diff options
| author | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2022-03-03 23:07:42 +0530 |
|---|---|---|
| committer | Pranav Kant <prka@google.com> | 2024-02-02 00:46:11 +0000 |
| commit | 82dcfc6d7bdd5b24a42d8180d31ee403999b9215 (patch) | |
| tree | ba89f5783300549fcd107e59afaf9cb3efcea127 | |
| parent | be3c0fe888d69cdfda53a8065c5f486d01f7096e (diff) | |
| download | glibc-google/grte/v5-2.27/master.tar glibc-google/grte/v5-2.27/master.tar.gz glibc-google/grte/v5-2.27/master.tar.bz2 glibc-google/grte/v5-2.27/master.zip | |
getaddrinfo: Fix leak with AI_ALL [BZ #28852]google/grte/v5-2.27/master
Use realloc in convert_hostent_to_gaih_addrtuple and fix up pointers in
the result list so that a single block is maintained for
hostbyname3_r/hostbyname2_r and freed in gaih_inet. This result is
never merged with any other results, since the hosts database does not
permit merging.
Resolves BZ #28852.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
| -rw-r--r-- | sysdeps/posix/getaddrinfo.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c index d0429b2206..27978bc82b 100644 --- a/sysdeps/posix/getaddrinfo.c +++ b/sysdeps/posix/getaddrinfo.c @@ -186,19 +186,16 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, return 0; } -/* Convert struct hostent to a list of struct gaih_addrtuple objects. - h_name is not copied, and the struct hostent object must not be - deallocated prematurely. *RESULT must be NULL or a pointer to a - linked-list. The new addresses are appended at the end. */ +/* Convert struct hostent to a list of struct gaih_addrtuple objects. h_name + is not copied, and the struct hostent object must not be deallocated + prematurely. The new addresses are appended to the tuple array in + RESULT. */ static bool convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, struct hostent *h, struct gaih_addrtuple **result) { - while (*result) - result = &(*result)->next; - /* Count the number of addresses in h->h_addr_list. */ size_t count = 0; for (char **p = h->h_addr_list; *p != NULL; ++p) @@ -209,10 +206,30 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, if (count == 0 || h->h_length > sizeof (((struct gaih_addrtuple) {}).addr)) return true; - struct gaih_addrtuple *array = calloc (count, sizeof (*array)); + struct gaih_addrtuple *array = *result; + size_t old = 0; + + while (array != NULL) + { + old++; + array = array->next; + } + + array = realloc (*result, (old + count) * sizeof (*array)); + if (array == NULL) return false; + *result = array; + + /* Update the next pointers on reallocation. */ + for (size_t i = 0; i < old; i++) + array[i].next = array + i + 1; + + array += old; + + memset (array, 0, count * sizeof (*array)); + for (size_t i = 0; i < count; ++i) { if (family == AF_INET && req->ai_family == AF_INET6) @@ -232,7 +249,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, array[0].name = h->h_name; array[count - 1].next = NULL; - *result = array; return true; } |