From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2070.outbound.protection.outlook.com [40.107.22.70]) by sourceware.org (Postfix) with ESMTPS id 1D65F3858C66 for ; Mon, 25 Sep 2023 00:18:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 1D65F3858C66 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=amadeus.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=amadeus.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cQCeix4zZZ85wF3rOE1uR6SNfBmNgdMTSP7Fg1pr/jxBloSaXVFrJKGcd4XwMw9WL72Vb1mjheaG0r/90xRl/HStNKX8qKHak7FTqhNqrreX82JMCKfiDScrCUU2szg4x8ABbjlBr8v+xYN1kLdV/CZtIRBVCSAy5YSjXiIeGKD8LtG+fZ8ezZ9X0kEH1Fjb5594RWGsNPjYaR4r4NnesrE+8omsWnBt46lv2g2NWdKInI8l+EQZqPB2Wf6fKmAmJ7tCymoU2MKznfe3Hg+0FnsMiRG6YJtUA2Rf8ezyfoWmxLqJmWdSKKKOkGBdWkYgyAQu24t8+uSzFuKd+j/BPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Nvf+9b/zW063nn7Pii6c8LN4TMdf5BMPdqMyOjg2Sdc=; b=Qg95/zzl8muVtf/YspqFzLy8gynGxpZggnTgYmn1BVgDA1pJHf0Zp8fby8BWazuQJS121zWioTa4zuasBU1/6eOaTNmB8uNzj4qPaOwqLxYeOYh9Fxoxn7YdIYjcuzG/1MMKkfdaRFgt6RFyFzNd1gxNcmbp9bIUE4zq7/uG+xNww/leoPpTMQFKsrf1N2Bhls5wH8HvyMvS1VkaPWVmICRlhsFP1Z7kRnf5Wg7rqI6dweOsKDyqJn7uHjGgRtJ+SU2jEflN+glUge7WH4jbKXdsY0DTAyjp61vCFM/qzozhNWJC3nxklmk5ziq8ysdug4kVUJYadC68fnbxJBeCeQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 171.17.131.35) smtp.rcpttodomain=sourceware.org smtp.mailfrom=amadeus.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=amadeus.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amadeus.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Nvf+9b/zW063nn7Pii6c8LN4TMdf5BMPdqMyOjg2Sdc=; b=Dm74Y1gajWKau7nrZPOEHUXnjZmk8HCbe4jJMTI89sbLNBQiZ9ZsW2wLbpDrteDy1QQt3u8Q8wERf08eOPZrXRKP5B4vVIHmwmOnVROyXAbEdCszHyD/UNll0VE545GBd93bJP89CEmWnJJeSgQ8EOYyb2l32vfSAGH0sfgPjxTAlci2mdyR3FvNIad3n4ZKFVbIby8JGIJ3xSNHLKNLoJdAvyUEq5xIaBN+Gg6dSYMG2wpSP91LtRhalAInmJNbgsLwUySKXTMW2T6MT3wIH7gNQ9Se/itOUl7faRZ0kOAOel9NW+xakQFyxob87f7x3F/8wyR8xVCFc5WJWBqJrA== Received: from AS9PR05CA0256.eurprd05.prod.outlook.com (2603:10a6:20b:493::23) by DU0PR10MB5147.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:343::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.28; Mon, 25 Sep 2023 00:18:43 +0000 Received: from AM4PEPF00027A5D.eurprd04.prod.outlook.com (2603:10a6:20b:493:cafe::5e) by AS9PR05CA0256.outlook.office365.com (2603:10a6:20b:493::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.35 via Frontend Transport; Mon, 25 Sep 2023 00:18:43 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 171.17.131.35) smtp.mailfrom=amadeus.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amadeus.com; Received-SPF: Pass (protection.outlook.com: domain of amadeus.com designates 171.17.131.35 as permitted sender) receiver=protection.outlook.com; client-ip=171.17.131.35; helo=smtpexch.amadeus.com; pr=C Received: from smtpexch.amadeus.com (171.17.131.35) by AM4PEPF00027A5D.mail.protection.outlook.com (10.167.16.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.14 via Frontend Transport; Mon, 25 Sep 2023 00:18:42 +0000 Received: from MUCEX20MBX001.iis.amadeus.net (172.19.131.74) by smtpexch.amadeus.com (172.19.134.54) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.25; Mon, 25 Sep 2023 00:17:37 +0000 Received: from 32e4c7540b22.rnd.amadeus.net (10.64.176.26) by MUCEX20MBX001.iis.amadeus.net (172.19.131.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.25; Mon, 25 Sep 2023 00:18:41 +0000 From: Romain Geissler To: CC: , Subject: [PATCH v3] Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843] Date: Mon, 25 Sep 2023 00:18:29 +0000 Message-ID: <20230925001829.63-1-romain.geissler@amadeus.com> X-Mailer: git-send-email 2.39.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: MUCEXHYBP01.iis.amadeus.net (172.19.131.107) To MUCEX20MBX001.iis.amadeus.net (172.19.131.74) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM4PEPF00027A5D:EE_|DU0PR10MB5147:EE_ X-MS-Office365-Filtering-Correlation-Id: ea322260-8c7f-40b1-945c-08dbbd5cf9aa X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Zmw6WWCQC5bQH1xLdV8KWjgSwqKtoHcmtwHsPaIR8N4MCsZPSrjC2iu138+m8JA9HO3qMmVnhCnLimaCTEsvTP/IHTcoO5dVjQPLwjvEORi+cyHdd4ZdjouSDaso+l6zfYqenGr1TP9GgSjDAPevTJwdaDxWJvmHjdmPgbGLAs0k4YSWMEuFaXEL74dbpOIRllg2x1Z3P4uw518HhZQwuNWFnofmWKout9b0HbC/D3Ys5taqYLH0z3/bJdyh1zkS9E/dz06gM6tFFbUWbjH879Zzf4o53DIQLtXjiiUk3nB210vtwjSos3I87kWPluBjeZ2RYkGkDEMxMXFRBraLH3BYlwdIgkPvspmuyEw14PWNaJT2jWEpH6YYPVr0aTE+aZ9CK2mOACpxhgmsIGVmybfVTN6HG2F4muOiYoJG207m9wLJKue2OBPTy24u8U29H/uoXvpgY/o0yrSERHEaoYsbfO3/7k42kqIpUw8UQL+S+59xXATyV/Bf9XPhDaiX8BtDXRttSVdNLQg85DiUpj+3qr70b8UWFftL/OvsedP8Tm2lUWQlsalW4xb82+Ez8YdDrkxp8Dn3zvjAiSjQmhvugHkrfqpL60ftKDe0myKvQWcndeEavCUKNXbN2kCHx4M7UBK4yr//geVk/5mXguwXsNzrVkHT/CucNnzOafculsYY9dGN61RGJ34a+3DiIhA3MHdgmf8rAOzzBZOcJabFvPouPGb5w6QUk8qSX4FwjfaCJShqP3biEMz5BpqCy5G1QBeRIck9YJse0+DMYg== X-Forefront-Antispam-Report: CIP:171.17.131.35;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:smtpexch.amadeus.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(136003)(396003)(346002)(376002)(39860400002)(230922051799003)(1800799009)(82310400011)(186009)(451199024)(46966006)(36840700001)(40470700004)(6666004)(40460700003)(478600001)(107886003)(2616005)(26005)(1076003)(83380400001)(336012)(36756003)(86362001)(82740400003)(82960400001)(81166007)(356005)(47076005)(36860700001)(5660300002)(40480700001)(4326008)(2906002)(8676002)(8936002)(41300700001)(54906003)(316002)(6916009)(70206006)(70586007)(44832011)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amadeus.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Sep 2023 00:18:42.5622 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ea322260-8c7f-40b1-945c-08dbbd5cf9aa X-MS-Exchange-CrossTenant-Id: b3f4f7c2-72ce-4192-aba4-d6c7719b5766 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b3f4f7c2-72ce-4192-aba4-d6c7719b5766;Ip=[171.17.131.35];Helo=[smtpexch.amadeus.com] X-MS-Exchange-CrossTenant-AuthSource: AM4PEPF00027A5D.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5147 X-Spam-Status: No, score=-10.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Changes since v2: - Format Makefile so that lines do not exceed 79 chars. - Add a space " " between "mtrace" and "()" in the test, as it seems it's the coding style used elsewhere in glibc. Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ#30843] --- nss/Makefile | 20 ++++++++++++++++++++ nss/tst-nss-gai-hv2-canonname.c | 3 +++ sysdeps/posix/getaddrinfo.c | 4 +--- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/nss/Makefile b/nss/Makefile index e3d21e9a899..6ef5bf23b30 100644 --- a/nss/Makefile +++ b/nss/Makefile @@ -148,6 +148,15 @@ endif extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \ nss_test_gai_hv2_canonname.os +ifeq ($(run-built-tests),yes) +ifneq (no,$(PERL)) +tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out +endif +endif + +generated += mtrace-tst-nss-gai-hv2-canonname.out \ + tst-nss-gai-hv2-canonname.mtrace + include ../Rules ifeq (yes,$(have-selinux)) @@ -216,6 +225,17 @@ endif $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so +tst-nss-gai-hv2-canonname-ENV = \ + MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \ + LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so +$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \ + $(objpfx)tst-nss-gai-hv2-canonname.out + { test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \ + || ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77; ) \ + && $(common-objpfx)malloc/mtrace \ + $(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \ + $(evaluate-test) + # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS # functions can load testing NSS modules via DT_RPATH. LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c index d5f10c07d6a..7db53cf09da 100644 --- a/nss/tst-nss-gai-hv2-canonname.c +++ b/nss/tst-nss-gai-hv2-canonname.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include "nss/tst-nss-gai-hv2-canonname.h" @@ -41,6 +42,8 @@ static void do_prepare (int a, char **av) static int do_test (void) { + mtrace (); + __nss_configure_lookup ("hosts", "test_gai_hv2_canonname"); struct addrinfo hints = {}; diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c index b4e8ea3880a..69f38bbfb9e 100644 --- a/sysdeps/posix/getaddrinfo.c +++ b/sysdeps/posix/getaddrinfo.c @@ -1196,9 +1196,7 @@ free_and_return: if (malloc_name) free ((char *) name); free (addrmem); - if (res.free_at) - free (res.at); - free (res.canon); + gaih_result_reset (&res); return result; } -- 2.39.3