Nmap Development mailing list archives
Re: [checker] nmap: memory leak in nsock_printf
From: Fyodor <fyodor () insecure org>
Date: Tue, 2 May 2006 01:51:24 -0700
On Tue, May 02, 2006 at 01:09:01AM -0700, Ted Kremenek wrote:
Hello, I am a researcher at Stanford University working on static analysis techniques for bug finding. My tool has discovered a potential memory leak in nmap:
Awesome! For those who aren't aware, the Stanford Checker folks have done great work in identifying tons of bugs (including many security holes) in the Linux kernel. They formed Coverity and won a grant from the US Department of Homeland Security to scan critical open source programs. I'm glad that you have started scanning Nmap -- we appreciate the feedback and scan results. I have verified this memory leak that you reported and fixed it for the next version (patch below). Cheers, Fyodor Index: nsock_write.c =================================================================== --- nsock_write.c (revision 2656) +++ nsock_write.c (working copy) @@ -125,7 +125,6 @@ res = vsnprintf(buf, sizeof(buf), format, ap); va_end(ap); - if (res != -1) { if (res > sizeof(buf)) { buf2 = (char * ) safe_malloc(res + 16); @@ -168,6 +167,10 @@ nsi->id, nse->id, displaystr); } + if (buf2 != buf) { + free(buf2); + } + nsp_add_event(nsp, nse); return nse->id; _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- [checker] nmap: memory leak in nsock_printf Ted Kremenek (May 02)
- Re: [checker] nmap: memory leak in nsock_printf Fyodor (May 02)
- Re: [checker] nmap: memory leak in nsock_printf Ted Kremenek (May 02)
- Re: [checker] nmap: memory leak in nsock_printf Fyodor (May 02)