From patchwork Fri Sep 22 17:11:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Geissler X-Patchwork-Id: 76592 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 778BD38582A9 for ; Fri, 22 Sep 2023 17:13:14 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2054.outbound.protection.outlook.com [40.107.104.54]) by sourceware.org (Postfix) with ESMTPS id 532453858D28 for ; Fri, 22 Sep 2023 17:12:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 532453858D28 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=amadeus.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=amadeus.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZbnPXnRmq9g4xPxgFb3UNpNfFNHv7Byh5PXAMjJ4RCBG3ntLrELHj0Ni1p3bm2hf/ynAlhrZeUiKybGcr5//AtFi2aS+YzO1MEZg+kSmdJ0TiCacKgAV+Ab2PlGPN4UeXaxZ0yEG2vuWgSNuks9DILn3vLteOk3K2En0vtNmbkVKQPQ2GdOyLtNL/uxK8shTCU4KMkZmWP/SmVI/VY+w60IJ9OyYHZuHkcAI81IjmJjPZHV2Sw4+WPLj6HYO9+zEVGfZLeCpqxUGm3+mDSnjY+tutmoGBHFjCtdgE+NdoeDR4KeMC9+bzHAt2iGtZH5lc2XAwiW3XZnk7IDRA35aYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dQpaVYe0hSsCmeKiAHcEagTz3d3MldkKSjUE3YlmiCE=; b=KDfoWiQVZ0AL98VTF7nBmoWh74FXzMqPgEk/jEii3dAxQacAvFcbMPu8nS4uH5/oZaXsj+BWTUmIPghti4ply1+AXdpe/cl6LTzDm353iMUWGhSXAK3T681R5plI/VwJ32KVhz8vrimQMAxcqzI9OluYshN05G3L9YE2jNFUyGAoRvy63DiX+l6GUxcw+BaWT30mKFlhpoatWFNTodlW3klu9MQYBFVtRxeORq15lklcKzrptaTq2C0iN80wq8C8RKxS1dz3jlMf0VXz5HRkfExLMiTTdxvkpjtzkEQowxS8xRhoGclwT7oIDK3jpOD7A45GEcc2G0VFY+l20pWV6A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 171.17.131.35) smtp.rcpttodomain=sourceware.org smtp.mailfrom=amadeus.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=amadeus.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amadeus.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dQpaVYe0hSsCmeKiAHcEagTz3d3MldkKSjUE3YlmiCE=; b=b5XX2VTtVsoBegI3zTA1WEsgD0WzdZ0Y5HuWXV2CTDx+Z/FKq+UnzHxrFbwgB6UO+ancfIOjyickcSlNDAaFuSRBrpBwg0u/kinxkTzIPYQEI+TlUD2fMBBEJG+PunJU4FAHNipAB69pcWwjteycdabCZRMmwfhwGQ81WcLtUwRvzEKwk2AFJnmU2eF5BrPVjnL9wonnHoeaZ7dHlVTbvrAYk7FSmHNUFBl4fMK5i2qmesbKWE4GZez0ucoSPs24wM75G+MJBo6NfrVWHQwvwBdPo5yKjB1XSEZejY80QIjH/sgdbL4YzUhImhR0ZCSga2kFMc02X5SNhhefhHMWUw== Received: from AM6P195CA0001.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:81::14) by GV2PR10MB7558.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:dc::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.23; Fri, 22 Sep 2023 17:12:44 +0000 Received: from AM2PEPF0001C70E.eurprd05.prod.outlook.com (2603:10a6:209:81:cafe::e8) by AM6P195CA0001.outlook.office365.com (2603:10a6:209:81::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.32 via Frontend Transport; Fri, 22 Sep 2023 17:12:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 171.17.131.35) smtp.mailfrom=amadeus.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amadeus.com; Received-SPF: Pass (protection.outlook.com: domain of amadeus.com designates 171.17.131.35 as permitted sender) receiver=protection.outlook.com; client-ip=171.17.131.35; helo=smtpexch.amadeus.com; pr=C Received: from smtpexch.amadeus.com (171.17.131.35) by AM2PEPF0001C70E.mail.protection.outlook.com (10.167.16.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.20 via Frontend Transport; Fri, 22 Sep 2023 17:12:44 +0000 Received: from MUCEX20MBX001.iis.amadeus.net (172.19.131.74) by smtpexch.amadeus.com (172.19.134.54) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.25; Fri, 22 Sep 2023 17:11:43 +0000 Received: from b2c0fece6092.rnd.amadeus.net (10.64.176.26) by MUCEX20MBX001.iis.amadeus.net (172.19.131.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.25; Fri, 22 Sep 2023 17:12:43 +0000 From: Romain Geissler To: CC: Subject: [PATCH] Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806. Date: Fri, 22 Sep 2023 17:11:58 +0000 Message-ID: <20230922171157.65-1-romain.geissler@amadeus.com> X-Mailer: git-send-email 2.39.3 MIME-Version: 1.0 X-ClientProxiedBy: MUCEXHYBP02.iis.amadeus.net (172.19.131.108) To MUCEX20MBX001.iis.amadeus.net (172.19.131.74) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM2PEPF0001C70E:EE_|GV2PR10MB7558:EE_ X-MS-Office365-Filtering-Correlation-Id: ed0f356b-47bc-40da-b079-08dbbb8f230f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Jf7WotLwdtAWqmSbKGZOSok8KDy9Bl+sSDGP5STumKMFl4kzH/CSmD5yecR0zVwoeFeWP42OMzAmTEM8wOr29NTMv5jsj3bsviODWr3yJ09xS7Sbjjo9/LT5/L73dWMMd116cOu2OVFfens4vkgrdcMoGNb4erb5XN2kj9V9kZ8GD7013U1tGMb7Li5YFUnEOvqmgvP6A1ANOrOnrCch0lqH0tkrqbJlODiGzP3IFB1oIxZYk9AYiRWwQ9vRy71Xam7qFXMrprJU2ehGT28z3DcTelEWGsYpZk2r02dkbMXtiTm/C5hG73I7drFJhQ4oEZY64hvwVVDKT4aOhYkRQOoTNSkB0/YsogTgYQmiUDX3SaO8Py0UHAgklTDjmqRrcA4v9WzfWTfC0jSDT3Y28+RLGvbxwWdHtKN3eiqeMKk+O+Vtfhc/ryVQeKonEeqwVjrqY7qFfZNZz8RquyC1N0gZDkJPe44+TMgc3iTmYOfT/+F5n7hDFN/Rgv8rFkfB5DrYbi/csZfTHT1tMwYv02Ist+eIyLafuGRlKWd+g6CBxiLatC5ErCSmeZBqoIF++2+0L+IFR5eU5NVQKsZ+Bjb3MI/Wd/RsA1x3Cy2MgHXss4bndSPxxPKdNifqmmwSXrwhOqypTajQiRLAC66tEWk6PAiQ88Nl+3O0QS+/nrE5SEqOv5pJBl9JMkjWq9p1WIVQaaUpi6ePj3s4E7nfD+RMair0ZAhROD9ze6jDpIgkCVz6YsJIABG7yFY11qNw9pVUV/7U0QLDULPYr+h84xGaJnAMSrOTLca+HB1GYuSZRG9uuBJ+0muZIG1y9BSy X-Forefront-Antispam-Report: CIP:171.17.131.35; CTRY:DE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:smtpexch.amadeus.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(396003)(136003)(346002)(376002)(39860400002)(1800799009)(186009)(230921699003)(451199024)(82310400011)(46966006)(36840700001)(40470700004)(36756003)(40480700001)(40460700003)(107886003)(2616005)(26005)(1076003)(336012)(82960400001)(5660300002)(2906002)(86362001)(44832011)(6916009)(8936002)(8676002)(82740400003)(81166007)(36860700001)(356005)(41300700001)(70206006)(70586007)(316002)(47076005)(478600001)(83380400001)(4326008)(6666004)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amadeus.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Sep 2023 17:12:44.5224 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ed0f356b-47bc-40da-b079-08dbbb8f230f X-MS-Exchange-CrossTenant-Id: b3f4f7c2-72ce-4192-aba4-d6c7719b5766 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b3f4f7c2-72ce-4192-aba4-d6c7719b5766; Ip=[171.17.131.35]; Helo=[smtpexch.amadeus.com] X-MS-Exchange-CrossTenant-AuthSource: AM2PEPF0001C70E.eurprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR10MB7558 X-Spam-Status: No, score=-11.0 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org This patch fixes a very recently added leak in getaddrinfo (which was backported on release branches too). I didn't spend much more than 5 minutes on investigating the code to end up with this patch, so it may be wrong. Quickly testing it on my side, it seems to work for me, but it definitely needs review from people who actually know this part of the code ;) Running a stripped down version of the newly added test nss/nss_test_gai_hv2_canonname.c with valgrind results in exposure of the leak: > cat test.c int main() { char aHostName[256]; gethostname(aHostName,255); struct addrinfo hints = {}; struct addrinfo *result = NULL; hints.ai_family = AF_INET6; hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME; int ret = getaddrinfo(aHostName, NULL, &hints, &result); if (ret != 0) return 1; freeaddrinfo(result); return 0; } > /opt/1A/toolchain/x86_64-v19/bin/gcc -g -o test test.c > /opt/1A/toolchain/x86_64-v19/build-pack/default/bin/valgrind --leak-check=full ./test ... (snapped) ==68017== 37 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==68017== at 0x4840745: malloc (in /remote/tools/Linux/2.6/1A/toolchain/x86_64-v19.0.81/build-pack/19.0.81.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==68017== by 0x48E7CDA: strdup (in /remote/tools/Linux/2.6/1A/toolchain/x86_64-v19.0.81/lib/libc.so.6) ==68017== by 0x4936582: convert_hostent_to_gaih_addrtuple.isra.0 (in /remote/tools/Linux/2.6/1A/toolchain/x86_64-v19.0.81/lib/libc.so.6) ==68017== by 0x4936787: gethosts (in /remote/tools/Linux/2.6/1A/toolchain/x86_64-v19.0.81/lib/libc.so.6) ==68017== by 0x4938F37: getaddrinfo (in /remote/tools/Linux/2.6/1A/toolchain/x86_64-v19.0.81/lib/libc.so.6) ==68017== by 0x4011A5: main (test.c:17) ... (snapped) Reviewed-by: DJ Delorie --- sysdeps/posix/getaddrinfo.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c index b4e8ea3880a..5f5bc3fd51f 100644 --- a/sysdeps/posix/getaddrinfo.c +++ b/sysdeps/posix/getaddrinfo.c @@ -1199,6 +1199,7 @@ free_and_return: if (res.free_at) free (res.at); free (res.canon); + free (res.h_name); return result; }