FreeBSD Mail Archives

Date:      Wed, 8 Jun 2016 09:40:07 +0000 (UTC)
From:      Don Lewis <truckman@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r301592 - head/lib/libc/resolv
Message-ID:  <201606080940.u589e7kn052250@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: truckman
Date: Wed Jun  8 09:40:06 2016
New Revision: 301592
URL: https://svnweb.freebsd.org/changeset/base/301592

Log:
  Don't leak addrinfo if ai->ai_addrlen <= minsiz test fails.
  
  If the ai->ai_addrlen <= minsiz test fails, then freeaddrinfo()
  does not get called to free the memory just allocated by getaddrinfo().
  Fix by moving ai->ai_addrlen <= minsiz to a separate nested if
  block, and keep freeaddrinfo() in the outer block so that freeaddrinfo()
  will be called whenever getaddrinfo() succeeds.
  
  Reported by:	Coverity
  CID:		1273652
  Reviewed by:	ume
  MFC after:	1 week
  Differential Revision:	https://reviews.freebsd.org/D6756

Modified:
  head/lib/libc/resolv/res_init.c

Modified: head/lib/libc/resolv/res_init.c
==============================================================================
--- head/lib/libc/resolv/res_init.c	Wed Jun  8 09:36:07 2016	(r301591)
+++ head/lib/libc/resolv/res_init.c	Wed Jun  8 09:40:06 2016	(r301592)
@@ -411,20 +411,21 @@ __res_vinit(res_state statp, int preinit
 			hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
 			hints.ai_flags = AI_NUMERICHOST;
 			sprintf(sbuf, "%u", NAMESERVER_PORT);
-			if (getaddrinfo(cp, sbuf, &hints, &ai) == 0 &&
-			    ai->ai_addrlen <= minsiz) {
-			    if (statp->_u._ext.ext != NULL) {
-				memcpy(&statp->_u._ext.ext->nsaddrs[nserv],
-				    ai->ai_addr, ai->ai_addrlen);
+			if (getaddrinfo(cp, sbuf, &hints, &ai) == 0) {
+			    if (ai->ai_addrlen <= minsiz) {
+				if (statp->_u._ext.ext != NULL) {
+				    memcpy(&statp->_u._ext.ext->nsaddrs[nserv],
+					ai->ai_addr, ai->ai_addrlen);
+				}
+				if (ai->ai_addrlen <=
+				    sizeof(statp->nsaddr_list[nserv])) {
+				    memcpy(&statp->nsaddr_list[nserv],
+					ai->ai_addr, ai->ai_addrlen);
+				} else
+				    statp->nsaddr_list[nserv].sin_family = 0;
+				nserv++;
 			    }
-			    if (ai->ai_addrlen <=
-			        sizeof(statp->nsaddr_list[nserv])) {
-				memcpy(&statp->nsaddr_list[nserv],
-				    ai->ai_addr, ai->ai_addrlen);
-			    } else
-				statp->nsaddr_list[nserv].sin_family = 0;
 			    freeaddrinfo(ai);
-			    nserv++;
 			}
 		    }
 		    continue;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606080940.u589e7kn052250>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation