Re: [checker] nmap: memory leak in nsock_printf

[Ted Kremenek <kremenek () cs stanford edu>]

Great!  Just to be clear, I'm not part of Coverity, but part of the  
research group at Stanford (that still exists) where some of its  
members left and formed Coverity.  The results I have reported were  
not derived from a commercial tool.

On May 2, 2006, at 1:51 AM, Fyodor wrote:

> On Tue, May 02, 2006 at 01:09:01AM -0700, Ted Kremenek wrote:
> > Hello,
> >
> > I am a researcher at Stanford University working on static analysis
> > techniques for bug finding.  My tool has discovered a potential
> > memory leak in nmap:
>
> Awesome!  For those who aren't aware, the Stanford Checker folks have
> done great work in identifying tons of bugs (including many security
> holes) in the Linux kernel.  They formed Coverity and won a grant from
> the US Department of Homeland Security to scan critical open source
> programs. I'm glad that you have started scanning Nmap -- we
> appreciate the feedback and scan results.
>
> I have verified this memory leak that you reported and fixed it for
> the next version (patch below).
>
> Cheers,
> Fyodor
>
> Index: nsock_write.c
> ===================================================================
> --- nsock_write.c       (revision 2656)
> +++ nsock_write.c       (working copy)
> @@ -125,7 +125,6 @@
>    res = vsnprintf(buf, sizeof(buf), format, ap);
>    va_end(ap);
>
> -
>    if (res != -1) {
>      if (res > sizeof(buf)) {
>        buf2 = (char * ) safe_malloc(res + 16);
> @@ -168,6 +167,10 @@
>                   nsi->id, nse->id, displaystr);
>    }
>
> +  if (buf2 != buf) {
> +    free(buf2);
> +  }
> +
>    nsp_add_event(nsp, nse);
>
>    return nse->id;



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev