diff options
| author | Brent Cook <bcook@cvs.openbsd.org> | 2015-01-13 02:28:57 +0000 |
|---|---|---|
| committer | Brent Cook <bcook@cvs.openbsd.org> | 2015-01-13 02:28:57 +0000 |
| commit | 71d9a978472deb6d07096a69239479f07e48a3e8 (patch) | |
| tree | 3072b934171005a40a5555625225e8697557a546 | |
| parent | 5aa9f23c744e3c358f3cead0caaba954e02fb248 (diff) | |
fix some memory leaks in dns handling.
- Nothing seems to free the result of host_dns(), so add host_dns_free() and
call after each query.
- If imsg_add() fails, it frees buf. Avoid subsequently dereferencing the
freed buf in imsg_close().
ok millert@ deraadt@
| -rw-r--r-- | usr.sbin/ntpd/config.c | 13 | ||||
| -rw-r--r-- | usr.sbin/ntpd/ntp_dns.c | 23 | ||||
| -rw-r--r-- | usr.sbin/ntpd/ntpd.c | 23 | ||||
| -rw-r--r-- | usr.sbin/ntpd/ntpd.h | 3 |
4 files changed, 44 insertions, 18 deletions
diff --git a/usr.sbin/ntpd/config.c b/usr.sbin/ntpd/config.c index e0efb24ec78..d493a9c3072 100644 --- a/usr.sbin/ntpd/config.c +++ b/usr.sbin/ntpd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.22 2015/01/10 13:47:05 tedu Exp $ */ +/* $OpenBSD: config.c,v 1.23 2015/01/13 02:28:56 bcook Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -109,6 +109,17 @@ host_v6(const char *s) return (h); } +void +host_dns_free(struct ntp_addr *hn) +{ + struct ntp_addr *h = hn, *tmp; + while (h) { + tmp = h; + h = h->next; + free(tmp); + } +} + int host_dns(const char *s, struct ntp_addr **hn) { diff --git a/usr.sbin/ntpd/ntp_dns.c b/usr.sbin/ntpd/ntp_dns.c index e3eeb12cef8..451b358965f 100644 --- a/usr.sbin/ntpd/ntp_dns.c +++ b/usr.sbin/ntpd/ntp_dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntp_dns.c,v 1.6 2015/01/09 07:35:37 deraadt Exp $ */ +/* $OpenBSD: ntp_dns.c,v 1.7 2015/01/13 02:28:56 bcook Exp $ */ /* * Copyright (c) 2003-2008 Henning Brauer <henning@openbsd.org> @@ -159,13 +159,20 @@ dns_dispatch_imsg(void) buf = imsg_create(ibuf_dns, IMSG_HOST_DNS, imsg.hdr.peerid, 0, cnt * sizeof(struct sockaddr_storage)); - if (buf == NULL) - break; - if (cnt > 0) - for (h = hn; h != NULL; h = h->next) - imsg_add(buf, &h->ss, sizeof(h->ss)); - - imsg_close(ibuf_dns, buf); + if (cnt > 0) { + if (buf) { + for (h = hn; h != NULL; h = h->next) + if (imsg_add(buf, &h->ss, + sizeof(h->ss)) == -1) { + buf = NULL; + break; + } + if (buf) + imsg_close(ibuf_dns, buf); + } + host_dns_free(hn); + hn = NULL; + } break; default: break; diff --git a/usr.sbin/ntpd/ntpd.c b/usr.sbin/ntpd/ntpd.c index bfc73f97cdd..fae5c7a9ed1 100644 --- a/usr.sbin/ntpd/ntpd.c +++ b/usr.sbin/ntpd/ntpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.c,v 1.83 2015/01/09 07:35:37 deraadt Exp $ */ +/* $OpenBSD: ntpd.c,v 1.84 2015/01/13 02:28:56 bcook Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -358,13 +358,20 @@ dispatch_imsg(struct ntpd_conf *lconf) buf = imsg_create(ibuf, IMSG_HOST_DNS, imsg.hdr.peerid, 0, cnt * sizeof(struct sockaddr_storage)); - if (buf == NULL) - break; - if (cnt > 0) - for (h = hn; h != NULL; h = h->next) - imsg_add(buf, &h->ss, sizeof(h->ss)); - - imsg_close(ibuf, buf); + if (cnt > 0) { + if (buf) { + for (h = hn; h != NULL; h = h->next) + if (imsg_add(buf, &h->ss, + sizeof(h->ss)) == -1) { + buf = NULL; + break; + } + if (buf) + imsg_close(ibuf, buf); + } + host_dns_free(hn); + hn = NULL; + } break; default: break; diff --git a/usr.sbin/ntpd/ntpd.h b/usr.sbin/ntpd/ntpd.h index 2cdaf8bff53..44f91780f7a 100644 --- a/usr.sbin/ntpd/ntpd.h +++ b/usr.sbin/ntpd/ntpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.h,v 1.116 2015/01/10 13:47:05 tedu Exp $ */ +/* $OpenBSD: ntpd.h,v 1.117 2015/01/13 02:28:56 bcook Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -281,6 +281,7 @@ int parse_config(const char *, struct ntpd_conf *); /* config.c */ void host(const char *, struct ntp_addr **); int host_dns(const char *, struct ntp_addr **); +void host_dns_free(struct ntp_addr *); struct ntp_peer *new_peer(void); struct ntp_conf_sensor *new_sensor(char *); |