_nss_nis_gethostbyname4_r() leaks memory on parse error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eglibc (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
eglibc-2.13, nis/nss_
452 enum nss_status
453 _nss_nis_
454 char *buffer, size_t buflen, int *errnop,
455 int *herrnop, int32_t *ttlp)
456 {
...
473 char *result;
474 int len;
475 int yperr = yp_match (domain, "hosts.byname", name2, namlen, &result, &len );
...
522 int parse_res = parse_line (result, &host, data, buflen, errnop, AF_UNSPEC ,
523 0);
524 if (__builtin_expect (parse_res < 1, 0))
525 {
526 if (parse_res == -1)
527 {
528 *herrnop = NETDB_INTERNAL;
529 return NSS_STATUS_
530 }
531 else
532 {
533 *herrnop = HOST_NOT_FOUND;
534 return NSS_STATUS_
535 }
536 }
...
553 free (result);
554
555 return NSS_STATUS_SUCCESS;
556 }
#475's yp_match() malloc()s the memory for `result'. It's free()d at
#553 but not if there's a parse error from parse_line() at #522 and we
instead return early due to #529 or #534.