OK florian@ if someone wants to commit it. Alternatively I take OKs, too :)
On Thu, Jun 14, 2018 at 04:25:22PM +0200, Barabosch, Thomas wrote: > Hi there, > > while reviewing the code, I may have stumbled upon potential memory > leaks in usr.sbin/route6d/route6d.c. > > I think there is an issue with the two calls to getaddrinfo. According > to getaddrinfo.3, the dynamically allocated structures must be free'd > with freeaddrinfo: > > "All of the information returned by getaddrinfo() is dynamically > allocated: the addrinfo structures themselves as well as the socket > address structures and the canonical host name strings included in the > addrinfo structures. > Memory allocated for the dynamically allocated structures created by a > successful call to getaddrinfo() is released by the freeaddrinfo() > function. The ai pointer should be an addrinfo structure created by a > call to getaddrinfo(). " > > However, the res parameter of the two calls: > > - error = getaddrinfo(NULL, port, &hints, &res); > > - error = getaddrinfo(RIP6_DEST, port, &hints, &res); > > are never free'd with freeaddrinfo in this file. There are no calls to > freeaddrinfo in this file at all. Hence, I think that this could > potentially lead to memory leaks. It would be better to free them. > > Can you confirm this issue or am I missing something? > > I've attached a possible patch. > > Best regards, > > Thomas > > -- > Thomas Barabosch > > Fraunhofer FKIE Tel.: +49 228 50212-601 > Cyber Analysis & Defense Fax: +49 228 73-4571 > Zanderstraße 5 D-53113 Bonn, Germany > http://www.fkie.fraunhofer.de/ > > --- usr.sbin/route6d/route6d.c 2018-06-14 16:19:08.807504647 +0200 > +++ usr.sbin/route6d/route6d.c.patched 2018-06-14 16:18:18.159529498 > +0200 > @@ -567,6 +567,7 @@ > /*NOTREACHED*/ > } > > + freeaddrinfo(res); > memset(&hints, 0, sizeof(hints)); > hints.ai_family = PF_INET6; > hints.ai_socktype = SOCK_DGRAM; > @@ -580,6 +581,7 @@ > /*NOTREACHED*/ > } > memcpy(&ripsin, res->ai_addr, res->ai_addrlen); > + freeaddrinfo(res); > > pfd[0].fd = ripsock; > pfd[0].events = POLLIN; -- I'm not entirely sure you are real.
