Bug 2219417
| Summary: | leak in libnss_nis-3.0/src/nis-initgroups.c:_nss_nis_initgroups_dyn() | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Paulo Andrade <pandrade> |
| Component: | nss_nis | Assignee: | Ondřej Sloup <osloup> |
| Status: | NEW --- | QA Contact: | RHEL CS Apps Subsystem QE <rhel-cs-apps-subsystem-qe> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.5 | CC: | databases-maint, mmuzila, qguo |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Sample valgrind log: ==1324413== 630,390,784 (630,358,016 direct, 32,768 indirect) bytes in 19,237 blocks are definitely lost in loss record 2,743 of 2,743 ==1324413== at 0x4C3C096: realloc (vg_replace_malloc.c:1437) ==1324413== by 0xD503064: _nss_nis_initgroups_dyn (nis-initgroups.c:279) ==1324413== by 0x8012E1D: internal_getgrouplist (in /usr/lib64/libc-2.28.so) ==1324413== by 0x80130A4: getgrouplist (in /usr/lib64/libc-2.28.so) ==1324413== by 0x1187E8: subject_to_jsval(_PolkitBackendJsAuthority*, _PolkitSubject*, _PolkitIdentity*, int, int, JS::MutableHandle<JS::Value>, _GError**) (polkitbackendjsauthority.cpp:815) ==1324413== by 0x119113: polkit_backend_js_authority_check_authorization_sync(_PolkitBackendInteractiveAuthority*, _PolkitSubject*, _PolkitSubject*, _PolkitIdentity*, int, int, char const*, _PolkitDetails*, PolkitImplicitAuthorization) (polkitbackendjsauthority.cpp:1213) ==1324413== by 0x11CBBB: check_authorization_sync (polkitbackendinteractiveauthority.c:1164) ==1324413== by 0x11D445: polkit_backend_interactive_authority_check_authorization (polkitbackendinteractiveauthority.c:981) ==1324413== by 0x114690: server_handle_check_authorization (polkitbackendauthority.c:790) ==1324413== by 0x114690: server_handle_method_call (polkitbackendauthority.c:1272) ==1324413== by 0x512D76F: call_in_idle_cb (gdbusconnection.c:4852) ==1324413== by 0x56ACD2A: g_idle_dispatch (gmain.c:5579) ==1324413== by 0x56B095C: g_main_dispatch (gmain.c:3193) ==1324413== by 0x56B095C: g_main_context_dispatch (gmain.c:3873) If using the path glibc-2.28/nis/nss_nis/nis-initgroup.c:_nss_nis_initgroups_dyn() there is no leak, but if nss_nis is installed, it will use libnss_nis-3.0/src/nis-initgroups.c:_nss_nis_initgroups_dyn() that leaks. The leak is in the block: """ tmpbuf = malloc (buflen); if (tmpbuf == NULL) return NSS_STATUS_TRYAGAIN; while (1) { while ((status = internal_getgrent_r (&grpbuf, tmpbuf, buflen, errnop, &intern)) == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) { tmpbuf = realloc (tmpbuf, 2 * buflen); buflen = 2 * buflen; } """ tmpbuf should bew released before returing. The pseudo patch is: done: + free (tmpbuf); while (intern.start != NULL) could also initialize it to NULL for more clear code. For the moment we are asking the user if there is a reason to have nss_nis, ypbind and yp-tools packages installed.