Re: [checker] nmap: memory leak in nsock_printf

[Fyodor <fyodor () insecure org>]

On Tue, May 02, 2006 at 01:09:01AM -0700, Ted Kremenek wrote:
> Hello,
>
> I am a researcher at Stanford University working on static analysis  
> techniques for bug finding.  My tool has discovered a potential  
> memory leak in nmap:

Awesome!  For those who aren't aware, the Stanford Checker folks have
done great work in identifying tons of bugs (including many security
holes) in the Linux kernel.  They formed Coverity and won a grant from
the US Department of Homeland Security to scan critical open source
programs. I'm glad that you have started scanning Nmap -- we
appreciate the feedback and scan results.

I have verified this memory leak that you reported and fixed it for
the next version (patch below).

Cheers,
Fyodor

Index: nsock_write.c
===================================================================
--- nsock_write.c       (revision 2656)
+++ nsock_write.c       (working copy)
@@ -125,7 +125,6 @@
   res = vsnprintf(buf, sizeof(buf), format, ap);
   va_end(ap);

-
   if (res != -1) {
     if (res > sizeof(buf)) {
       buf2 = (char * ) safe_malloc(res + 16);
@@ -168,6 +167,10 @@
                  nsi->id, nse->id, displaystr);
   }

+  if (buf2 != buf) {
+    free(buf2);
+  }
+
   nsp_add_event(nsp, nse);

   return nse->id;


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev