rpcb_clnt.c: memory leak in destroy_addr (RHEL-11371)

JIRA: https://issues.redhat.com/browse/RHEL-11371

commit 89c63bdfd79b1c94384daaaa03a9e3582540f843
Author: Herb Wartens <wartens2@llnl.gov>
Date:   Tue Aug 1 10:21:42 2023 -0400

    rpcb_clnt.c: memory leak in destroy_addr

    Null pointers so they are not used again

    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2225226
    Signed-off-by: Steve Dickson <steved@redhat.com>

Signed-off-by: Steve Dickson <steved@redhat.com>
Resolves: RHEL-11371
This commit is contained in:
Steve Dickson 2024-01-03 09:29:46 -05:00
parent 5f473501a1
commit 913c2bdbb8
2 changed files with 57 additions and 1 deletions

View File

@ -0,0 +1,48 @@
commit 89c63bdfd79b1c94384daaaa03a9e3582540f843
Author: Herb Wartens <wartens2@llnl.gov>
Date: Tue Aug 1 10:21:42 2023 -0400
rpcb_clnt.c: memory leak in destroy_addr
Null pointers so they are not used again
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2225226
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index d178d86..c0a9e12 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -104,17 +104,27 @@ destroy_addr(addr)
{
if (addr == NULL)
return;
- if(addr->ac_host != NULL)
+ if (addr->ac_host != NULL) {
free(addr->ac_host);
- if(addr->ac_netid != NULL)
+ addr->ac_host = NULL;
+ }
+ if (addr->ac_netid != NULL) {
free(addr->ac_netid);
- if(addr->ac_uaddr != NULL)
+ addr->ac_netid = NULL;
+ }
+ if (addr->ac_uaddr != NULL) {
free(addr->ac_uaddr);
- if(addr->ac_taddr != NULL) {
- if(addr->ac_taddr->buf != NULL)
+ addr->ac_uaddr = NULL;
+ }
+ if (addr->ac_taddr != NULL) {
+ if(addr->ac_taddr->buf != NULL) {
free(addr->ac_taddr->buf);
+ addr->ac_taddr->buf = NULL;
+ }
+ addr->ac_taddr = NULL;
}
free(addr);
+ addr = NULL;
}
/*

View File

@ -2,7 +2,7 @@
Name: libtirpc
Version: 1.3.3
Release: 2%{?dist}
Release: 3%{?dist}
Summary: Transport Independent RPC Library
License: SISSL and BSD
URL: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary
@ -24,6 +24,11 @@ Patch002: libtirpc-1.3.3-clnt-raw-ptr.patch
#
Patch003: libtirpc-1.3.3-dos-sleep.patch
#
# RHEL9.4
#
Patch004: libtirpc-1.3.3-null-ptrs-not-reused.patch
%description
This package contains SunLib's implementation of transport-independent
RPC (TI-RPC) documentation. This library forms a piece of the base of
@ -123,6 +128,9 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
%{_mandir}/*/*
%changelog
* Tue Jan 2 2024 Steve Dickson <steved@redhat.com> - 1.3.3-3
- Null pointers so they are not used again (RHEL-11371)
* Thu May 18 2023 Steve Dickson <steved@redhat.com> - 1.3.3-2
- getnetconfigent: avoid potential DoS (bz 2150611)