Hi there,
while reviewing the code, I may have stumbled upon potential memory
leaks in usr.sbin/route6d/route6d.c.
I think there is an issue with the two calls to getaddrinfo. According
to getaddrinfo.3, the dynamically allocated structures must be free'd
with freeaddrinfo:
"All of the information returned by getaddrinfo() is dynamically
allocated: the addrinfo structures themselves as well as the socket
address structures and the canonical host name strings included in the
addrinfo structures.
Memory allocated for the dynamically allocated structures created by a
successful call to getaddrinfo() is released by the freeaddrinfo()
function. The ai pointer should be an addrinfo structure created by a
call to getaddrinfo(). "
However, the res parameter of the two calls:
- error = getaddrinfo(NULL, port, &hints, &res);
- error = getaddrinfo(RIP6_DEST, port, &hints, &res);
are never free'd with freeaddrinfo in this file. There are no calls to
freeaddrinfo in this file at all. Hence, I think that this could
potentially lead to memory leaks. It would be better to free them.
Can you confirm this issue or am I missing something?
I've attached a possible patch.
Best regards,
Thomas
--
Thomas Barabosch
Fraunhofer FKIE Tel.: +49 228 50212-601
Cyber Analysis & Defense Fax: +49 228 73-4571
Zanderstraße 5 D-53113 Bonn, Germany
http://www.fkie.fraunhofer.de/
--- usr.sbin/route6d/route6d.c 2018-06-14 16:19:08.807504647 +0200
+++ usr.sbin/route6d/route6d.c.patched 2018-06-14 16:18:18.159529498 +0200
@@ -567,6 +567,7 @@
/*NOTREACHED*/
}
+ freeaddrinfo(res);
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_INET6;
hints.ai_socktype = SOCK_DGRAM;
@@ -580,6 +581,7 @@
/*NOTREACHED*/
}
memcpy(&ripsin, res->ai_addr, res->ai_addrlen);
+ freeaddrinfo(res);
pfd[0].fd = ripsock;
pfd[0].events = POLLIN;
