchdog-5.16-2.fc35 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1997755 Environment:
Last Closed: 2021-10-21 17:06:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Proposed solution none

Description Josef Ridky 2021-10-14 07:25:04 UTC 
Description of problem:

Coverity report shows a memory leak in watchdog-5.16/src/run-as-child.c:102 with `realloc()` call. Issue is that realloc may return `NULL` when there is an error causing `opt` to be a null pointer and losing the pointer to the memory that was allocated by `strdup()` or reallocated by `realloc()`. Recommend using a temporary ptr to assign the return value from realloc in order to test for NULL prior to updating the `opt` pointer.

**This is a hardening bug, not a CVE.**

Version-Release number of selected component (if applicable):
5.16-1

Steps to Reproduce:
1. watchdog needs to be run with the verbose flag
2. watchdog needs to receive test/repair arguments of sufficient length to cause a ENOMEM or another error that may be triggered by realloc
Comment 1 Josef Ridky 2021-10-14 07:26:31 UTC 
Created attachment 1832832 [details]
Proposed solution
Comment 2 Fedora Update System 2021-10-14 08:29:30 UTC 
FEDORA-2021-45b7585d65 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-45b7585d65
Comment 3 Fedora Update System 2021-10-14 08:29:30 UTC 
FEDORA-2021-4cf4b682e8 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-4cf4b682e8
Comment 4 Fedora Update System 2021-10-14 15:50:55 UTC 
FEDORA-2021-45b7585d65 has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-45b7585d65`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-45b7585d65

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2021-10-14 15:57:51 UTC 
FEDORA-2021-31748c40a6 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-31748c40a6`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-31748c40a6

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2021-10-14 18:54:57 UTC 
FEDORA-2021-4cf4b682e8 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-4cf4b682e8`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-4cf4b682e8

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2021-10-21 17:06:56 UTC 
FEDORA-2021-45b7585d65 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 8 Fedora Update System 2021-10-23 03:21:28 UTC 
FEDORA-2021-31748c40a6 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 9 Fedora Update System 2021-10-29 23:05:38 UTC 
FEDORA-2021-4cf4b682e8 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.