bin/53365: Potential memory leak in route6d

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/53365: Potential memory leak in route6d
From: thomas.barabosch%fkie.fraunhofer.de@localhost
Date: Thu, 14 Jun 2018 15:15:00 +0000 (UTC)

>Number:         53365
>Category:       bin
>Synopsis:       Potential memory leak in route6d
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 14 15:15:00 +0000 2018
>Originator:     Thomas Barabosch
>Release:        7.1.2
>Organization:
Fraunhofer FKIE
>Environment:
>Description:
While looking at OpenBSD's code of usr.sbin/route6d/route6d.c I found that they are not using getaddrinfo according to the manual, since they do not free with freeaddrinfo. This leads to a potential memory leak.

I had a look at the other BSDs (FreeBSD and NetBSD). It seems to be fixed in FreeBSD, however it is not fixed in NetBSD. For more info also see https://marc.info/?l=openbsd-bugs&m=152898636019957&w=2

Furthermore, I've attached a patch.
>How-To-Repeat:

>Fix:
--- usr.sbin/route6d/route6d.c	2018-06-13 11:00:35.695879411 +0200
+++ usr.sbin/route6d/route6d.c.patched	2018-06-14 17:12:11.457373471 +0200
@@ -594,6 +594,7 @@
 		fatal("rip IPV6_RECVPKTINFO");
 	}
 
+	freeaddrinfo(res);
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = PF_INET6;
 	hints.ai_socktype = SOCK_DGRAM;
@@ -605,6 +606,7 @@
 		fatal("%s resolved to multiple address", RIP6_DEST);
 	}
 	memcpy(&ripsin, res->ai_addr, res->ai_addrlen);
+	freeaddrinfo(res);
 
 	set[0].fd = ripsock;
 	set[0].events = POLLIN;

Prev by Date: PR/52966 CVS commit: src/sys/arch
Next by Date: PR/53365 CVS commit: src/usr.sbin/route6d
Previous by Thread: PR/52966 CVS commit: src/sys/arch
Next by Thread: PR/53365 CVS commit: src/usr.sbin/route6d
Indexes:

Home | Main Index | Thread Index | Old Index