This is the mail archive of the
libc-hacker@cygnus.com
mailing list for the glibc project.
Re: A new patch for NIS+ memory leak
Hello,
Here is a patch, which fixes all possible leaks in nis_table.c I have
found, and nis_file.c. I will look the next days in the other sources.
Uli, please check this patch in.
Thorsten
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de
SuSE GmbH Schanzaeckerstr. 10 90443 Nuernberg
Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.
1999-05-05 Thorsten Kukuk <kukuk@suse.de>
* nis/nis_file.c (readColdStartFile): Allocate memory only
after the file is opened successfully.
* nis/nis_table.c: Fix some memory leaks.
Index: nis_table.c
===================================================================
RCS file: /glibc/cvsfiles/libc/nis/nis_table.c,v
retrieving revision 1.16
diff -u -r1.16 nis_table.c
--- nis_table.c 1999/04/28 22:08:46 1.16
+++ nis_table.c 1999/05/05 16:55:08
@@ -1,6 +1,6 @@
-/* Copyright (c) 1997, 1998 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 1998, 1999 Free Software Foundation, Inc.
This file is part of the GNU C Library.
- Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
+ Contributed by Thorsten Kukuk <kukuk@suse.de>, 1997.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public License as
@@ -34,6 +34,9 @@
char *cptr;
size_t size = 0;
+ if (ibreq == NULL)
+ return NULL;
+
ibreq->ibr_flags = flags;
cptr = strcpy (buf, name);
@@ -48,7 +51,11 @@
/* "[key=value,...],foo" format */
ibreq->ibr_name = strchr (cptr, ']');
if (ibreq->ibr_name == NULL || ibreq->ibr_name[1] != ',')
- return NULL;
+ {
+ ibreq->ibr_name = NULL; /* Or the xdr_* functions will dump */
+ nis_free_request (ibreq);
+ return NULL;
+ }
/* Check if we have an entry of "[key=value,],bar". If, remove the "," */
if (ibreq->ibr_name[-1] == ',')
@@ -88,6 +95,9 @@
search_val[search_len].zattr_ndx = strdup (key);
if ((search_val[search_len].zattr_ndx) == NULL)
{
+ /* Let nis_free_request do the job for freeing search_val */
+ ibreq->ibr_srch.ibr_srch_val = search_val;
+ ibreq->ibr_srch.ibr_srch_len = search_len;
nis_free_request (ibreq);
return NULL;
}
@@ -95,6 +105,10 @@
search_val[search_len].zattr_val.zattr_val_val = strdup (val);
if (search_val[search_len].zattr_val.zattr_val_val == NULL)
{
+ /* Let nis_free_request do the job for freeing search_val */
+ search_val[search_len].zattr_val.zattr_val_len = 0;
+ ibreq->ibr_srch.ibr_srch_val = search_val;
+ ibreq->ibr_srch.ibr_srch_len = search_len + 1;
nis_free_request (ibreq);
return NULL;
}
@@ -148,7 +162,7 @@
const void *userdata),
const void *userdata)
{
- nis_result *res = NULL;
+ nis_result *res = calloc (1, sizeof (nis_result));
ib_request *ibreq;
int status;
enum clnt_stat clnt_status;
@@ -162,7 +176,6 @@
int have_tablepath = 0;
int first_try = 0; /* Do we try the old binding at first ? */
- res = calloc (1, sizeof (nis_result));
if (res == NULL)
return NULL;
@@ -186,6 +199,7 @@
ibreq->ibr_name = NULL;
if (names == NULL)
{
+ nis_free_request (ibreq);
NIS_RES_STATUS (res) = NIS_BADNAME;
return res;
}
@@ -209,6 +223,7 @@
status = __nisfind_server (ibreq->ibr_name, &dir);
if (status != NIS_SUCCESS)
{
+ nis_free_request (ibreq);
NIS_RES_STATUS (res) = status;
return res;
}
@@ -217,6 +232,7 @@
dir->do_servers.do_servers_len, flags);
if (status != NIS_SUCCESS)
{
+ nis_free_request (ibreq);
NIS_RES_STATUS (res) = status;
nis_free_directory (dir);
return res;
@@ -227,6 +243,7 @@
{
__nisbind_destroy (&bptr);
nis_free_directory (dir);
+ nis_free_request (ibreq);
NIS_RES_STATUS (res) = NIS_NAMEUNREACHABLE;
return res;
}
@@ -256,6 +273,7 @@
flags & FOLLOW_LINKS) /* We are following links. */
{
free (ibreq->ibr_name);
+ ibreq->ibr_name = NULL;
/* If we hit the link limit, bail. */
if (count_links > NIS_MAXLINKS)
{
@@ -313,8 +331,11 @@
ibreq->ibr_name = strdup (ibreq->ibr_name);
nis_freeresult (res);
res = calloc (1, sizeof (nis_result));
- if (res == NULL)
+ if (res == NULL || ibreq->ibr_name == NULL)
{
+ if (res)
+ free (res);
+ nis_free_request (ibreq);
if (have_tablepath)
free (tablepath);
__nisbind_destroy (&bptr);
@@ -471,6 +492,7 @@
ibreq->ibr_obj.ibr_obj_val = nis_clone_object (&obj, NULL);
if (ibreq->ibr_obj.ibr_obj_val == NULL)
{
+ nis_free_request (ibreq);
NIS_RES_STATUS (res) = NIS_NOMEMORY;
return res;
}
@@ -526,6 +548,7 @@
ibreq->ibr_obj.ibr_obj_val = nis_clone_object (&obj, NULL);
if (ibreq->ibr_obj.ibr_obj_val == NULL)
{
+ nis_free_request (ibreq);
NIS_RES_STATUS (res) = NIS_NOMEMORY;
return res;
}
@@ -571,6 +594,7 @@
ibreq->ibr_obj.ibr_obj_val = nis_clone_object (obj, NULL);
if (ibreq->ibr_obj.ibr_obj_val == NULL)
{
+ nis_free_request (ibreq);
NIS_RES_STATUS (res) = NIS_NOMEMORY;
return res;
}
Index: nis_file.c
===================================================================
RCS file: /glibc/cvsfiles/libc/nis/nis_file.c,v
retrieving revision 1.10
diff -u -r1.10 nis_file.c
--- nis_file.c 1998/07/28 13:51:35 1.10
+++ nis_file.c 1999/05/05 16:59:26
@@ -1,4 +1,4 @@
-/* Copyright (c) 1997, 1998 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 1998, 1999 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
@@ -31,14 +31,19 @@
XDR xdrs;
FILE *in;
bool_t status;
- directory_obj *obj = calloc (1, sizeof (directory_obj));
+ directory_obj *obj;
- if (obj == NULL)
- return NULL;
-
in = fopen (cold_start_file, "rb");
if (in == NULL)
return NULL;
+
+ obj = calloc (1, sizeof (directory_obj));
+ if (obj == NULL)
+ {
+ fclose (in);
+ return NULL;
+ }
+
xdrstdio_create (&xdrs, in, XDR_DECODE);
status = _xdr_directory_obj (&xdrs, obj);
xdr_destroy (&xdrs);