Commit c84c15d3938a ("BUG/MINOR: resolvers: Apply dns-accept-family
setting on additional records") converted a switch statement to an
if/else chain but left the break; in the AAAA branch. In the new
form, break exits the surrounding for loop instead of a switch case.
For every AAAA additional record in an SRV response:
- answer_record allocated at line 1460 is never freed and never
inserted into answer_tree -> ~580 bytes leaked per response
- all subsequent additional records in the response are silently
discarded
A DNS server controlling SRV responses for haproxy service discovery
can leak memory at MB/min rates given default resolution intervals.
Also breaks IPv6 SRV target resolution outright since the AAAA record
is leaked rather than attached to its SRV entry.
---
src/resolvers.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/resolvers.c b/src/resolvers.c
index 1b17b11e0a0d..30b0cf796a76 100644
--- a/src/resolvers.c
+++ b/src/resolvers.c
@@ -1527,7 +1527,6 @@ static int resolv_validate_dns_response(unsigned char
*resp, unsigned char *bufe
goto invalid_resp;
answer_record->data.in6.sin6_family = AF_INET6;
memcpy(&answer_record->data.in6.sin6_addr, reader,
answer_record->data_len);
- break;
}
else {
pool_free(resolv_answer_item_pool, answer_record);
--
2.53.0
