diff options
| author | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-05-23 21:34:48 +0200 |
|---|---|---|
| committer | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-05-24 13:56:09 +0200 |
| commit | b453ebf1c15935f1ba38fa6775ee26f223e29171 (patch) | |
| tree | 7d8f2796c16a6d11e6676c97b83b7e22e157854b /src/resolve | |
| parent | sd-journal: use TAKE_PTR() a bit more (diff) | |
| download | systemd-b453ebf1c15935f1ba38fa6775ee26f223e29171.tar.xz systemd-b453ebf1c15935f1ba38fa6775ee26f223e29171.zip | |
resolve: avoid memory leak from a partially processed RR
==5==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 4096 byte(s) in 1 object(s) allocated from:
#0 0x4a2056 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
#1 0x5180a9 in malloc (/build/fuzz-resource-record+0x5180a9)
#2 0x4f7182 in dns_packet_extend /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:371:36
#3 0x4f8b8b in dns_packet_append_uint8 /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:433:13
#4 0x4f8b8b in dns_packet_append_name /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:597:13
#5 0x4f8f16 in dns_packet_append_key /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:622:13
#6 0x4fa9a0 in dns_packet_append_rr /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:883:13
#7 0x4eb00c in dns_resource_record_to_wire_format /work/build/../../src/systemd/src/resolve/resolved-dns-rr.c:1224:13
#8 0x4df7be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/resolve/fuzz-resource-record.c:32:16
#9 0x518428 in NaloFuzzerTestOneInput (/build/fuzz-resource-record+0x518428)
#10 0x537433 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#11 0x536c1a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
#12 0x5382e9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
#13 0x538fb5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
#14 0x52831f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
#15 0x528be8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
#16 0x5186a5 in main (/build/fuzz-resource-record+0x5186a5)
#17 0x7f991fab8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
DEDUP_TOKEN: __interceptor_malloc--malloc--dns_packet_extend
SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s).
Found by Nallocfuzz.
Diffstat (limited to 'src/resolve')
| -rw-r--r-- | src/resolve/resolved-dns-rr.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index 78739d588d..44d1d1f1e6 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -1222,8 +1222,10 @@ int dns_resource_record_to_wire_format(DnsResourceRecord *rr, bool canonical) { return 0; r = dns_packet_append_rr(&packet, rr, 0, &start, &rds); - if (r < 0) + if (r < 0) { + dns_packet_unref(&packet); return r; + } assert(start == 0); assert(packet._data); |