[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[usagi-announce] [SECURITY] Memory Leak in Libinet6



Hello.

We found a memory leak in our getifaddrs() and if_nameindex() 
implementation in libinet6 library.  We do not think that users
can gain privilege using this bug. However, we encourage you to apply
following patch and rebuild all binary files linked with that library.

Patch for Stable releases (3.1 and 4) is available at
  <ftp://ftp.linux-ipv6.org/pub/usagi/stable/kit/usagi-linuxXX-stable-20020408_20021208-libinet6.fix>
  <ftp://ftp.linux-ipv6.org/pub/usagi/stable/kit/usagi-linuxXX-stable-20021007_20021208-libinet6.fix>

(same files also exist in the "split" directory:
  <ftp://ftp.linux-ipv6.org/pub/usagi/stable/split/usagi-tool-stable-20020408_20021208-libinet6.fix>
  <ftp://ftp.linux-ipv6.org/pub/usagi/stable/split/usagi-tool-stable-20021007_20021208-libinet6.fix>
)

Index: usagi/libinet6/ifaddrs.c
===================================================================
RCS file: /cvsroot/usagi/usagi/usagi/libinet6/ifaddrs.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- usagi/libinet6/ifaddrs.c	23 Aug 2002 05:38:00 -0000	1.20
+++ usagi/libinet6/ifaddrs.c	8 Dec 2002 08:22:19 -0000	1.21
@@ -1,4 +1,4 @@
-/* $USAGI: ifaddrs.c,v 1.20 2002/08/23 05:38:00 yoshfuji Exp $ */
+/* $USAGI: ifaddrs.c,v 1.21 2002/12/08 08:22:19 yoshfuji Exp $ */
 
 /* 
  * Copyright (C)2000 YOSHIFUJI Hideaki
@@ -360,17 +360,20 @@
 static void
 free_nlmsglist (struct nlmsg_list *nlm0)
 {
-  struct nlmsg_list *nlm;
+  struct nlmsg_list *nlm, *nlm_next;
   int saved_errno;
   if (!nlm0)
     return;
   saved_errno = errno;
-  for (nlm = nlm0; nlm; nlm = nlm->nlm_next)
+  nlm = nlm0;
+  while(nlm)
     {
       if (nlm->nlh)
 	free (nlm->nlh);
+      nlm_next = nlm->nlm_next;
+      free(nlm);
+      nlm = nlm_next;
     }
-  free (nlm0);
   __set_errno (saved_errno);
 }
 
Index: usagi/libinet6/ifnames.c
===================================================================
RCS file: /cvsroot/usagi/usagi/usagi/libinet6/ifnames.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- usagi/libinet6/ifnames.c	23 Aug 2002 05:38:00 -0000	1.21
+++ usagi/libinet6/ifnames.c	8 Dec 2002 08:22:19 -0000	1.22
@@ -1,4 +1,4 @@
-/* $USAGI: ifnames.c,v 1.21 2002/08/23 05:38:00 yoshfuji Exp $ */
+/* $USAGI: ifnames.c,v 1.22 2002/12/08 08:22:19 yoshfuji Exp $ */
 
 /*
  * ifnames.c 
@@ -229,17 +229,20 @@
 static void
 free_nlmsglist (struct nlmsg_list *nlm0)
 {
-  struct nlmsg_list *nlm;
+  struct nlmsg_list *nlm, *nlm_next;
   int saved_errno;
   if (!nlm0)
     return;
   saved_errno = errno;
-  for (nlm = nlm0; nlm; nlm = nlm->nlm_next)
+  nlm = nlm0;
+  while(nlm)
     {
       if (nlm->nlh)
 	free (nlm->nlh);
+      nlm_next = nlm->nlm_next;
+      free(nlm);
+      nlm = nlm_next;
     }
-  free (nlm0);
   __set_errno (saved_errno);
 }
 

-- 
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@xxxxxxxxxxxxxx>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA