NetBSD Problem Report #38677

From martin@duskware.de  Sat May 17 12:58:05 2008
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 67F4C63B9EE
	for <gnats-bugs@gnats.netbsd.org>; Sat, 17 May 2008 12:58:05 +0000 (UTC)
Message-Id: <20080517062331.2288E63B8BC@narn.NetBSD.org>
Date: Sat, 17 May 2008 06:23:31 +0000 (UTC)
From: mtbakerguy@yahoo.com
Reply-To: mtbakerguy@yahoo.com
To: netbsd-bugs-owner@NetBSD.org
Subject: memory leak in getnetnamadr.c
X-Send-Pr-Version: www-1.0

>Number:         38677
>Category:       lib
>Synopsis:       memory leak in getnetnamadr.c
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 17 13:00:00 +0000 2008
>Last-Modified:  Sat Jun 16 06:51:25 +0000 2012
>Originator:     B K
>Release:        current
>Organization:
home
>Environment:
NetBSD new-host-2 4.99.60 NetBSD 4.99.60 (ZZZZ) #1: Sat Apr 19 08:46:10 PDT 2008  root@new-host-2:/usr/obj/sys/arch/i386/compile/ZZZZ i386

>Description:
Memleak found via code inspection.

Also noticed some code in getaddrinfo.c that could be made more robust* and cleaner by coalescing some memory allocation.

*as long as a single 128kb allocation is more likely to succeed than 2 separate 64kb allocations.  As I write this, I wonder if the getnetnamadr leak ever gets triggered since a 64kb leak would be hard to miss.
>How-To-Repeat:
N/A --> strictly from code inspection
>Fix:
Lightly-tested diff follows:

Index: getaddrinfo.c
===================================================================
RCS file: /cvsroot/src/lib/libc/net/getaddrinfo.c,v
retrieving revision 1.91
diff -d -u -r1.91 getaddrinfo.c
--- getaddrinfo.c       19 Apr 2008 07:56:34 -0000      1.91
+++ getaddrinfo.c       17 May 2008 06:08:18 -0000
@@ -1285,17 +1285,12 @@
        memset(&sentinel, 0, sizeof(sentinel));
        cur = &sentinel;

-       buf = malloc(sizeof(*buf));
+       buf = malloc(sizeof(*buf) * 2);
        if (buf == NULL) {
                h_errno = NETDB_INTERNAL;
                return NS_NOTFOUND;
        }
-       buf2 = malloc(sizeof(*buf2));
-       if (buf2 == NULL) {
-               free(buf);
-               h_errno = NETDB_INTERNAL;
-               return NS_NOTFOUND;
-       }
+       buf2 = buf + 1;

        switch (pai->ai_family) {
        case AF_UNSPEC:
@@ -1328,21 +1323,18 @@
                break;
        default:
                free(buf);
-               free(buf2);
                return NS_UNAVAIL;
        }

        res = __res_get_state();
        if (res == NULL) {
                free(buf);
-               free(buf2);
                return NS_NOTFOUND;
        }

        if (res_searchN(name, &q, res) < 0) {
                __res_put_state(res);
                free(buf);
-               free(buf2);
                return NS_NOTFOUND;
        }
        ai = getanswer(buf, q.n, q.name, q.qtype, pai);
@@ -1357,7 +1349,6 @@
                        cur->ai_next = ai;
        }
        free(buf);
-       free(buf2);
        if (sentinel.ai_next == NULL) {
                __res_put_state(res);
                switch (h_errno) {
Index: getnetnamadr.c
===================================================================
RCS file: /cvsroot/src/lib/libc/net/getnetnamadr.c,v
retrieving revision 1.40
diff -d -u -r1.40 getnetnamadr.c
--- getnetnamadr.c      8 May 2008 13:01:42 -0000       1.40
+++ getnetnamadr.c      17 May 2008 06:08:18 -0000
@@ -343,8 +343,10 @@
                return NS_NOTFOUND;
        }
        res = __res_get_state();
-       if (res == NULL)
+       if (res == NULL) {
+               free(buf);
                return NS_NOTFOUND;
+        }
        anslen = res_nquery(res, qbuf, C_IN, T_PTR, buf->buf, sizeof(buf->buf));
        if (anslen < 0) {
                free(buf);


>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: lib-bug-people->lukem
Responsible-Changed-By: lukem@NetBSD.org
Responsible-Changed-When: Sun, 18 May 2008 22:36:07 +0000
Responsible-Changed-Why:
I'll work on this


From: Luke Mewburn <lukem@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/38677 CVS commit: src/lib/libc/net
Date: Sun, 18 May 2008 22:36:15 +0000 (UTC)

 Module Name:	src
 Committed By:	lukem
 Date:		Sun May 18 22:36:15 UTC 2008

 Modified Files:
 	src/lib/libc/net: getnetnamadr.c

 Log Message:
 Fix possible memory leak in error path.
 Part of PR 38677.


 To generate a diff of this commit:
 cvs rdiff -r1.40 -r1.41 src/lib/libc/net/getnetnamadr.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Responsible-Changed-From-To: lukem->lib-bug-people
Responsible-Changed-By: lukem@NetBSD.org
Responsible-Changed-When: Sat, 16 Jun 2012 06:51:25 +0000
Responsible-Changed-Why:
I'm not going to get time to finish this


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.