From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <carlos@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by sourceware.org (Postfix) with ESMTP id 31BFB388981C
 for <libc-alpha@sourceware.org>; Mon,  2 Aug 2021 15:24:48 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 31BFB388981C
Received: from mail-qt1-f200.google.com (mail-qt1-f200.google.com
 [209.85.160.200]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-310-tVd7J9AvOYCBxD_jYZBaBQ-1; Mon, 02 Aug 2021 11:24:46 -0400
X-MC-Unique: tVd7J9AvOYCBxD_jYZBaBQ-1
Received: by mail-qt1-f200.google.com with SMTP id
 l24-20020ac872580000b029024e988e8277so9909441qtp.23
 for <libc-alpha@sourceware.org>; Mon, 02 Aug 2021 08:24:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:references:from:organization
 :message-id:date:user-agent:mime-version:in-reply-to
 :content-language:content-transfer-encoding;
 bh=qZ796sdec8pZjESQuhSzTYFyABKAmUB6blJjZLpK5eo=;
 b=bRBVOLF2JWt6LowLxsG4pjQGXT0T8EG1TrV7AjE3x2XGrQcJ1ZlopdxTjtDQT8Xlji
 VDnmdYqh4lQHjwD0QDLoNoT7g4CbEzrLeVaOWo1JZ5I4mbFgoBnTx0uggpJZ/U61JGme
 D/FcoTSBZs2HQhg9AIslblUcrpqMo5T1Aqp0jtp4JREiDPUJRD1gK46PCggdJ6+5l/R4
 IOeATckHxWgddE5KH8lN89bomHyLZ0OWZQAy8fS/D87wfaJbTBJBhR8OW0aV3o9Qgabh
 9rwoPYOhC4a5wfbPR6FQaIozTgTPmlIQFyUNSy3LKE0mS0m9wZJLDil8x/wImQQOe/e8
 46mw==
X-Gm-Message-State: AOAM532Bsbnwzt1uG4het9/tLHn9MGBWBvsbkkoJSO2lVTIuT/3Ce+7y
 kbf7yYHOwKKUIaedprDRr0ku+xQZvg/nK97UFWrtsFxJmBqTwSc4/rF4rStOLLUrdbjs7zjw6Xy
 iz8hlwVCFZGpFJQfJqZbC
X-Received: by 2002:ac8:5ac7:: with SMTP id d7mr14542535qtd.240.1627917886428; 
 Mon, 02 Aug 2021 08:24:46 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxedVu68ux9ao9CkBggzhokjIiv1KsHKmguh8CHck37CEb9+1VRbfiH332RclAy8+81ZOAnrQ==
X-Received: by 2002:ac8:5ac7:: with SMTP id d7mr14542504qtd.240.1627917885859; 
 Mon, 02 Aug 2021 08:24:45 -0700 (PDT)
Received: from [192.168.1.16] (198-84-214-74.cpe.teksavvy.com. [198.84.214.74])
 by smtp.gmail.com with ESMTPSA id b3sm4758155qto.49.2021.08.02.08.24.45
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Mon, 02 Aug 2021 08:24:45 -0700 (PDT)
Subject: Re: [PATCH v2 1/1] nis: Fix leak on realloc failure in nis_getnames
 [BZ #28150]
To: Robbie Harwood <rharwood@redhat.com>, libc-alpha@sourceware.org,
 fweimer@redhat.com
References: <87k0la71tp.fsf@oldenburg.str.redhat.com>
 <20210728182331.1363922-1-rharwood@redhat.com>
From: Carlos O'Donell <carlos@redhat.com>
Organization: Red Hat
Message-ID: <a9965b8b-116d-205d-bd55-5d728009b2a2@redhat.com>
Date: Mon, 2 Aug 2021 11:24:44 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <20210728182331.1363922-1-rharwood@redhat.com>
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-12.2 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 NICE_REPLY_A, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,
 SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 15:24:49 -0000

On 7/28/21 2:23 PM, Robbie Harwood via Libc-alpha wrote:
> If pos >= count but realloc fails, tmp will not have been placed in
> getnames[pos] yet, and so will not be freed in free_null.  Detected
> by Coverity.
> 
> Also remove misleading comment from nis_getnames(), since it actually
> did properly release getnames when out of memory.

The CI/CD patchwork trybot didn't trigger for this patch and I need
to review that with DJ.

I tested on x86_64 and i686 without regression. Florian reviewed.
I'm pushing this fix.

Tested-by: Carlos O'Donell <carlos@redhat.com>

> ---
>  nis/nis_subr.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/nis/nis_subr.c b/nis/nis_subr.c
> index dd0e30071d..6784fc353f 100644
> --- a/nis/nis_subr.c
> +++ b/nis/nis_subr.c
> @@ -103,9 +103,6 @@ count_dots (const_nis_name str)
>    return count;
>  }
>  
> -/* If we run out of memory, we don't give already allocated memory
> -   free. The overhead for bringing getnames back in a safe state to
> -   free it is to big. */
>  nis_name *
>  nis_getnames (const_nis_name name)
>  {
> @@ -271,7 +268,10 @@ nis_getnames (const_nis_name name)
>  	      nis_name *newp = realloc (getnames,
>  					(count + 1) * sizeof (char *));
>  	      if (__glibc_unlikely (newp == NULL))
> -		goto free_null;
> +		{
> +		  free (tmp);
> +		  goto free_null;
> +		}
>  	      getnames = newp;
>  	    }
>  	  getnames[pos] = tmp;
> 


-- 
Cheers,
Carlos.