[Bug 855477] [NEW] _nss_nis_gethostbyname4_r() leaks memory on parse error
Ralph Corderoy
ralph at inputplus.co.uk
Wed Sep 21 12:04:15 UTC 2011
Public bug reported:
eglibc-2.13, nis/nss_nis/nis-hosts.c:
452 enum nss_status
453 _nss_nis_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
454 char *buffer, size_t buflen, int *errnop,
455 int *herrnop, int32_t *ttlp)
456 {
...
473 char *result;
474 int len;
475 int yperr = yp_match (domain, "hosts.byname", name2, namlen, &result, &len );
...
522 int parse_res = parse_line (result, &host, data, buflen, errnop, AF_UNSPEC ,
523 0);
524 if (__builtin_expect (parse_res < 1, 0))
525 {
526 if (parse_res == -1)
527 {
528 *herrnop = NETDB_INTERNAL;
529 return NSS_STATUS_TRYAGAIN;
530 }
531 else
532 {
533 *herrnop = HOST_NOT_FOUND;
534 return NSS_STATUS_NOTFOUND;
535 }
536 }
...
553 free (result);
554
555 return NSS_STATUS_SUCCESS;
556 }
#475's yp_match() malloc()s the memory for `result'. It's free()d at
#553 but not if there's a parse error from parse_line() at #522 and we
instead return early due to #529 or #534.
** Affects: eglibc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/855477
Title:
_nss_nis_gethostbyname4_r() leaks memory on parse error
Status in “eglibc” package in Ubuntu:
New
Bug description:
eglibc-2.13, nis/nss_nis/nis-hosts.c:
452 enum nss_status
453 _nss_nis_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
454 char *buffer, size_t buflen, int *errnop,
455 int *herrnop, int32_t *ttlp)
456 {
...
473 char *result;
474 int len;
475 int yperr = yp_match (domain, "hosts.byname", name2, namlen, &result, &len );
...
522 int parse_res = parse_line (result, &host, data, buflen, errnop, AF_UNSPEC ,
523 0);
524 if (__builtin_expect (parse_res < 1, 0))
525 {
526 if (parse_res == -1)
527 {
528 *herrnop = NETDB_INTERNAL;
529 return NSS_STATUS_TRYAGAIN;
530 }
531 else
532 {
533 *herrnop = HOST_NOT_FOUND;
534 return NSS_STATUS_NOTFOUND;
535 }
536 }
...
553 free (result);
554
555 return NSS_STATUS_SUCCESS;
556 }
#475's yp_match() malloc()s the memory for `result'. It's free()d at
#553 but not if there's a parse error from parse_line() at #522 and we
instead return early due to #529 or #534.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/855477/+subscriptions
More information about the foundations-bugs
mailing list