Patchwork Fix memory leak in __res_vinit/__res_iclose

login
register
mail settings
Submitter Aurelien Jarno
Date March 14, 2016, 7:01 p.m.
Message ID <1457982089-16937-1-git-send-email-aurelien@aurel32.net>
Download mbox | patch
Permalink /patch/11335/
State New
Headers show

Comments

Aurelien Jarno - March 14, 2016, 7:01 p.m.
When resolv.conf contains IPv6 nameservers, __res_vinit stores their
address in malloced areas, pointed by statp->_u._ext.nsaddrs. They are
supposed to be freed later by __res_iclose, but it doesn't work as the
loop is done on statp->_u._ext.nscount instead of statp->nscount. This
causes a memory leak. This patch fixes it.

Changelog:
	[BZ #19527]
	* resolv/res_init.c (__res_iclose): Loop on statp->nscount instead of
	statp->_u._ext.nscount.
---
 ChangeLog         | 6 ++++++
 resolv/res_init.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)
Aurelien Jarno - March 14, 2016, 7:08 p.m.
On 2016-03-14 20:01, Aurelien Jarno wrote:
> When resolv.conf contains IPv6 nameservers, __res_vinit stores their
> address in malloced areas, pointed by statp->_u._ext.nsaddrs. They are
> supposed to be freed later by __res_iclose, but it doesn't work as the
> loop is done on statp->_u._ext.nscount instead of statp->nscount. This
> causes a memory leak. This patch fixes it.
> 
> Changelog:
> 	[BZ #19527]
> 	* resolv/res_init.c (__res_iclose): Loop on statp->nscount instead of
> 	statp->_u._ext.nscount.
> ---
>  ChangeLog         | 6 ++++++
>  resolv/res_init.c | 2 +-
>  2 files changed, 7 insertions(+), 1 deletion(-)

I have just been pointed by Florian Weimer that Andreas Weimer already
posted a patch. Sorry about that, I missed it.

Patch

diff --git a/ChangeLog b/ChangeLog
index 4cc920d..2b390ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@ 
+2016-03-14  Aurelien Jarno  <aurelien@aurel32.net>
+
+	[BZ #19527]
+	* resolv/res_init.c (__res_iclose): Loop on statp->nscount instead of
+	statp->_u._ext.nscount.
+
 2016-03-13  Samuel Thibault  <samuel.thibault@ens-lyon.org
 
 	* sysdeps/posix/waitid.c (OUR_WAITID): Test against WSTOPPED instead of
diff --git a/resolv/res_init.c b/resolv/res_init.c
index 128004a..02590fb 100644
--- a/resolv/res_init.c
+++ b/resolv/res_init.c
@@ -580,7 +580,7 @@  __res_iclose(res_state statp, bool free_addr) {
 		statp->_vcsock = -1;
 		statp->_flags &= ~(RES_F_VC | RES_F_CONN);
 	}
-	for (ns = 0; ns < statp->_u._ext.nscount; ns++)
+	for (ns = 0; ns < statp->nscount; ns++)
 		if (statp->_u._ext.nsaddrs[ns]) {
 			if (statp->_u._ext.nssocks[ns] != -1) {
 				close_not_cancel_no_status(statp->_u._ext.nssocks[ns]);