Public bug reported: eglibc-2.13, nis/nss_nis/nis-hosts.c: 452 enum nss_status 453 _nss_nis_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat, 454 char *buffer, size_t buflen, int *errnop, 455 int *herrnop, int32_t *ttlp) 456 { ... 473 char *result; 474 int len; 475 int yperr = yp_match (domain, "hosts.byname", name2, namlen, &result, &len ); ... 522 int parse_res = parse_line (result, &host, data, buflen, errnop, AF_UNSPEC , 523 0); 524 if (__builtin_expect (parse_res < 1, 0)) 525 { 526 if (parse_res == -1) 527 { 528 *herrnop = NETDB_INTERNAL; 529 return NSS_STATUS_TRYAGAIN; 530 } 531 else 532 { 533 *herrnop = HOST_NOT_FOUND; 534 return NSS_STATUS_NOTFOUND; 535 } 536 } ... 553 free (result); 554 555 return NSS_STATUS_SUCCESS; 556 }
#475's yp_match() malloc()s the memory for `result'. It's free()d at #553 but not if there's a parse error from parse_line() at #522 and we instead return early due to #529 or #534. ** Affects: eglibc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/855477 Title: _nss_nis_gethostbyname4_r() leaks memory on parse error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/855477/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs