From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <siddhesh@sourceware.org>
Received: from shrimp.cherry.relay.mailchannels.net (shrimp.cherry.relay.mailchannels.net [23.83.223.164])
	by sourceware.org (Postfix) with ESMTPS id B8A76385CCA4
	for <libc-stable@sourceware.org>; Tue, 26 Sep 2023 22:54:59 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B8A76385CCA4
Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=sourceware.org
Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=sourceware.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id F4026901C9E;
	Tue, 26 Sep 2023 22:54:57 +0000 (UTC)
Received: from pdx1-sub0-mail-a267.dreamhost.com (unknown [127.0.0.6])
	(Authenticated sender: dreamhost)
	by relay.mailchannels.net (Postfix) with ESMTPA id 8CF7E901C57;
	Tue, 26 Sep 2023 22:54:57 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1695768897; a=rsa-sha256;
	cv=none;
	b=QxPo1ICbAtVAXOwmAz5eQm0DNJejYLVWfrNrewUCFwJ+4B7OPlst3Mm2BdhHPkIRwrjuKh
	tRfpSb762ADyyuOoZYvDALeL2caA3LiKE5l2X4BKVuh0dVtYTn/OPGhD27rrK4JZ4G4ZUY
	J6G7E8pmg3L+sdzmUSPQ0rH/KrkVATMV45/3xZB4QffplSc7YaopyG8MaDQhsO3DhELSm2
	/ThpIzd0r/Wf2cXLrcuBlBttYoXXvVlU7dOWq+jXz+8TlF1lVF2HPnh43QDIU9DgsRp/Hh
	kGxnMI6HRlOmBI+3MQKiUJKWbM+G2rUubkPDwi24hOQKBh0S4rg3MIO6RkUSHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net;
	s=arc-2022; t=1695768897;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=0UnzmJMUMxDkdgzSGuRGp9Z2B+1EMFBxCi4FLrU/Phw=;
	b=ktxVJ9aUuiNTAEvIBDApvn+UViOzoxWaYTcVNQY2Gt7mYnz8aSL25ewtg4FINugvXddgXv
	YfIeh8bfjDAEp24ggupZLOlgJ9KfsqMQqDhFSWwFtk+flShnEXUjftJb0+SFlK/MsCSr+a
	8fb1pvVwx3X2BwMBT80JP0bkgXii6tVQvQGhv6/3k6u4J/dThoOQogrdfj5b2/NVY48gXe
	C2nc0r73WkvGD5kI9M6busnjxranLUZGmcF8W9z0zzP7EAY5lSaYrnuNbVWph9BtFuh/yd
	jVGVO5kP1Fa8ICC1dKnBHUQ6brVu1ODjLqdI358EmYFVBI7N1wBbIDcF/B2OGg==
ARC-Authentication-Results: i=1;
	rspamd-7d5dc8fd68-jspzd;
	auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
X-MC-Relay: Neutral
X-MC-Copy: stored-urls
X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org
X-MailChannels-Auth-Id: dreamhost
X-Army-Desert: 20d9acf500b1c528_1695768897808_394955502
X-MC-Loop-Signature: 1695768897808:2336407381
X-MC-Ingress-Time: 1695768897808
Received: from pdx1-sub0-mail-a267.dreamhost.com (pop.dreamhost.com
 [64.90.62.162])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
	by 100.124.45.11 (trex/6.9.1);
	Tue, 26 Sep 2023 22:54:57 +0000
Received: from fedora.redhat.com (bras-vprn-toroon4834w-lp130-02-142-113-138-41.dsl.bell.ca [142.113.138.41])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: siddhesh@gotplt.org)
	by pdx1-sub0-mail-a267.dreamhost.com (Postfix) with ESMTPSA id 4RwFSK0kpkz4d;
	Tue, 26 Sep 2023 15:54:57 -0700 (PDT)
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
To: libc-stable@sourceware.org
Cc: Romain Geissler <romain.geissler@amadeus.com>
Subject: [committed 2.37 1/2] Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
Date: Tue, 26 Sep 2023 18:54:26 -0400
Message-ID: <20230926225432.3304726-5-siddhesh@sourceware.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230926225432.3304726-1-siddhesh@sourceware.org>
References: <20230926225432.3304726-1-siddhesh@sourceware.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1172.4 required=5.0 tests=BAYES_00,GIT_PATCH_0,KAM_DMARC_NONE,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_SOFTFAIL,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-stable.sourceware.org>

From: Romain Geissler <romain.geissler@amadeus.com>

This patch fixes a very recently added leak in getaddrinfo.

This was assigned CVE-2023-5156.

Resolves: BZ #30884
Related: BZ #30842

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
---
 nss/Makefile                    | 20 ++++++++++++++++++++
 nss/tst-nss-gai-hv2-canonname.c |  3 +++
 sysdeps/posix/getaddrinfo.c     |  4 +---
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/nss/Makefile b/nss/Makefile
index e3d21e9a89..6ef5bf23b3 100644
--- a/nss/Makefile
+++ b/nss/Makefile
@@ -148,6 +148,15 @@ endif
 extra-test-objs		+= nss_test1.os nss_test2.os nss_test_errno.os \
 			   nss_test_gai_hv2_canonname.os
 
+ifeq ($(run-built-tests),yes)
+ifneq (no,$(PERL))
+tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out
+endif
+endif
+
+generated += mtrace-tst-nss-gai-hv2-canonname.out \
+		tst-nss-gai-hv2-canonname.mtrace
+
 include ../Rules
 
 ifeq (yes,$(have-selinux))
@@ -216,6 +225,17 @@ endif
 $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so
 $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so
 
+tst-nss-gai-hv2-canonname-ENV = \
+		MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \
+		LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
+$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \
+  $(objpfx)tst-nss-gai-hv2-canonname.out
+	{ test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \
+	|| ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77; ) \
+	&& $(common-objpfx)malloc/mtrace \
+	$(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \
+	$(evaluate-test)
+
 # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS
 # functions can load testing NSS modules via DT_RPATH.
 LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags
diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c
index d5f10c07d6..7db53cf09d 100644
--- a/nss/tst-nss-gai-hv2-canonname.c
+++ b/nss/tst-nss-gai-hv2-canonname.c
@@ -21,6 +21,7 @@
 #include <netdb.h>
 #include <stdlib.h>
 #include <string.h>
+#include <mcheck.h>
 #include <support/check.h>
 #include <support/xstdio.h>
 #include "nss/tst-nss-gai-hv2-canonname.h"
@@ -41,6 +42,8 @@ static void do_prepare (int a, char **av)
 static int
 do_test (void)
 {
+  mtrace ();
+
   __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
 
   struct addrinfo hints = {};
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index b4e8ea3880..69f38bbfb9 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -1196,9 +1196,7 @@ free_and_return:
   if (malloc_name)
     free ((char *) name);
   free (addrmem);
-  if (res.free_at)
-    free (res.at);
-  free (res.canon);
+  gaih_result_reset (&res);
 
   return result;
 }
-- 
2.41.0