[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
2.1.17 memory leaks and other problems in cfservd
From: |
Joe Buehler |
Subject: |
2.1.17 memory leaks and other problems in cfservd |
Date: |
Thu, 22 Dec 2005 15:09:22 -0500 |
User-agent: |
Mozilla Thunderbird 1.0.6 (Windows/20050716) |
Here are some memory leaks found with insure++. They just cover
cfservd startup; I haven't actually done anything with the
running cfservd yet...
1. AddAuthHostItem creates a list with SplitStringAsItemList
but never frees the list. Note that parts of the list are
re-used (ip->name) so the list cannot just be wholesale deleted.
\"/home/project-releases/tmp/cfengine-2.1.17/src/install.c\", line 6243:
(LEAK_SCOPE)
>> return;
Memory leaked leaving scope: malloc(sizeof(struct Item))
Lost block : 0x200d28d8 thru 0x200d28f7 (32 bytes)
malloc(sizeof(struct Item)), allocated at item.c, 316
malloc() (interface)
AppendItem() item.c, 316
SplitStringAsItemList() item.c, 1138
AddAuthHostItem() install.c, 6231
InstallAuthPath() install.c, 6208
InstallAuthItem() install.c, 5164
HandleServerRule() parse.c, 909
yylex() cflex.l, 501
yyparse() bison.simple, 432
ParseFile() parse.c, 1051
ParseInputFile() parse.c, 82
main() cfservd.c, 144
__start() crt0main.s
2. In cfservd.c:
if (StrStr(VSYSNAME.nodename,ToLowerStr(VDOMAIN)))
The problem is that StrStr() calls ToLowerStr() internally
and that function returns a pointer to a static area. ToLowerStr
should be rewritten to use a buffer passed in as a parameter.
\"/home/project-releases/tmp/cfengine-2.1.17/src/cfservd.c\", line 416:
(COPY_DANGLING)
>> if (StrStr(VSYSNAME.nodename,ToLowerStr(VDOMAIN)))
Copying dangling pointer: StrStr
Pointer : 0x2ff1e324
In block: 0x2ff1e324 thru 0x2ff1f323 (4096 bytes)
buf1, declared at patches.c, 59
popped off stack at patches.c, 63
Stack trace where the error occurred:
CheckVariables() cfservd.c, 416
main() cfservd.c, 148
__start() crt0main.s
3. nodename[] may not have any '.' characters in it -- note that
if I recall correctly it may not be null-terminated either.
\"/home/project-releases/tmp/cfengine-2.1.17/src/cfservd.c\", line 420:
(READ_BAD_INDEX)
>> while(VSYSNAME.nodename[i++] != '.')
Reading array out of range: VSYSNAME.nodename[i++]
Index used : 32
Valid range: 0 thru 31 (inclusive)
Stack trace where the error occurred:
CheckVariables() cfservd.c, 420
main() cfservd.c, 148
__start() crt0main.s
--
Joe Buehler
- 2.1.17 memory leaks and other problems in cfservd,
Joe Buehler <=