BTW I had a quick look at the FreeBSD [1] and NetBSD [2] sources. This issue is actually fixed in FreeBSD but not fixed in NetBSD (should we notify them as well right now?)
[1] https://github.com/freebsd/freebsd/blob/master/usr.sbin/route6d/route6d.c [2] https://github.com/NetBSD/src/blob/trunk/usr.sbin/route6d/route6d.c Am 14.06.2018 um 16:44 schrieb Florian Obser: > OK florian@ if someone wants to commit it. Alternatively I take OKs, > too :) > > On Thu, Jun 14, 2018 at 04:25:22PM +0200, Barabosch, Thomas wrote: >> Hi there, >> >> while reviewing the code, I may have stumbled upon potential memory >> leaks in usr.sbin/route6d/route6d.c. >> >> I think there is an issue with the two calls to getaddrinfo. According >> to getaddrinfo.3, the dynamically allocated structures must be free'd >> with freeaddrinfo: >> >> "All of the information returned by getaddrinfo() is dynamically >> allocated: the addrinfo structures themselves as well as the socket >> address structures and the canonical host name strings included in the >> addrinfo structures. >> Memory allocated for the dynamically allocated structures created by a >> successful call to getaddrinfo() is released by the freeaddrinfo() >> function. The ai pointer should be an addrinfo structure created by a >> call to getaddrinfo(). " >> >> However, the res parameter of the two calls: >> >> - error = getaddrinfo(NULL, port, &hints, &res); >> >> - error = getaddrinfo(RIP6_DEST, port, &hints, &res); >> >> are never free'd with freeaddrinfo in this file. There are no calls to >> freeaddrinfo in this file at all. Hence, I think that this could >> potentially lead to memory leaks. It would be better to free them. >> >> Can you confirm this issue or am I missing something? >> >> I've attached a possible patch. >> >> Best regards, >> >> Thomas >> >> -- >> Thomas Barabosch >> >> Fraunhofer FKIE Tel.: +49 228 50212-601 >> Cyber Analysis & Defense Fax: +49 228 73-4571 >> Zanderstraße 5 D-53113 Bonn, Germany >> http://www.fkie.fraunhofer.de/ >> >> --- usr.sbin/route6d/route6d.c 2018-06-14 16:19:08.807504647 +0200 >> +++ usr.sbin/route6d/route6d.c.patched 2018-06-14 16:18:18.159529498 >> +0200 >> @@ -567,6 +567,7 @@ >> /*NOTREACHED*/ >> } >> >> + freeaddrinfo(res); >> memset(&hints, 0, sizeof(hints)); >> hints.ai_family = PF_INET6; >> hints.ai_socktype = SOCK_DGRAM; >> @@ -580,6 +581,7 @@ >> /*NOTREACHED*/ >> } >> memcpy(&ripsin, res->ai_addr, res->ai_addrlen); >> + freeaddrinfo(res); >> >> pfd[0].fd = ripsock; >> pfd[0].events = POLLIN; > -- Thomas Barabosch Fraunhofer FKIE Tel.: +49 228 50212-601 Cyber Analysis & Defense Fax: +49 228 73-4571 Zanderstraße 5 D-53113 Bonn, Germany http://www.fkie.fraunhofer.de/
