Maintained by: NLnet Labs

[Unbound-users] Leak in 1.4.14?

W.C.A. Wijngaards
Sat Dec 24 12:35:08 CET 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Robert,

On 12/22/2011 05:07 PM, Robert Fleischman wrote:
> In "outside_network.c", the function:  "outnet_serviced_query" has two
> calls inside "if" statements:
> 
> "if (!serviced_udp_send(...)"
>        and
> "if (!serviced_tcp_send(...)"
> 
> in those error branches, I STRONGLY believe we need a:
> 
> "free(sq->zone);"
> 
> inserted after the "free(sq->qbuf);"
> 
> Otherwise, it LEAKS the "memdup()"'d sq->zone!
> 
> My tests show:
>    Without those free()'s, it leaks.
>    Put them in, all is good.
> 
> I haven't done the analysis on "how bad" this is.  It might be a minor thing.

Thanks for the patch!  The sq->zone was added in a fix recently, hence
this mistake.

Fixes are in svn trunk r2578.

The effect is that leaked zone, a domain name, about 10-20 bytes.  It
leaks when udp or tcp send fails, such as socket errors from the OS.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO9bjsAAoJEJ9vHC1+BF+N1iMQAKVSR4bK0buaMn36ZxRhshQf
sWgYQHMNqGACmvGmXL0lfv/Ng8NFBKBvqlvIiixxxUh3SmfpG9tMl7gZEgBrFRxa
OwnvKLvJ0spHNdRhbeSYegYfh6zrCF1292imVSwG1BNmvh+Jfm6HGJJLQuqcr5WF
0tdCXSvS4B7h7DK/6QOPed2gz9CsPxMjvK9KKv70schpTcDfVY6cMzzdT0YXXDdo
0VEqQn5TCwsSAp8aXgMT2yK5bV2isAC9hM5A3krjZUudxs5CyaMGeI8Lr1b2OJp2
E6FJoYZ71JNHHIPAFYsJhgupcwm8AVPrTsjPCepxgkgjkZmGWCWHz3qwFNpyM4NX
ZcBIdStC9cxVWlN3eBG3c0TxV7a9RZUUFvSh1KYZib6ynbPwwYNcwvwNdsGeXbXL
FnkL9UzgyrRuJvh5TG5sO27GazRNF/jzKCfjyHXtSkqlI9+FqwD9nK+0Dv/DDIVN
IvTfKuvgep323CzKcpY/wWW1dJV2sDaDFRn+pLljAIT5CaMaEjmm7FPrxthmcPW9
/2h+IhYiBJfYtx/OFYY1+nf2W/0vJJEmOj95nY/ETumElYCT/XW1SYbTD+NXiyrF
4UMPQDv7ZYbrXQxXiLj6PQhAxwl9N2ejKnFkw4NeFx3wZOrpKATUoWJ+YKahERKP
vsGpH0y8pyq3Sm1mdGvW
=wwom
-----END PGP SIGNATURE-----