From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=lTZV=FJ=gotplt.org=siddhesh@sourceware.org>
Received: from crocodile.elm.relay.mailchannels.net (crocodile.elm.relay.mailchannels.net [23.83.212.45])
	by sourceware.org (Postfix) with ESMTPS id AADC53858C5F
	for <libc-alpha@sourceware.org>; Mon, 25 Sep 2023 00:06:39 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AADC53858C5F
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id 79C7481B35;
	Mon, 25 Sep 2023 00:06:38 +0000 (UTC)
Received: from pdx1-sub0-mail-a279.dreamhost.com (unknown [127.0.0.6])
	(Authenticated sender: dreamhost)
	by relay.mailchannels.net (Postfix) with ESMTPA id 0D24481B5C;
	Mon, 25 Sep 2023 00:06:38 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1695600398; a=rsa-sha256;
	cv=none;
	b=CUi5VLov4faCvxkgJDKhTs6csk9hAKeTb5qHY7BgRCBPzMUhRi7liyIEqHBlXp4JksnIc3
	hp/YJpnxwAkWIwfb9htBxansFvr/tBAbKQ2yABTvspy933c4bzWtH+DiUB9QRcV1Uj6ABL
	ObGApHthiDw1mTFPA5l7E58VvYG7WnIq1hxBhiI74z7thUECAw+WRD4hXLjrPI8pvpIb0n
	C1JBByzC5p6lhAk8crzH/rkgShSp8pdgmgoPSIUTV4rnkLGhMj128VYYiUz62dSI93KAp4
	E56LtSpG1GZvLrwDEv2Flpes6ZuFLIf2VhutimOTy/TxOxzijbLGb3ZFMYoxAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net;
	s=arc-2022; t=1695600398;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=yj19o6kyB383nMgbLIJAtezSjH62+JvttHADqZMGMVg=;
	b=t/mjN+4oBuprr/pX212Rj5oFMXOVdfNqilEk5yvgk9fQGdkO2nryl6YEgmx0Iajki2Tt1w
	2yj7qZdvukayiMJzlWLmegy7aKthcHQNg6prQjrz2+/z/3o+FVJosNCEbehwWF+P7dY4SO
	GvRXamEVSTGQTNXB+9eSJNriciarigAo8ipG5zFaKWY5ap/FcnninirC4fbwTClUM4V6Uo
	v2yIil1lgjBx/kPAz9YQhhIRl97jDLb3YmitOkEasUtdZtoH332uwoRcAi/A/fPMz8XqVg
	778wXzuCDweOu7hGK3LpDGeQVIGf7BLmTdVmsHxWutMwgamrYN4JuAJpPOoUew==
ARC-Authentication-Results: i=1;
	rspamd-7d5dc8fd68-9dblm;
	auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org
X-MailChannels-Auth-Id: dreamhost
X-Spill-Minister: 30f6fe6d5bf9db2e_1695600398295_4038265395
X-MC-Loop-Signature: 1695600398295:1406579033
X-MC-Ingress-Time: 1695600398294
Received: from pdx1-sub0-mail-a279.dreamhost.com (pop.dreamhost.com
 [64.90.62.162])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
	by 100.109.140.241 (trex/6.9.1);
	Mon, 25 Sep 2023 00:06:38 +0000
Received: from [10.0.0.41] (host-92-18-245-58.as13285.net [92.18.245.58])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: siddhesh@gotplt.org)
	by pdx1-sub0-mail-a279.dreamhost.com (Postfix) with ESMTPSA id 4Rv37x1wmfzHm;
	Sun, 24 Sep 2023 17:06:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org;
	s=dreamhost; t=1695600397;
	bh=yj19o6kyB383nMgbLIJAtezSjH62+JvttHADqZMGMVg=;
	h=Date:To:Cc:From:Subject:Content-Type:Content-Transfer-Encoding;
	b=MwC6P6dmgk0bdrQ2fKqGkmkRPy9qFKu5uSLtAsJFr1P/FevOUxzSB57thA+qjgWxS
	 VaEwQQzibVvDsdLwej8ZqtznmmhVhU80lH3OxFYbCDliGoObWt+wlvtUxd61zyNYMy
	 51iKNthTLnx/oOjqdJAt2ZsYqOuLSszLtIUQB9wsE6HNZTBbncwxhzga6tuPTQQCMS
	 zmlxyUuyCUB7qJzYQCREvyi/65NNRhKgwem54SawigFsbEFsR81WuXOo65wlMjybwx
	 5WbDGrHLm6ffW6K9zqFXbviNBkkN66vTANeLGX01Djf9e0hhFI/9Y+xW2hjIONR8qy
	 4XQiHL0go90jg==
Message-ID: <8290e5f7-1bae-9a64-7d49-b58aa6a034d4@gotplt.org>
Date: Mon, 25 Sep 2023 01:06:34 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.13.0
To: Romain Geissler <romain.geissler@amadeus.com>, libc-alpha@sourceware.org
Cc: dj@redhat.com
References: <20230924234236.112-1-romain.geissler@amadeus.com>
Content-Language: en-US
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
Subject: Re: [PATCH v2] Fix leak in getaddrinfo introduced by the fix for
 CVE-2023-4806 [BZ #30843]
In-Reply-To: <20230924234236.112-1-romain.geissler@amadeus.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3038.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

On 2023-09-25 00:42, Romain Geissler wrote:
> Hi,
> 
> This is the v2 of my previously posted patch, with all the comments from
> Siddhesh taken into account.
> 
> Note that before the fix, I can see this in the mtrace log file:
> 
>   > cat output/x86_64/build/x86_64/final-system/glibc-build/nss/mtrace-tst-nss-gai-hv2-canonname.out
> 
> Memory not freed:
> -----------------
>             Address     Size     Caller
> 0x000055d96076b2a0     0x11  at 0x93e7c

Thanks, just a minor nit to fix and we can take this home:

> 
> 
> and when adding the fix, this error goes away.
> 
> Cheers,
> Romain
> 
> ---
>   nss/Makefile                    | 17 +++++++++++++++++
>   nss/tst-nss-gai-hv2-canonname.c |  3 +++
>   sysdeps/posix/getaddrinfo.c     |  4 +---
>   3 files changed, 21 insertions(+), 3 deletions(-)
> 
> diff --git a/nss/Makefile b/nss/Makefile
> index e3d21e9a899..5553a2b2a7e 100644
> --- a/nss/Makefile
> +++ b/nss/Makefile
> @@ -148,6 +148,15 @@ endif
>   extra-test-objs		+= nss_test1.os nss_test2.os nss_test_errno.os \
>   			   nss_test_gai_hv2_canonname.os
>   
> +ifeq ($(run-built-tests),yes)
> +ifneq (no,$(PERL))
> +tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out
> +endif
> +endif
> +
> +generated += mtrace-tst-nss-gai-hv2-canonname.out \
> +		tst-nss-gai-hv2-canonname.mtrace
> +
>   include ../Rules
>   
>   ifeq (yes,$(have-selinux))
> @@ -216,6 +225,14 @@ endif
>   $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so
>   $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so
>   
> +tst-nss-gai-hv2-canonname-ENV = MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \
> +		LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
> +$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: $(objpfx)tst-nss-gai-hv2-canonname.out
> +	{ test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \
> +	|| ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77; ) \
> +	&& $(common-objpfx)malloc/mtrace $(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \
> +	$(evaluate-test)

Please try and fix these to 79 chars.

> +
>   # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS
>   # functions can load testing NSS modules via DT_RPATH.
>   LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags
> diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c
> index d5f10c07d6a..84feea616be 100644
> --- a/nss/tst-nss-gai-hv2-canonname.c
> +++ b/nss/tst-nss-gai-hv2-canonname.c
> @@ -21,6 +21,7 @@
>   #include <netdb.h>
>   #include <stdlib.h>
>   #include <string.h>
> +#include <mcheck.h>
>   #include <support/check.h>
>   #include <support/xstdio.h>
>   #include "nss/tst-nss-gai-hv2-canonname.h"
> @@ -41,6 +42,8 @@ static void do_prepare (int a, char **av)
>   static int
>   do_test (void)
>   {
> +  mtrace();
> +
>     __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
>   
>     struct addrinfo hints = {};
> diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
> index b4e8ea3880a..69f38bbfb9e 100644
> --- a/sysdeps/posix/getaddrinfo.c
> +++ b/sysdeps/posix/getaddrinfo.c
> @@ -1196,9 +1196,7 @@ free_and_return:
>     if (malloc_name)
>       free ((char *) name);
>     free (addrmem);
> -  if (res.free_at)
> -    free (res.at);
> -  free (res.canon);
> +  gaih_result_reset (&res);
>   
>     return result;
>   }