public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nis/10713] New: NIS endgrent() memory leak
@ 2009-10-01 0:04 jlanders at vmware dot com
2009-10-01 0:05 ` [Bug nis/10713] " jlanders at vmware dot com
2009-10-29 23:22 ` drepper at redhat dot com
0 siblings, 2 replies; 4+ messages in thread
From: jlanders at vmware dot com @ 2009-10-01 0:04 UTC (permalink / raw)
To: glibc-bugs
Similar to bug 10203 (http://sources.redhat.com/bugzilla/show_bug.cgi?id=10203).
When the name server switch gets configured for NIS:
group: nis files
and the group map is larger than MINSIZE, _nis_saveit in
nis/nss_nis/nis-pwd.c allocates linked blocks with intern.start pointing at the
first block. internal_nis_setgrent() initially sets intern.next to intern.start.
Currently, internal_nis_endgrent() uses intern.next as the starting block to
iterate over the chain when free'ing blocks.
When getgrent() gets called, however, intern.next can be reset to another block
in the chain. As a result, the following program will cause allocated blocks to
be never be free'd since in this case intern.next points at the last block and
the "next" pointer on this block is set to NULL.
#include <sys/types.h>
#include <grp.h>
#include <stdio.h>
main(){
struct group *gp;
while( gp = getgrent()){
printf("%s %d\n", gp->gr_name, gp->gr_gid);
}
endgrent();
}
After internal_nis_endgrent(), sets intern.next and intern.start to NULL, the
other allocated blocks on the chain are irretrievably lost. This issue exists in
other releases prior to glibc-2.10, including glibc-2.5 on RHEL 5.3.
The easiest fix is to make internal_nis_endgrent() use intern.start directly
instead of intern.next.
diff -urNp a/nis/nss_nis/nis-grp.c b/nis/nss_nis/nis-grp.c
--- a/nis/nss_nis/nis-grp.c 2009-09-30 16:58:01.000000000 -0700
+++ b/nis/nss_nis/nis-grp.c 2009-09-30 16:59:21.000000000 -0700
@@ -55,7 +55,7 @@ internal_nis_endgrent (void)
oldkeylen = 0;
}
- struct response_t *curr = intern.next;
+ struct response_t *curr = intern.start;
while (curr != NULL)
{
Thanks,
Joe
--
Summary: NIS endgrent() memory leak
Product: glibc
Version: 2.10
Status: NEW
Severity: normal
Priority: P2
Component: nis
AssignedTo: kukuk at suse dot de
ReportedBy: jlanders at vmware dot com
CC: glibc-bugs at sources dot redhat dot com
GCC build triplet: x86_64-linuxnptl
GCC host triplet: x86_64-linuxnptl
GCC target triplet: x86_64-linuxnptl
http://sourceware.org/bugzilla/show_bug.cgi?id=10713
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug nis/10713] NIS endgrent() memory leak
2009-10-01 0:04 [Bug nis/10713] New: NIS endgrent() memory leak jlanders at vmware dot com
@ 2009-10-01 0:05 ` jlanders at vmware dot com
2009-10-29 23:22 ` drepper at redhat dot com
1 sibling, 0 replies; 4+ messages in thread
From: jlanders at vmware dot com @ 2009-10-01 0:05 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From jlanders at vmware dot com 2009-10-01 00:05 -------
Created an attachment (id=4238)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=4238&action=view)
Proposed patch
Attach proposed patch.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=10713
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug nis/10713] NIS endgrent() memory leak
2009-10-01 0:04 [Bug nis/10713] New: NIS endgrent() memory leak jlanders at vmware dot com
2009-10-01 0:05 ` [Bug nis/10713] " jlanders at vmware dot com
@ 2009-10-29 23:22 ` drepper at redhat dot com
1 sibling, 0 replies; 4+ messages in thread
From: drepper at redhat dot com @ 2009-10-29 23:22 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2009-10-29 23:22 -------
I applied the patch.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=10713
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug nis/10713] NIS endgrent() memory leak
[not found] <bug-10713-131@http.sourceware.org/bugzilla/>
@ 2014-07-01 6:44 ` fweimer at redhat dot com
0 siblings, 0 replies; 4+ messages in thread
From: fweimer at redhat dot com @ 2014-07-01 6:44 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=10713
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-07-01 6:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-10-01 0:04 [Bug nis/10713] New: NIS endgrent() memory leak jlanders at vmware dot com
2009-10-01 0:05 ` [Bug nis/10713] " jlanders at vmware dot com
2009-10-29 23:22 ` drepper at redhat dot com
[not found] <bug-10713-131@http.sourceware.org/bugzilla/>
2014-07-01 6:44 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).