In "outside_network.c", the function: "outnet_serviced_query" has two
calls inside "if" statements:
"if (!serviced_udp_send(...)"
and
"if (!serviced_tcp_send(...)"
in those error branches, I STRONGLY believe we need a:
"free(sq->zone);"
inserted after the "free(sq->qbuf);"
Otherwise, it LEAKS the "memdup()"'d sq->zone!
My tests show:
Without those free()'s, it leaks.
Put them in, all is good.
I haven't done the analysis on "how bad" this is. It might be a minor thing.
-Rob
Hi Robert,
In "outside_network.c", the function: "outnet_serviced_query" has two
calls inside "if" statements:"if (!serviced_udp_send(...)"
and
"if (!serviced_tcp_send(...)"in those error branches, I STRONGLY believe we need a:
"free(sq->zone);"
inserted after the "free(sq->qbuf);"
Otherwise, it LEAKS the "memdup()"'d sq->zone!
My tests show:
Without those free()'s, it leaks.
Put them in, all is good.I haven't done the analysis on "how bad" this is. It might be a minor thing.
Thanks for the patch! The sq->zone was added in a fix recently, hence
this mistake.
Fixes are in svn trunk r2578.
The effect is that leaked zone, a domain name, about 10-20 bytes. It
leaks when udp or tcp send fails, such as socket errors from the OS.
Best regards,
Wouter