2.1.17 memory leaks and other problems in cfservd

Thu, 22 Dec 2005 12:09:39 -0800 

Here are some memory leaks found with insure++.  They just cover
cfservd startup; I haven't actually done anything with the
running cfservd yet...

1. AddAuthHostItem creates a list with SplitStringAsItemList
but never frees the list.  Note that parts of the list are
re-used (ip->name) so the list cannot just be wholesale deleted.

\"/home/project-releases/tmp/cfengine-2.1.17/src/install.c\", line 6243:
(LEAK_SCOPE)
>>       return;

  Memory leaked leaving scope: malloc(sizeof(struct Item))

  Lost block : 0x200d28d8 thru 0x200d28f7 (32 bytes)
               malloc(sizeof(struct Item)), allocated at item.c, 316
                          malloc()  (interface)
                      AppendItem()  item.c, 316
           SplitStringAsItemList()  item.c, 1138
                 AddAuthHostItem()  install.c, 6231
                 InstallAuthPath()  install.c, 6208
                 InstallAuthItem()  install.c, 5164
                HandleServerRule()  parse.c, 909
                           yylex()  cflex.l, 501
                         yyparse()  bison.simple, 432
                       ParseFile()  parse.c, 1051
                  ParseInputFile()  parse.c, 82
                            main()  cfservd.c, 144
                         __start()  crt0main.s

2. In cfservd.c:

if (StrStr(VSYSNAME.nodename,ToLowerStr(VDOMAIN)))

The problem is that StrStr() calls ToLowerStr() internally
and that function returns a pointer to a static area.  ToLowerStr
should be rewritten to use a buffer passed in as a parameter.

\"/home/project-releases/tmp/cfengine-2.1.17/src/cfservd.c\", line 416:
(COPY_DANGLING)
>> if (StrStr(VSYSNAME.nodename,ToLowerStr(VDOMAIN)))

  Copying dangling pointer: StrStr

  Pointer : 0x2ff1e324
  In block: 0x2ff1e324 thru 0x2ff1f323 (4096 bytes)
                  buf1, declared at patches.c, 59
                   popped off stack at patches.c, 63

  Stack trace where the error occurred:
                  CheckVariables()  cfservd.c, 416
                            main()  cfservd.c, 148
                         __start()  crt0main.s

3. nodename[] may not have any '.' characters in it -- note that
if I recall correctly it may not be null-terminated either.

\"/home/project-releases/tmp/cfengine-2.1.17/src/cfservd.c\", line 420:
(READ_BAD_INDEX)
>>    while(VSYSNAME.nodename[i++] != '.')

  Reading array out of range: VSYSNAME.nodename[i++]

  Index used : 32

  Valid range: 0 thru 31 (inclusive)

  Stack trace where the error occurred:
                  CheckVariables()  cfservd.c, 420
                            main()  cfservd.c, 148
                         __start()  crt0main.s
-- 
Joe Buehler



_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine

Reply via email to