Ubuntu
eglibc package

_nss_nis_gethostbyname4_r() leaks memory on parse error

Bug #855477 reported by Ralph Corderoy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eglibc (Ubuntu)
New
Undecided
Unassigned

Bug Description

eglibc-2.13, nis/nss_nis/nis-hosts.c:
    452 enum nss_status
    453 _nss_nis_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
    454 char *buffer, size_t buflen, int *errnop,
    455 int *herrnop, int32_t *ttlp)
    456 {
    ...
    473 char *result;
    474 int len;
    475 int yperr = yp_match (domain, "hosts.byname", name2, namlen, &result, &len );
    ...
    522 int parse_res = parse_line (result, &host, data, buflen, errnop, AF_UNSPEC ,
    523 0);
    524 if (__builtin_expect (parse_res < 1, 0))
    525 {
    526 if (parse_res == -1)
    527 {
    528 *herrnop = NETDB_INTERNAL;
    529 return NSS_STATUS_TRYAGAIN;
    530 }
    531 else
    532 {
    533 *herrnop = HOST_NOT_FOUND;
    534 return NSS_STATUS_NOTFOUND;
    535 }
    536 }
    ...
    553 free (result);
    554
    555 return NSS_STATUS_SUCCESS;
    556 }

#475's yp_match() malloc()s the memory for `result'. It's free()d at
#553 but not if there's a parse error from parse_line() at #522 and we
instead return early due to #529 or #534.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.