public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nis/28150] New: nis: nis_getnames can leak on realloc failure
@ 2021-07-28 18:16 rharwood at redhat dot com
2021-07-28 18:26 ` [Bug nis/28150] " rharwood at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: rharwood at redhat dot com @ 2021-07-28 18:16 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28150
Bug ID: 28150
Summary: nis: nis_getnames can leak on realloc failure
Product: glibc
Version: unspecified
Status: NEW
Severity: minor
Priority: P2
Component: nis
Assignee: unassigned at sourceware dot org
Reporter: rharwood at redhat dot com
CC: kukuk at suse dot de
Target Milestone: ---
If realloc fails when size >= pos, tmp has not been placed in getnames and so
will not be released. Since this requires an allocation failure, it's unlikely
to matter in practice.
Reported by Coverity while inspecting libnsl, the full trace is:
libnsl-1.3.0/src/nisplus/nis_subr.c:243: alloc_fn: Storage is returned from
allocation function "malloc".
libnsl-1.3.0/src/nisplus/nis_subr.c:243: var_assign: Assigning: "tmp" = storage
returned from "malloc(cplen + local_domain_len + name_len + 2UL)".
libnsl-1.3.0/src/nisplus/nis_subr.c:247: identity_transfer: Passing "tmp" as
argument 1 to function "stpcpy", which returns an offset off that argument.
[Note: The source code implementation of the function has been overridden by a
builtin model.]
libnsl-1.3.0/src/nisplus/nis_subr.c:247: noescape: Resource "tmp" is not freed
or pointed-to in "stpcpy". [Note: The source code implementation of the
function has been overridden by a builtin model.]
libnsl-1.3.0/src/nisplus/nis_subr.c:247: var_assign: Assigning: "p" = storage
returned from "stpcpy(tmp, name)".
libnsl-1.3.0/src/nisplus/nis_subr.c:249: identity_transfer: Passing "p" as
argument 1 to function "mempcpy", which returns an offset off that argument.
[Note: The source code implementation of the function has been overridden by a
builtin model.]
libnsl-1.3.0/src/nisplus/nis_subr.c:249: noescape: Resource "p" is not freed or
pointed-to in "mempcpy". [Note: The source code implementation of the function
has been overridden by a builtin model.]
libnsl-1.3.0/src/nisplus/nis_subr.c:249: var_assign: Assigning: "p" = storage
returned from "mempcpy(p, cp, cplen)".
libnsl-1.3.0/src/nisplus/nis_subr.c:253: noescape: Resource "p" is not freed or
pointed-to in "stpcpy". [Note: The source code implementation of the function
has been overridden by a builtin model.]
libnsl-1.3.0/src/nisplus/nis_subr.c:254: leaked_storage: Variable "p" going out
of scope leaks the storage it points to.
libnsl-1.3.0/src/nisplus/nis_subr.c:277: leaked_storage: Variable "tmp" going
out of scope leaks the storage it points to.
# 275| (count + 1) * sizeof (char *));
# 276| if (newp == NULL)
# 277|-> goto free_null;
# 278| getnames = newp;
# 279| }
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug nis/28150] nis: nis_getnames can leak on realloc failure
2021-07-28 18:16 [Bug nis/28150] New: nis: nis_getnames can leak on realloc failure rharwood at redhat dot com
@ 2021-07-28 18:26 ` rharwood at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: rharwood at redhat dot com @ 2021-07-28 18:26 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28150
--- Comment #1 from Robbie Harwood <rharwood at redhat dot com> ---
(My proposed fix for this is
https://sourceware.org/pipermail/libc-alpha/2021-July/129573.html )
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-07-28 18:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-28 18:16 [Bug nis/28150] New: nis: nis_getnames can leak on realloc failure rharwood at redhat dot com
2021-07-28 18:26 ` [Bug nis/28150] " rharwood at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).