NetBSD Problem Report #53365

From www@NetBSD.org  Thu Jun 14 15:14:50 2018
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id C35BC7A183
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 14 Jun 2018 15:14:49 +0000 (UTC)
Message-Id: <20180614151448.AF0347A261@mollari.NetBSD.org>
Date: Thu, 14 Jun 2018 15:14:48 +0000 (UTC)
From: thomas.barabosch@fkie.fraunhofer.de
Reply-To: thomas.barabosch@fkie.fraunhofer.de
To: gnats-bugs@NetBSD.org
Subject: Potential memory leak in route6d
X-Send-Pr-Version: www-1.0

>Number:         53365
>Category:       bin
>Synopsis:       Potential memory leak in route6d
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          needs-pullups
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 14 15:15:00 +0000 2018
>Closed-Date:    
>Last-Modified:  Sat Jun 16 21:10:39 +0000 2018
>Originator:     Thomas Barabosch
>Release:        7.1.2
>Organization:
Fraunhofer FKIE
>Environment:
>Description:
While looking at OpenBSD's code of usr.sbin/route6d/route6d.c I found that they are not using getaddrinfo according to the manual, since they do not free with freeaddrinfo. This leads to a potential memory leak.

I had a look at the other BSDs (FreeBSD and NetBSD). It seems to be fixed in FreeBSD, however it is not fixed in NetBSD. For more info also see https://marc.info/?l=openbsd-bugs&m=152898636019957&w=2

Furthermore, I've attached a patch.
>How-To-Repeat:

>Fix:
--- usr.sbin/route6d/route6d.c	2018-06-13 11:00:35.695879411 +0200
+++ usr.sbin/route6d/route6d.c.patched	2018-06-14 17:12:11.457373471 +0200
@@ -594,6 +594,7 @@
 		fatal("rip IPV6_RECVPKTINFO");
 	}

+	freeaddrinfo(res);
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = PF_INET6;
 	hints.ai_socktype = SOCK_DGRAM;
@@ -605,6 +606,7 @@
 		fatal("%s resolved to multiple address", RIP6_DEST);
 	}
 	memcpy(&ripsin, res->ai_addr, res->ai_addrlen);
+	freeaddrinfo(res);

 	set[0].fd = ripsock;
 	set[0].events = POLLIN;

>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/53365 CVS commit: src/usr.sbin/route6d
Date: Thu, 14 Jun 2018 12:17:19 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Thu Jun 14 16:17:19 UTC 2018

 Modified Files:
 	src/usr.sbin/route6d: route6d.c

 Log Message:
 PR/53365: Thomas Barabosch: memory leak in route6d
 XXX: pullup 7, 8


 To generate a diff of this commit:
 cvs rdiff -u -r1.71 -r1.72 src/usr.sbin/route6d/route6d.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->needs-pullups
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sat, 16 Jun 2018 21:10:39 +0000
State-Changed-Why:
christos fixed it in head


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.