Bug 22095 - Name server address allocation memory leak in resolv.conf parsing after OOM
Summary: Name server address allocation memory leak in resolv.conf parsing after OOM
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: 2.26
: P2 normal
Target Milestone: 2.27
Assignee: Florian Weimer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-06 13:19 UTC by Florian Weimer
Modified: 2017-09-06 14:09 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2017-09-06 13:19:48 UTC 
This code in res_vinit_1 allocates an address, but if it cannot be placed into the array due to an out-of-memory condition, it will leak:

              if ((*cp != '\0') && (*cp != '\n') && __inet_aton (cp, &a))
                {
                  sa = allocate_address_v4 (a, NAMESERVER_PORT);
                  if (sa == NULL)
                    return false;
                }
…
              if (sa != NULL)
                {
                  const struct sockaddr **p = nameserver_list_emplace
                    (&parser->nameserver_list);
                  if (p != NULL)
                    *p = sa;
                  else
                    {
                      free (sa);
                      return false;
                    }
                }
Comment 1 Sourceware Commits 2017-09-06 13:23:34 UTC 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  5670c4ab256114e869b1df4b05653aa5f909182c (commit)
      from  c77eb96925b719001237ca7c9e3cef40d795d66b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5670c4ab256114e869b1df4b05653aa5f909182c

commit 5670c4ab256114e869b1df4b05653aa5f909182c
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Sep 6 15:20:25 2017 +0200

    resolv: Fix memory leak with OOM during resolv.conf parsing [BZ #22095]

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog         |    6 ++++++
 resolv/res_init.c |    5 +++++
 2 files changed, 11 insertions(+), 0 deletions(-)
Comment 2 Florian Weimer 2017-09-06 13:26:32 UTC 
Fixed in 2.27.
Comment 3 Sourceware Commits 2017-09-06 14:09:10 UTC 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.26/master has been updated
       via  905a6129147e7ee80e8918e23efe212433b8cce7 (commit)
      from  3005466abe8fb80ad4ff51865f1e28dd81c43347 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=905a6129147e7ee80e8918e23efe212433b8cce7

commit 905a6129147e7ee80e8918e23efe212433b8cce7
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Sep 6 15:46:54 2017 +0200

    resolv: Fix memory leak with OOM during resolv.conf parsing [BZ #22095]
    
    (cherry picked from commit 5670c4ab256114e869b1df4b05653aa5f909182c)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog         |    6 ++++++
 NEWS              |    1 +
 resolv/res_init.c |    5 +++++
 3 files changed, 12 insertions(+), 0 deletions(-)