2.1.17 memory leaks and other problems in cfservd

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

2.1.17 memory leaks and other problems in cfservd

From:	Joe Buehler
Subject:	2.1.17 memory leaks and other problems in cfservd
Date:	Thu, 22 Dec 2005 15:09:22 -0500
User-agent:	Mozilla Thunderbird 1.0.6 (Windows/20050716)

Here are some memory leaks found with insure++.  They just cover
cfservd startup; I haven't actually done anything with the
running cfservd yet...

1. AddAuthHostItem creates a list with SplitStringAsItemList
but never frees the list.  Note that parts of the list are
re-used (ip->name) so the list cannot just be wholesale deleted.

\"/home/project-releases/tmp/cfengine-2.1.17/src/install.c\", line 6243:
(LEAK_SCOPE)
>>       return;

  Memory leaked leaving scope: malloc(sizeof(struct Item))

  Lost block : 0x200d28d8 thru 0x200d28f7 (32 bytes)
               malloc(sizeof(struct Item)), allocated at item.c, 316
                          malloc()  (interface)
                      AppendItem()  item.c, 316
           SplitStringAsItemList()  item.c, 1138
                 AddAuthHostItem()  install.c, 6231
                 InstallAuthPath()  install.c, 6208
                 InstallAuthItem()  install.c, 5164
                HandleServerRule()  parse.c, 909
                           yylex()  cflex.l, 501
                         yyparse()  bison.simple, 432
                       ParseFile()  parse.c, 1051
                  ParseInputFile()  parse.c, 82
                            main()  cfservd.c, 144
                         __start()  crt0main.s

2. In cfservd.c:

if (StrStr(VSYSNAME.nodename,ToLowerStr(VDOMAIN)))

The problem is that StrStr() calls ToLowerStr() internally
and that function returns a pointer to a static area.  ToLowerStr
should be rewritten to use a buffer passed in as a parameter.

\"/home/project-releases/tmp/cfengine-2.1.17/src/cfservd.c\", line 416:
(COPY_DANGLING)
>> if (StrStr(VSYSNAME.nodename,ToLowerStr(VDOMAIN)))

  Copying dangling pointer: StrStr

  Pointer : 0x2ff1e324
  In block: 0x2ff1e324 thru 0x2ff1f323 (4096 bytes)
                  buf1, declared at patches.c, 59
                   popped off stack at patches.c, 63

  Stack trace where the error occurred:
                  CheckVariables()  cfservd.c, 416
                            main()  cfservd.c, 148
                         __start()  crt0main.s

3. nodename[] may not have any '.' characters in it -- note that
if I recall correctly it may not be null-terminated either.

\"/home/project-releases/tmp/cfengine-2.1.17/src/cfservd.c\", line 420:
(READ_BAD_INDEX)
>>    while(VSYSNAME.nodename[i++] != '.')

  Reading array out of range: VSYSNAME.nodename[i++]

  Index used : 32

  Valid range: 0 thru 31 (inclusive)

  Stack trace where the error occurred:
                  CheckVariables()  cfservd.c, 420
                            main()  cfservd.c, 148
                         __start()  crt0main.s
-- 
Joe Buehler

[Prev in Thread]

Current Thread

[Next in Thread]

2.1.17 memory leaks and other problems in cfservd, Joe Buehler <=
- Re: 2.1.17 memory leaks and other problems in cfservd, Mark Burgess, 2005/12/22

Prev by Date: Re: Problems configuring cfengine 2.1.17 on Solaris10
Next by Date: 2.1.17 cfservd.c connection memory leak
Previous by thread: Re: 2.1.17 having issue with ExecResult() using pipelines
Next by thread: Re: 2.1.17 memory leaks and other problems in cfservd
Index(es):
- Date
- Thread