From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 7944) id C40673858D33; Fri, 2 Feb 2024 01:29:26 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C40673858D33 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1706837366; bh=rdA/MQWGsBCUea6vp6YHO2Gd+fzSgilIWtF7yJhbXWc=; h=From:To:Subject:Date:From; b=ZLcAWCwxpknrMX/PLhEgo6F3MM+lmBrwQfyUp+yNYeJeQkOSW7hhCz0KYQKEcgemW jLmFPdDx9jszzwgyxBJyWaLojo6GaGttY+WLL4p4oNFqDU53FbqDDC3hGWVb6xf5nS HZXRqbCbcEpNRXvY/pDI2+VQ9xosESM1XcHvDqxY= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Pranav Kant To: glibc-cvs@sourceware.org Subject: [glibc/google/grte/v5-2.27/master] getaddrinfo: Fix leak with AI_ALL [BZ #28852] X-Act-Checkin: glibc X-Git-Author: Siddhesh Poyarekar X-Git-Refname: refs/heads/google/grte/v5-2.27/master X-Git-Oldrev: be3c0fe888d69cdfda53a8065c5f486d01f7096e X-Git-Newrev: 82dcfc6d7bdd5b24a42d8180d31ee403999b9215 Message-Id: <20240202012926.C40673858D33@sourceware.org> Date: Fri, 2 Feb 2024 01:29:26 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=82dcfc6d7bdd5b24a42d8180d31ee403999b9215 commit 82dcfc6d7bdd5b24a42d8180d31ee403999b9215 Author: Siddhesh Poyarekar Date: Thu Mar 3 23:07:42 2022 +0530 getaddrinfo: Fix leak with AI_ALL [BZ #28852] Use realloc in convert_hostent_to_gaih_addrtuple and fix up pointers in the result list so that a single block is maintained for hostbyname3_r/hostbyname2_r and freed in gaih_inet. This result is never merged with any other results, since the hosts database does not permit merging. Resolves BZ #28852. Signed-off-by: Siddhesh Poyarekar Reviewed-by: DJ Delorie Diff: --- sysdeps/posix/getaddrinfo.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c index d0429b2206..27978bc82b 100644 --- a/sysdeps/posix/getaddrinfo.c +++ b/sysdeps/posix/getaddrinfo.c @@ -186,19 +186,16 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, return 0; } -/* Convert struct hostent to a list of struct gaih_addrtuple objects. - h_name is not copied, and the struct hostent object must not be - deallocated prematurely. *RESULT must be NULL or a pointer to a - linked-list. The new addresses are appended at the end. */ +/* Convert struct hostent to a list of struct gaih_addrtuple objects. h_name + is not copied, and the struct hostent object must not be deallocated + prematurely. The new addresses are appended to the tuple array in + RESULT. */ static bool convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, struct hostent *h, struct gaih_addrtuple **result) { - while (*result) - result = &(*result)->next; - /* Count the number of addresses in h->h_addr_list. */ size_t count = 0; for (char **p = h->h_addr_list; *p != NULL; ++p) @@ -209,10 +206,30 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, if (count == 0 || h->h_length > sizeof (((struct gaih_addrtuple) {}).addr)) return true; - struct gaih_addrtuple *array = calloc (count, sizeof (*array)); + struct gaih_addrtuple *array = *result; + size_t old = 0; + + while (array != NULL) + { + old++; + array = array->next; + } + + array = realloc (*result, (old + count) * sizeof (*array)); + if (array == NULL) return false; + *result = array; + + /* Update the next pointers on reallocation. */ + for (size_t i = 0; i < old; i++) + array[i].next = array + i + 1; + + array += old; + + memset (array, 0, count * sizeof (*array)); + for (size_t i = 0; i < count; ++i) { if (family == AF_INET && req->ai_family == AF_INET6) @@ -232,7 +249,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, array[0].name = h->h_name; array[count - 1].next = NULL; - *result = array; return true; }