This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nis/10203] New: NIS setpwent/getpwent/endpwent memory leak
- From: "jlanders at vmware dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 26 May 2009 21:07:14 -0000
- Subject: [Bug nis/10203] New: NIS setpwent/getpwent/endpwent memory leak
- Reply-to: sourceware-bugzilla at sourceware dot org
When the name server switch gets configured for NIS:
passwd: nis files
and the password map is larger than MINSIZE, _nis_saveit in
nis/nss_nis/nis-pwd.c allocates linked blocks with intern.start pointing at the
first block. internal_nis_setpwent() initially sets intern.next to intern.start.
Currently, internal_nis_endpwent() uses intern.next as the starting block to
iterate over the chain when free'ing blocks.
When getpwent() gets called, however, intern.next can be reset to another block
in the chain. As a result, the following program will cause allocated blocks to
be never be free'd since in this case intern.next points at the last block and
the "next" pointer on this block is set to NULL.
#include <stdio.h>
#include <malloc.h>
#include <sys/types.h>
#include <pwd.h>
#include <unistd.h>
int
main(int argc, char *argv[])
{
struct passwd *entry;
setpwent();
entry = getpwent();
while (entry != NULL) {
entry = getpwent();
}
endpwent();
return 0;
}
After internal_nis_endpwent(), sets intern.next and intern.start to NULL, the
other allocated blocks on the chain are irretrievably lost. This issue exists in
other releases prior to glibc-2.10, including glibc-2.5 on RHEL 5.3.
The easiest fix is to make internal_nis_endpwent() use intern.start directly
instead of intern.next.
diff -urNp a/nis/nss_nis/nis-pwd.c b/nis/nss_nis/nis-pwd.c
--- a/nis/nss_nis/nis-pwd.c 2006-05-01 15:31:15.000000000 -0700
+++ b/nis/nss_nis/nis-pwd.c 2009-05-26 12:55:09.000000000 -0700
@@ -116,7 +116,7 @@ internal_nis_endpwent (void)
oldkeylen = 0;
}
- struct response_t *curr = intern.next;
+ struct response_t *curr = intern.start;
while (curr != NULL)
{
Thanks,
Joe
--
Summary: NIS setpwent/getpwent/endpwent memory leak
Product: glibc
Version: 2.10
Status: NEW
Severity: normal
Priority: P2
Component: nis
AssignedTo: kukuk at suse dot de
ReportedBy: jlanders at vmware dot com
CC: glibc-bugs at sources dot redhat dot com
GCC build triplet: x86_64-linuxnptl
GCC host triplet: x86_64-linuxnptl
GCC target triplet: x86_64-linuxnptl
http://sourceware.org/bugzilla/show_bug.cgi?id=10203
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.