From patchwork Wed Feb 2 16:39:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 50678 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B5C4B3858C2C for ; Wed, 2 Feb 2022 16:39:41 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B5C4B3858C2C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1643819981; bh=Vl7q1eJsyV+HA67sm2HgYnHBOMuPp7jQfcwmBQg6aJI=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=r2pScZZVEjDOhWmQq1nPTsMbsQNTMhLkalJ+JN9mKQb3FV/+R3eJA7E0zB0KZt1pM zNM/EYGWJqcNff5h5RsNaFHgocOJ2mIWEsCypL1jCSSeilh0x3iA1XQlMhhpYUhmR9 vggLXA7rTYkEa8mqlmLDIag/Nbzg1MjMwXHJAWZM= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from purple.birch.relay.mailchannels.net (purple.birch.relay.mailchannels.net [23.83.209.150]) by sourceware.org (Postfix) with ESMTPS id 89DA73858C2C for ; Wed, 2 Feb 2022 16:39:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 89DA73858C2C X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id AD0086226B4 for ; Wed, 2 Feb 2022 16:39:15 +0000 (UTC) Received: from pdx1-sub0-mail-a306.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 4CC4E62275E for ; Wed, 2 Feb 2022 16:39:15 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a306.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.124.31.106 (trex/6.4.3); Wed, 02 Feb 2022 16:39:15 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Daffy-Tasty: 283669051db35ac3_1643819955599_210854742 X-MC-Loop-Signature: 1643819955599:72964454 X-MC-Ingress-Time: 1643819955599 Received: from rhbox.redhat.com (unknown [1.186.122.255]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a306.dreamhost.com (Postfix) with ESMTPSA id 4JpnZ94BfYz4F for ; Wed, 2 Feb 2022 08:39:13 -0800 (PST) To: libc-alpha@sourceware.org Subject: [PATCH] getaddrinfo: Fix leak with AI_ALL [BZ #28852] Date: Wed, 2 Feb 2022 22:09:02 +0530 Message-Id: <20220202163902.3596109-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Status: No, score=-3494.4 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, RCVD_IN_SBL, SPF_HELO_NONE, SPF_NEUTRAL, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Siddhesh Poyarekar via Libc-alpha From: Siddhesh Poyarekar Reply-To: Siddhesh Poyarekar Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" Avoid allocating multiple blocks in convert_hostent_to_gaih_addrtuple because it's not possible to free the second block in the caller gaih_inet. Instead, use realloc and fix up pointers in the result list. Resolves BZ #28852. Signed-off-by: Siddhesh Poyarekar --- This is for 2.36; I'll backport the fix to 2.35 after the release is cut. Tested check and xcheck on x86_64 and also verified using valgrind that the reproducer in the bugzilla is fixed. mtrace doesn't show this leak for some reason, so the reproducer could not be adapted to a glibc test case. sysdeps/posix/getaddrinfo.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c index 18dccd5924..652a1a43d4 100644 --- a/sysdeps/posix/getaddrinfo.c +++ b/sysdeps/posix/getaddrinfo.c @@ -199,9 +199,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, struct hostent *h, struct gaih_addrtuple **result) { - while (*result) - result = &(*result)->next; - /* Count the number of addresses in h->h_addr_list. */ size_t count = 0; for (char **p = h->h_addr_list; *p != NULL; ++p) @@ -212,10 +209,30 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, if (count == 0 || h->h_length > sizeof (((struct gaih_addrtuple) {}).addr)) return true; - struct gaih_addrtuple *array = calloc (count, sizeof (*array)); + struct gaih_addrtuple *array = *result; + size_t old = 0; + + while (array) + { + old++; + array = array->next; + } + + array = realloc (*result, (old + count) * sizeof (*array)); + if (array == NULL) return false; + *result = array; + + /* Update the next pointers on reallocation. */ + for (size_t i = 0; i < old; i++) + array[i].next = array + i + 1; + + array += old; + + memset (array, 0, count * sizeof (*array)); + for (size_t i = 0; i < count; ++i) { if (family == AF_INET && req->ai_family == AF_INET6) @@ -235,7 +252,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, array[0].name = h->h_name; array[count - 1].next = NULL; - *result = array; return true; }