On Thu, Jun 14, 2018 at 04:54:46PM +0200, Barabosch, Thomas wrote: > BTW I had a quick look at the FreeBSD [1] and NetBSD [2] sources. This > issue is actually fixed in FreeBSD but not fixed in NetBSD (should we > notify them as well right now?)
sure, go ahead. > > [1] > https://github.com/freebsd/freebsd/blob/master/usr.sbin/route6d/route6d.c > [2] https://github.com/NetBSD/src/blob/trunk/usr.sbin/route6d/route6d.c > > Am 14.06.2018 um 16:44 schrieb Florian Obser: > > OK florian@ if someone wants to commit it. Alternatively I take OKs, > > too :) > > > > On Thu, Jun 14, 2018 at 04:25:22PM +0200, Barabosch, Thomas wrote: > >> Hi there, > >> > >> while reviewing the code, I may have stumbled upon potential memory > >> leaks in usr.sbin/route6d/route6d.c. > >> > >> I think there is an issue with the two calls to getaddrinfo. According > >> to getaddrinfo.3, the dynamically allocated structures must be free'd > >> with freeaddrinfo: > >> > >> "All of the information returned by getaddrinfo() is dynamically > >> allocated: the addrinfo structures themselves as well as the socket > >> address structures and the canonical host name strings included in the > >> addrinfo structures. > >> Memory allocated for the dynamically allocated structures created by a > >> successful call to getaddrinfo() is released by the freeaddrinfo() > >> function. The ai pointer should be an addrinfo structure created by a > >> call to getaddrinfo(). " > >> > >> However, the res parameter of the two calls: > >> > >> - error = getaddrinfo(NULL, port, &hints, &res); > >> > >> - error = getaddrinfo(RIP6_DEST, port, &hints, &res); > >> > >> are never free'd with freeaddrinfo in this file. There are no calls to > >> freeaddrinfo in this file at all. Hence, I think that this could > >> potentially lead to memory leaks. It would be better to free them. > >> > >> Can you confirm this issue or am I missing something? > >> > >> I've attached a possible patch. > >> > >> Best regards, > >> > >> Thomas > >> > >> -- > >> Thomas Barabosch > >> > >> Fraunhofer FKIE Tel.: +49 228 50212-601 > >> Cyber Analysis & Defense Fax: +49 228 73-4571 > >> Zanderstraße 5 D-53113 Bonn, Germany > >> http://www.fkie.fraunhofer.de/ > >> > >> --- usr.sbin/route6d/route6d.c 2018-06-14 16:19:08.807504647 +0200 > >> +++ usr.sbin/route6d/route6d.c.patched 2018-06-14 16:18:18.159529498 > >> +0200 > >> @@ -567,6 +567,7 @@ > >> /*NOTREACHED*/ > >> } > >> > >> + freeaddrinfo(res); > >> memset(&hints, 0, sizeof(hints)); > >> hints.ai_family = PF_INET6; > >> hints.ai_socktype = SOCK_DGRAM; > >> @@ -580,6 +581,7 @@ > >> /*NOTREACHED*/ > >> } > >> memcpy(&ripsin, res->ai_addr, res->ai_addrlen); > >> + freeaddrinfo(res); > >> > >> pfd[0].fd = ripsock; > >> pfd[0].events = POLLIN; > > > > -- > Thomas Barabosch > > Fraunhofer FKIE Tel.: +49 228 50212-601 > Cyber Analysis & Defense Fax: +49 228 73-4571 > Zanderstraße 5 D-53113 Bonn, Germany > http://www.fkie.fraunhofer.de/ > -- I'm not entirely sure you are real.
