Actions
Bug #11954
closed
rpcmod: Possible memory leak in connmgr_get()
Start date:
Due date:
% Done:
100%
Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
Description
There is the following code in the connmgr_get() function in rpcmod:
1936 if (srcaddr->len > 0) 1937 kmem_free(srcaddr->buf, 1938 srcaddr->maxlen); 1939 srcaddr->buf = kmem_zalloc( 1940 lru_entry->x_src.len, KM_SLEEP); 1941 srcaddr->maxlen = srcaddr->len = 1942 lru_entry->x_src.len;
The problem is that in a case srcaddr->len == 0, but srcaddr->maxlen > 0 (at line 1936) the code will leak the previously allocated srcaddr->buf. I believe the leak currently cannot happen, since the code always sets srcaddr->maxlen and srcaddr->len to same value, but it is still worth fixing to make sure any future modifications to this code that would introduce a case when srcaddr->len != srcaddr->maxlen won't suddenly start to leak.
Related issues
Updated by Marcel Telka over 2 years ago
- Related to Bug #11955: clnt_cots: kmem_free(NULL, 0) is legal added
Updated by Marcel Telka over 2 years ago
Updated by Marcel Telka over 2 years ago
- Status changed from In Progress to Pending RTI
Updated by Electric Monk over 2 years ago
- Status changed from Pending RTI to Closed
- % Done changed from 0 to 100
git commit f67d64d998ff666158cc5231b7e80c11c3e922e0
commit f67d64d998ff666158cc5231b7e80c11c3e922e0
Author: Marcel Telka <marcel@telka.sk>
Date: 2019-11-14T16:19:43.000Z
11954 rpcmod: Possible memory leak in connmgr_get()
11955 clnt_cots: kmem_free(NULL, 0) is legal
Reviewed by: Vitaliy Gusev <gusev.vitaliy@icloud.com>
Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk>
Approved by: Dan McDonald <danmcd@joyent.com>
Actions