inet: Free result from getaddrinfo

Message ID 20210511171704.360243-1-siddhesh@sourceware.org
State Superseded
Headers show
Series
  • inet: Free result from getaddrinfo
Related show

Commit Message

Adhemerval Zanella via Libc-alpha May 11, 2021, 5:17 p.m.
Coverity discovered paths where the result from getaddrinfo was not
freed.
---
 inet/rcmd.c  |  1 +
 inet/rexec.c | 16 ++++++++--------
 2 files changed, 9 insertions(+), 8 deletions(-)

-- 
2.31.1

Comments

Andreas Schwab May 12, 2021, 10:47 a.m. | #1
On Mai 11 2021, Siddhesh Poyarekar via Libc-alpha wrote:

> diff --git a/inet/rexec.c b/inet/rexec.c

> index bda536723b..59309745c1 100644

> --- a/inet/rexec.c

> +++ b/inet/rexec.c

> @@ -76,13 +76,13 @@ rexec_af (char **ahost, int rport, const char *name, const char *pass,

>  		ahostbuf = __strdup (res0->ai_canonname);

>  		if (ahostbuf == NULL) {

>  			perror ("rexec: strdup");

> -			return (-1);

> +			goto bad2;

>  		}

>  		*ahost = ahostbuf;

>  	} else {

>  		*ahost = NULL;

>  		__set_errno (ENOENT);

> -		return -1;

> +		goto bad2;

>  	}

>  	ruserpass(res0->ai_canonname, &name, &pass);

>  retry:

> @@ -90,7 +90,7 @@ retry:

>  	s = __socket(res0->ai_family, res0->ai_socktype, 0);

>  	if (s < 0) {

>  		perror("rexec: socket");

> -		return (-1);

> +		goto bad2;

>  	}

>  	if (__connect(s, res0->ai_addr, res0->ai_addrlen) < 0) {

>  		if (errno == ECONNREFUSED && timo <= 16) {

> @@ -100,7 +100,7 @@ retry:

>  			goto retry;

>  		}

>  		perror(res0->ai_canonname);

> -		return (-1);

> +		goto bad2;


That still leaks the descriptor in s.

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

Patch

diff --git a/inet/rcmd.c b/inet/rcmd.c
index 452ff7d099..0cfdaee15e 100644
--- a/inet/rcmd.c
+++ b/inet/rcmd.c
@@ -153,6 +153,7 @@  rcmd_af (char **ahost, u_short rport, const char *locuser, const char *remuser,
 		free (ahostbuf);
 		ahostbuf = __strdup (res->ai_canonname);
 		if (ahostbuf == NULL) {
+			freeaddrinfo (res);
 			__fxprintf(NULL, "%s",
 				   _("rcmd: Cannot allocate memory\n"));
 			return -1;
diff --git a/inet/rexec.c b/inet/rexec.c
index bda536723b..59309745c1 100644
--- a/inet/rexec.c
+++ b/inet/rexec.c
@@ -76,13 +76,13 @@  rexec_af (char **ahost, int rport, const char *name, const char *pass,
 		ahostbuf = __strdup (res0->ai_canonname);
 		if (ahostbuf == NULL) {
 			perror ("rexec: strdup");
-			return (-1);
+			goto bad2;
 		}
 		*ahost = ahostbuf;
 	} else {
 		*ahost = NULL;
 		__set_errno (ENOENT);
-		return -1;
+		goto bad2;
 	}
 	ruserpass(res0->ai_canonname, &name, &pass);
 retry:
@@ -90,7 +90,7 @@  retry:
 	s = __socket(res0->ai_family, res0->ai_socktype, 0);
 	if (s < 0) {
 		perror("rexec: socket");
-		return (-1);
+		goto bad2;
 	}
 	if (__connect(s, res0->ai_addr, res0->ai_addrlen) < 0) {
 		if (errno == ECONNREFUSED && timo <= 16) {
@@ -100,7 +100,7 @@  retry:
 			goto retry;
 		}
 		perror(res0->ai_canonname);
-		return (-1);
+		goto bad2;
 	}
 	if (fd2p == 0) {
 		(void) __write(s, "", 1);
@@ -116,10 +116,9 @@  retry:
 		socklen_t sa2len;
 
 		s2 = __socket(res0->ai_family, res0->ai_socktype, 0);
-		if (s2 < 0) {
-			(void) __close(s);
-			return (-1);
-		}
+		if (s2 < 0)
+			goto bad;
+
 		__listen(s2, 1);
 		sa2len = sizeof (sa2);
 		if (__getsockname(s2, &sa2.sa, &sa2len) < 0) {
@@ -185,6 +184,7 @@  bad:
 	if (port)
 		(void) __close(*fd2p);
 	(void) __close(s);
+bad2:
 	freeaddrinfo(res0);
 	return (-1);
 }