This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer
- From: Andreas Schwab <schwab at suse dot de>
- To: libc-alpha at sourceware dot org
- Date: Thu, 13 Feb 2014 12:59:12 +0100
- Subject: [PATCH] Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer
- Authentication-results: sourceware.org; auth=none
As described in the BZ big DNS answers that trigger the allocation of a
second answer buffer causes the allocation to be lost by the nss_dns
module. In the failure case the deallocation is already handled by
__libc_res_nsearch.
Andreas.
[BZ #16574]
* resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname4_r): Free the
second answer buffer if it was separately allocated.
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index 541c25a..365de70 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -298,13 +298,14 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
name = cp;
}
+ int anslen = 2048;
union
{
querybuf *buf;
u_char *ptr;
} host_buffer;
querybuf *orig_host_buffer;
- host_buffer.buf = orig_host_buffer = (querybuf *) alloca (2048);
+ host_buffer.buf = orig_host_buffer = (querybuf *) alloca (anslen);
u_char *ans2p = NULL;
int nans2p = 0;
int resplen2 = 0;
@@ -312,7 +313,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
int olderr = errno;
enum nss_status status;
int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC,
- host_buffer.buf->buf, 2048, &host_buffer.ptr,
+ host_buffer.buf->buf, anslen, &host_buffer.ptr,
&ans2p, &nans2p, &resplen2);
if (n < 0)
{
@@ -352,6 +353,13 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
resplen2, name, pat, buffer, buflen,
errnop, herrnop, ttlp);
+ /* Check whether ans2p was separately allocated. */
+ if (host_buffer.buf != orig_host_buffer)
+ anslen = MAXPACKET;
+ if (ans2p != NULL
+ && (ans2p < host_buffer.ptr || ans2p >= host_buffer.ptr + anslen))
+ free (ans2p);
+
if (host_buffer.buf != orig_host_buffer)
free (host_buffer.buf);
--
1.8.5.4
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."