Bug 219072 - net-mgmt/net-snmp: memory leak in swrun_kinfo.c
Summary: net-mgmt/net-snmp: memory leak in swrun_kinfo.c
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Ryan Steinmetz
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-04 19:37 UTC by Markus Wennrich
Modified: 2018-01-13 23:20 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (zi)


Attachments
patch for agent/mibgroup/host/data_access/swrun_kinfo.c (938 bytes, patch)
2017-05-04 19:37 UTC, Markus Wennrich
no flags Details | Diff
patch for agent/mibgroup/host/data_access/swrun_kinfo.c (fixed) (980 bytes, patch)
2017-05-04 20:10 UTC, Markus Wennrich
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Markus Wennrich 2017-05-04 19:37:15 UTC
Created attachment 182305 [details]
patch for agent/mibgroup/host/data_access/swrun_kinfo.c

agent/mibgroup/host/data_access/swrun_kinfo.c doesn't check the return code of CONTAINER_INSERT and leaks memory, if return code is "-1" (duplicate key)

        rc = CONTAINER_INSERT(container, entry);

(rc never gets checked)


This patch checks the return code and frees the allocated entry, if it didn't get inserted because becaus it was a duplicate.

        if ( -1 == CONTAINER_INSERT(container, entry)) {
          // entry didn't get inserted (duplicate key)
          free(entry);
        }


This resovles this memory leak.

See also upstream bug: https://sourceforge.net/p/net-snmp/bugs/2717/
and upstream submitted patch: https://sourceforge.net/p/net-snmp/patches/1341/
Comment 1 Markus Wennrich 2017-05-04 20:10:26 UTC
Created attachment 182307 [details]
patch for agent/mibgroup/host/data_access/swrun_kinfo.c (fixed)
Comment 2 Markus Wennrich 2017-05-04 20:11:47 UTC
Sorry, nearly introduced a use-after-free bug.
Fixed patch uploaded.
Comment 3 w.schwarzenfeld freebsd_triage 2018-01-13 23:20:27 UTC
Maintainer feedback?