From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <siddhesh@sourceware.org>
Received: from brown.elm.relay.mailchannels.net
 (brown.elm.relay.mailchannels.net [23.83.212.23])
 by sourceware.org (Postfix) with ESMTPS id EBE393952005
 for <libc-alpha@sourceware.org>; Thu, 17 Mar 2022 08:12:08 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org EBE393952005
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from relay.mailchannels.net (localhost [127.0.0.1])
 by relay.mailchannels.net (Postfix) with ESMTP id 5A0AB2C17C0;
 Thu, 17 Mar 2022 08:12:07 +0000 (UTC)
Received: from pdx1-sub0-mail-a307.dreamhost.com (unknown [127.0.0.6])
 (Authenticated sender: dreamhost)
 by relay.mailchannels.net (Postfix) with ESMTPA id 29F262C1171;
 Thu, 17 Mar 2022 08:12:06 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1647504726; a=rsa-sha256;
 cv=none;
 b=E2lecW/5Rlx71sZi0lv0pooS+Nrpgu5Tvohhm1MiM0/qpSg2OfLqxs5oi+0KavokiRjYZs
 yPYVlhvbfVf9yV4BH/Pk4FGvREOC+eiV/Yb1R5pD6xvyB4deOuKroT0Bls4bBaqxJ1l/NW
 ZFaP58rKbNv/9DM3KGGM3wSVYEs5cbGBY2sRg150R9NBO6+xd9wOH41HIjfHz7y60Z7qKp
 CUKH3CswSOD4PmSwi7qTH6h7LnQqrzS9Txv4kl1VTKRpsnhc6qvzxtG91VT4Yd+54h36+Y
 wYKZOp1OWNGdGYUeNqtJELNFsPzd07hS2Gs/N/qXoaNOnjAmvyi7Dhm+uEfGrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net; s=arc-2022; t=1647504726;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=CnNLfgNs5YXNncSldPLE2XVcwmsWu+vrnppJCoiYHnI=;
 b=gSQa+BUfhbV9SXrchkiMdWPtItW9UMbZ7FUOxiJYNgyBX5dSo33pe4vxqrnQ549WqyyQVS
 3RicINE2yr+D5dwIqA5hOQbylRvfMvgH7uXqJnzXnmBvbly/xrKSrlY+Pv6k4Ry/aHrvQs
 j381ne1OhoE6oLoyLF+PR/wJWuVuJXOVpoMAxDZIRhBZGGIuVfTap6puz3jGaVVAAk7AWZ
 rT7wdmzT00zyygykE3bO7/4xXCYg7V20zaaut0ScGI8r7xno3EhwON56GbaxxIcSm7TfMH
 iWnhMBEMNfbYMiv1s7kbmlryLdef0SqXP+82E63m8C0XYYYjPDTXfJWZV+b9Hw==
ARC-Authentication-Results: i=1; rspamd-74bfb75fc6-5855h;
 auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from pdx1-sub0-mail-a307.dreamhost.com (pop.dreamhost.com
 [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
 by 100.120.38.157 (trex/6.5.3); Thu, 17 Mar 2022 08:12:07 +0000
X-MC-Relay: Junk
X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org
X-MailChannels-Auth-Id: dreamhost
X-Hook-Power: 51a41661259f4534_1647504726899_301947724
X-MC-Loop-Signature: 1647504726899:4271083930
X-MC-Ingress-Time: 1647504726899
Received: from rhbox.intra.reserved-bit.com (unknown [1.186.123.88])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (No client certificate requested)
 (Authenticated sender: siddhesh@gotplt.org)
 by pdx1-sub0-mail-a307.dreamhost.com (Postfix) with ESMTPSA id 4KK0H82gCSz2n; 
 Thu, 17 Mar 2022 01:12:03 -0700 (PDT)
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
To: libc-alpha@sourceware.org
Subject: [PATCH v3 03/12] getaddrinfo: Fix leak with AI_ALL [BZ #28852]
Date: Thu, 17 Mar 2022 13:41:31 +0530
Message-Id: <20220317081140.3098156-4-siddhesh@sourceware.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220317081140.3098156-1-siddhesh@sourceware.org>
References: <20220308100717.1006126-1-siddhesh@sourceware.org>
 <20220317081140.3098156-1-siddhesh@sourceware.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-3493.8 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_BL_SPAMCOP_NET,
 RCVD_IN_DNSWL_NONE, RCVD_IN_SBL, SPF_HELO_NONE, SPF_NEUTRAL, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 08:12:11 -0000

Use realloc in convert_hostent_to_gaih_addrtuple and fix up pointers in
the result list so that a single block is maintained for
hostbyname3_r/hostbyname2_r and freed in gaih_inet.  This result is
never merged with any other results, since the hosts database does not
permit merging.

Resolves BZ #28852.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
---
 sysdeps/posix/getaddrinfo.c | 34 +++++++++++++++++++++++++---------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index 0629fd147b..e9deb2da6a 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -189,19 +189,16 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
   return 0;
 }
 
-/* Convert struct hostent to a list of struct gaih_addrtuple objects.
-   h_name is not copied, and the struct hostent object must not be
-   deallocated prematurely.  *RESULT must be NULL or a pointer to a
-   linked-list.  The new addresses are appended at the end.  */
+/* Convert struct hostent to a list of struct gaih_addrtuple objects.  h_name
+   is not copied, and the struct hostent object must not be deallocated
+   prematurely.  The new addresses are appended to the tuple array in
+   RESULT.  */
 static bool
 convert_hostent_to_gaih_addrtuple (const struct addrinfo *req,
 				   int family,
 				   struct hostent *h,
 				   struct gaih_addrtuple **result)
 {
-  while (*result)
-    result = &(*result)->next;
-
   /* Count the number of addresses in h->h_addr_list.  */
   size_t count = 0;
   for (char **p = h->h_addr_list; *p != NULL; ++p)
@@ -212,10 +209,30 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req,
   if (count == 0 || h->h_length > sizeof (((struct gaih_addrtuple) {}).addr))
     return true;
 
-  struct gaih_addrtuple *array = calloc (count, sizeof (*array));
+  struct gaih_addrtuple *array = *result;
+  size_t old = 0;
+
+  while (array != NULL)
+    {
+      old++;
+      array = array->next;
+    }
+
+  array = realloc (*result, (old + count) * sizeof (*array));
+
   if (array == NULL)
     return false;
 
+  *result = array;
+
+  /* Update the next pointers on reallocation.  */
+  for (size_t i = 0; i < old; i++)
+    array[i].next = array + i + 1;
+
+  array += old;
+
+  memset (array, 0, count * sizeof (*array));
+
   for (size_t i = 0; i < count; ++i)
     {
       if (family == AF_INET && req->ai_family == AF_INET6)
@@ -235,7 +252,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req,
   array[0].name = h->h_name;
   array[count - 1].next = NULL;
 
-  *result = array;
   return true;
 }
 
-- 
2.35.1