From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS17314 8.43.84.0/22 X-Spam-Status: No, score=-3.8 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, PDS_RDNS_DYNAMIC_FP,RCVD_IN_DNSWL_MED,RDNS_DYNAMIC,SPF_HELO_PASS, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 7A17D1F8C6 for ; Wed, 28 Jul 2021 18:07:02 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id A5990399E038 for ; Wed, 28 Jul 2021 18:07:01 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A5990399E038 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1627495621; bh=swiy1ytiazkZoqyDPEM9dw7sh1m3WQ6tYjhrAwopEio=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=an77vhALPKqcpUXxcRZNc1uZCxZcI+1xGCsAmNrPzenWU4qTBkzGZHJTD6Ap3Lxdb k4pq8wXA3R/mQ+GOSpwYwxUHPZMmlkWEKr4svFDpiVu+CxJXAZwAzFDtYeMpXxobNM emetxSTP7jOjLVTbqFNQkvl2KEAHy0ZGwEVku/K4= Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by sourceware.org (Postfix) with ESMTP id B1B3B399B442 for ; Wed, 28 Jul 2021 18:06:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B1B3B399B442 Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com [209.85.219.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-179-77OyFGuxOku-uCp9-UfRqw-1; Wed, 28 Jul 2021 14:06:41 -0400 X-MC-Unique: 77OyFGuxOku-uCp9-UfRqw-1 Received: by mail-qv1-f70.google.com with SMTP id 7-20020a0562140d47b02902d89f797d08so2396269qvr.17 for ; Wed, 28 Jul 2021 11:06:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=swiy1ytiazkZoqyDPEM9dw7sh1m3WQ6tYjhrAwopEio=; b=TyJJwteIilDE5C/Wts7lmGKCFxDVyjANvOU1KQ+9oqW35GODuAbmjPMRHciIza6Rbh Dcjs1fGmev7eu0RZk8/SvDXnZwu6PHqGn5xRPT9WmUHI2KBzcBEG3OE3/tdvIEu6AUHW HvXDWnIc+/d3DGRkxRdaAX8SrIVqsoqamHA89zK08rGwVGwHM4g4rWG/MXSdhr2+f9gA d1QC/Ky7JwVGirHoz6olGEnbeDZZDhyhmdWiFKeiC0uBXYwj3ULahXBmwseLdhUJFCbh 82IWIu3FVOxN4eM6V2qrlL5JluXtK+gshQzBlkzRnc7yuXQOWOMwvt8vp+8qejjwh7ex L4sA== X-Gm-Message-State: AOAM530DdTd/tGA7DcA8UZEyoNGwmajLr/ydF3ip4J++vS4Xf1ueSe4L o0Up5Rer2fGiEHG9VftDHJiRqeL4LRRodkgnwh0bQDBhu3YPpL8JS8FcQw78Mn9t8cbXGkQoUhS pkDTCZUlbL8zXFzttfXorDKxPUAHq4vxAgMtbP9awJAno9N2XBAulw++bZQH03FUdqTB5uajp X-Received: by 2002:a05:622a:15c1:: with SMTP id d1mr743621qty.93.1627495599721; Wed, 28 Jul 2021 11:06:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy6geo7zEw7S9jenNV2A2FqK1J10RroT0ZFcoS7uisTvxZYzvq4SceO/lIwlnnHsExHnUghVw== X-Received: by 2002:a05:622a:15c1:: with SMTP id d1mr743606qty.93.1627495599506; Wed, 28 Jul 2021 11:06:39 -0700 (PDT) Received: from localhost (c-71-232-17-31.hsd1.ma.comcast.net. [71.232.17.31]) by smtp.gmail.com with ESMTPSA id u36sm247367qtc.71.2021.07.28.11.06.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Jul 2021 11:06:39 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH v1] nis: Fix leak on realloc failure in nis_getnames Date: Wed, 28 Jul 2021 14:06:37 -0400 Message-Id: <20210728180637.1363311-1-rharwood@redhat.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: References: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Robbie Harwood via Libc-alpha Reply-To: Robbie Harwood Cc: Robbie Harwood Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" If pos >= count but realloc fails, tmp will not have been placed in getnames[pos] yet, and so will not be freed in free_null. Detected by Coverity. Also remove misleading comment from nis_getnames(), since it actually did properly release getnames when out of memory. --- nis/nis_subr.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nis/nis_subr.c b/nis/nis_subr.c index dd0e30071d..6784fc353f 100644 --- a/nis/nis_subr.c +++ b/nis/nis_subr.c @@ -103,9 +103,6 @@ count_dots (const_nis_name str) return count; } -/* If we run out of memory, we don't give already allocated memory - free. The overhead for bringing getnames back in a safe state to - free it is to big. */ nis_name * nis_getnames (const_nis_name name) { @@ -271,7 +268,10 @@ nis_getnames (const_nis_name name) nis_name *newp = realloc (getnames, (count + 1) * sizeof (char *)); if (__glibc_unlikely (newp == NULL)) - goto free_null; + { + free (tmp); + goto free_null; + } getnames = newp; } getnames[pos] = tmp; -- 2.32.0