Skip Menu |
 

From: Bean Zhang <bean.zhang@centrify.com>
To: "krb5-bugs@mit.edu" <krb5-bugs@mit.edu>
Subject: Resource leak in k5_os_hostaddr()
Date: Fri, 15 Jun 2018 08:33:35 +0000
Hi Team,

k5_os_hostaddr() in krb5-1.16.1/src/lib/krb5/os/hostaddr.c
calls getaddrinfo(name, 0, &hints, &ai) to get the addr info and store allocated memory to pointer "ai"
later if fails to call malloc((i+1) * sizeof(*addrs)), function directly return without freeing the storage ai points to.

The fix is to call "retval = ENOMEM; goto errout;" instead of "return ENOMEM;"

Could someone help to take a look?

Thanks,
Bean
From: ghudson@mit.edu
Subject: git commit

Fix minor leak in k5_os_hostaddr()

In k5_os_hostaddr(), if allocation of the result array fails, use the
cleanup handler so that the getaddrinfo() result is freed. Also
initialize the pointers which are freed in the cleanup handler for
safety. Reported by Bean Zhang.

https://github.com/krb5/krb5/commit/0f1ebd3dc612a58e2e3a019ab97965369a354e59
Author: Greg Hudson <ghudson@mit.edu>
Commit: 0f1ebd3dc612a58e2e3a019ab97965369a354e59
Branch: master
src/lib/krb5/os/hostaddr.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)