>Number:         35131
>Category:       bin
>Synopsis:       talkd leaks the list of utmp entries
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Nov 26 19:30:01 +0000 2006
>Originator:     David A. Holland <dholland@eecs.harvard.edu>
>Release:        NetBSD 4.99.3 (-20061010, also in -20061125)
>Organization:
   Harvard EECS
>Environment:
System: NetBSD tanaqui 4.99.3 NetBSD 4.99.3 (TANAQUI) #6: Tue Oct 10 19:32:37 EDT 2006 dholland@tanaqui:/usr/src/sys/arch/i386/compile/TANAQUI i386
Architecture: i386
Machine: i386
>Description:

talkd uses usr.bin/who's utmp reading code (utmpentry.c), which
maintains a list of info from utmp/utmpx entries.

When the data is reloaded (if utmp or utmpx has been changed), the
code drops the old list on the floor. There's a freeutentries(), with
external linkage, but it's never called, either internally or from
talkd.

This is not a big deal because talkd is not a long-running process.
(It could be on a large shellserver with many users, if there were a
lot of talk traffic, but such machines are rare and talk is no longer
widely used.)

>How-To-Repeat:
	-
>Fix:

Call freeutentries when reloading.

If the caller of getutentries is supposed to call freeutentries on the
results, as appears to be the case, do so in talkd, and add the
necessary refcounting internally.

If not, check other callers to make sure they don't retain pointers to
the information past another call to getutentries, and make
freeutentries file-static to avoid accidents.

Or whatever...

(It also might be a good idea to document the intended model in
utmpentry.h.)