Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Jun 2016 06:40:30 +0000 (UTC)
From:      Don Lewis <truckman@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r301920 - stable/10/lib/libc/resolv
Message-ID:  <201606150640.u5F6eUaw025726@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: truckman
Date: Wed Jun 15 06:40:30 2016
New Revision: 301920
URL: https://svnweb.freebsd.org/changeset/base/301920

Log:
  MFC r301592
  
  Don't leak addrinfo if ai->ai_addrlen <= minsiz test fails.
  
  If the ai->ai_addrlen <= minsiz test fails, then freeaddrinfo()
  does not get called to free the memory just allocated by getaddrinfo().
  Fix by moving ai->ai_addrlen <= minsiz to a separate nested if
  block, and keep freeaddrinfo() in the outer block so that freeaddrinfo()
  will be called whenever getaddrinfo() succeeds.
  
  Reported by:	Coverity
  CID:		1273652
  Reviewed by:	ume
  Differential Revision:	https://reviews.freebsd.org/D6756

Modified:
  stable/10/lib/libc/resolv/res_init.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/lib/libc/resolv/res_init.c
==============================================================================
--- stable/10/lib/libc/resolv/res_init.c	Wed Jun 15 06:33:40 2016	(r301919)
+++ stable/10/lib/libc/resolv/res_init.c	Wed Jun 15 06:40:30 2016	(r301920)
@@ -412,20 +412,21 @@ __res_vinit(res_state statp, int preinit
 			hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
 			hints.ai_flags = AI_NUMERICHOST;
 			sprintf(sbuf, "%u", NAMESERVER_PORT);
-			if (getaddrinfo(cp, sbuf, &hints, &ai) == 0 &&
-			    ai->ai_addrlen <= minsiz) {
-			    if (statp->_u._ext.ext != NULL) {
-				memcpy(&statp->_u._ext.ext->nsaddrs[nserv],
-				    ai->ai_addr, ai->ai_addrlen);
+			if (getaddrinfo(cp, sbuf, &hints, &ai) == 0) {
+			    if (ai->ai_addrlen <= minsiz) {
+				if (statp->_u._ext.ext != NULL) {
+				    memcpy(&statp->_u._ext.ext->nsaddrs[nserv],
+					ai->ai_addr, ai->ai_addrlen);
+				}
+				if (ai->ai_addrlen <=
+				    sizeof(statp->nsaddr_list[nserv])) {
+				    memcpy(&statp->nsaddr_list[nserv],
+					ai->ai_addr, ai->ai_addrlen);
+				} else
+				    statp->nsaddr_list[nserv].sin_family = 0;
+				nserv++;
 			    }
-			    if (ai->ai_addrlen <=
-			        sizeof(statp->nsaddr_list[nserv])) {
-				memcpy(&statp->nsaddr_list[nserv],
-				    ai->ai_addr, ai->ai_addrlen);
-			    } else
-				statp->nsaddr_list[nserv].sin_family = 0;
 			    freeaddrinfo(ai);
-			    nserv++;
 			}
 		    }
 		    continue;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606150640.u5F6eUaw025726>