This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer

From: OndÅej BÃlka <neleai at seznam dot cz>
To: Andreas Schwab <schwab at suse dot de>
Cc: libc-alpha at sourceware dot org
Date: Wed, 19 Feb 2014 13:59:46 +0100
Subject: Re: [PATCH] Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer
Authentication-results: sourceware.org; auth=none
References: <mvmeh371awf dot fsf at hawking dot suse dot de> <mvmob24frg4 dot fsf at hawking dot suse dot de>

On Tue, Feb 18, 2014 at 03:03:55PM +0100, Andreas Schwab wrote:
> > +  /* Check whether ans2p was separately allocated.  */
> > +  if (host_buffer.buf != orig_host_buffer)
> > +    anslen = MAXPACKET;
> > +  if (ans2p != NULL
> > +      && (ans2p < host_buffer.ptr || ans2p >= host_buffer.ptr + anslen))
> > +    free (ans2p);
> 
> It turned out that this condition is wrong.  send_vc/send_dg can reuse
> the original buffer for the second answer if it fits there, even when
> the first answer didn't, and this may try to free a non-heap pointer.
> So to fix it properly let send_vc/send_dg tell exactly when the buffer
> is newly allocated.
> 
Ok, this looks like best solution. Its large but relatively
straighforward patch.

References:
- [PATCH] Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer
  - From: Andreas Schwab
- Re: [PATCH] Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer
  - From: Andreas Schwab

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]