From d7f12eacbb83d29537403ca911692790eb44ce45 Mon Sep 17 00:00:00 2001 From: Don Lewis Date: Wed, 8 Jun 2016 09:40:06 +0000 Subject: [PATCH] Don't leak addrinfo if ai->ai_addrlen <= minsiz test fails. If the ai->ai_addrlen <= minsiz test fails, then freeaddrinfo() does not get called to free the memory just allocated by getaddrinfo(). Fix by moving ai->ai_addrlen <= minsiz to a separate nested if block, and keep freeaddrinfo() in the outer block so that freeaddrinfo() will be called whenever getaddrinfo() succeeds. Reported by: Coverity CID: 1273652 Reviewed by: ume MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D6756 --- lib/libc/resolv/res_init.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/lib/libc/resolv/res_init.c b/lib/libc/resolv/res_init.c index 8b5855926d3..732fb1e6646 100644 --- a/lib/libc/resolv/res_init.c +++ b/lib/libc/resolv/res_init.c @@ -411,20 +411,21 @@ __res_vinit(res_state statp, int preinit) { hints.ai_socktype = SOCK_DGRAM; /*dummy*/ hints.ai_flags = AI_NUMERICHOST; sprintf(sbuf, "%u", NAMESERVER_PORT); - if (getaddrinfo(cp, sbuf, &hints, &ai) == 0 && - ai->ai_addrlen <= minsiz) { - if (statp->_u._ext.ext != NULL) { - memcpy(&statp->_u._ext.ext->nsaddrs[nserv], - ai->ai_addr, ai->ai_addrlen); + if (getaddrinfo(cp, sbuf, &hints, &ai) == 0) { + if (ai->ai_addrlen <= minsiz) { + if (statp->_u._ext.ext != NULL) { + memcpy(&statp->_u._ext.ext->nsaddrs[nserv], + ai->ai_addr, ai->ai_addrlen); + } + if (ai->ai_addrlen <= + sizeof(statp->nsaddr_list[nserv])) { + memcpy(&statp->nsaddr_list[nserv], + ai->ai_addr, ai->ai_addrlen); + } else + statp->nsaddr_list[nserv].sin_family = 0; + nserv++; } - if (ai->ai_addrlen <= - sizeof(statp->nsaddr_list[nserv])) { - memcpy(&statp->nsaddr_list[nserv], - ai->ai_addr, ai->ai_addrlen); - } else - statp->nsaddr_list[nserv].sin_family = 0; freeaddrinfo(ai); - nserv++; } } continue;