From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <carlos@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2191)
 id C83F83889C31; Mon,  2 Aug 2021 15:24:59 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C83F83889C31
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Carlos O'Donell <carlos@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc] nis: Fix leak on realloc failure in nis_getnames [BZ #28150]
X-Act-Checkin: glibc
X-Git-Author: Robbie Harwood <rharwood@redhat.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: db737c79c694d0cb65dbc40696c8765b4299310c
X-Git-Newrev: 60698263122b7c54ded3f70a466176e17a529480
Message-Id: <20210802152459.C83F83889C31@sourceware.org>
Date: Mon,  2 Aug 2021 15:24:59 +0000 (GMT)
X-BeenThere: glibc-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-cvs mailing list <glibc-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-cvs/>
List-Help: <mailto:glibc-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 15:24:59 -0000

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=60698263122b7c54ded3f70a466176e17a529480

commit 60698263122b7c54ded3f70a466176e17a529480
Author: Robbie Harwood <rharwood@redhat.com>
Date:   Wed Jul 28 14:23:32 2021 -0400

    nis: Fix leak on realloc failure in nis_getnames [BZ #28150]
    
    If pos >= count but realloc fails, tmp will not have been placed in
    getnames[pos] yet, and so will not be freed in free_null.  Detected
    by Coverity.
    
    Also remove misleading comment from nis_getnames(), since it actually
    did properly release getnames when out of memory.
    
    Tested-by: Carlos O'Donell <carlos@redhat.com>

Diff:
---
 nis/nis_subr.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/nis/nis_subr.c b/nis/nis_subr.c
index dd0e30071d..6784fc353f 100644
--- a/nis/nis_subr.c
+++ b/nis/nis_subr.c
@@ -103,9 +103,6 @@ count_dots (const_nis_name str)
   return count;
 }
 
-/* If we run out of memory, we don't give already allocated memory
-   free. The overhead for bringing getnames back in a safe state to
-   free it is to big. */
 nis_name *
 nis_getnames (const_nis_name name)
 {
@@ -271,7 +268,10 @@ nis_getnames (const_nis_name name)
 	      nis_name *newp = realloc (getnames,
 					(count + 1) * sizeof (char *));
 	      if (__glibc_unlikely (newp == NULL))
-		goto free_null;
+		{
+		  free (tmp);
+		  goto free_null;
+		}
 	      getnames = newp;
 	    }
 	  getnames[pos] = tmp;