[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Open NTPD memory leak & fix (version 3.6.1p1)



Folks,

There is a memory leak in open ntpd (version 3.6.1p1) in the setup_listeners() 
function.  If 'listen_all' is true, it iterates over all of the interfaces 
returned from getifaddrs(), and when it hits a NULL, it stops and calls 
freeifaddrs(), passing it a NULL pointer (which is a noop for a compliant 
malloc() implementation).

I'm not running OpenBSD, nor am I subscribed to any of these mailing lists, so 
please copy me on any responses.

As an aside, from a non openbsd developer, there doesn't appear to be any way 
to create a bug report unless you're actually running openbsd.  Everything I 
found on your website said "use sendbug", which I don't have!  A web form to 
submit PRs would be useful.

Attached is my fix

--------------------------------------
int
setup_listeners(struct servent *se, struct ntpd_conf *conf, u_int *cnt)
{
	struct listen_addr	*la;
	u_int			 new_cnt = 0;
	int			 tos = IPTOS_LOWDELAY;

	if (conf->listen_all) {
#ifdef HAVE_GETIFADDRS
		struct ifaddrs		*ifap, *interfaces;
		struct sockaddr		*sa;

		if (getifaddrs(&interfaces) == -1)
			fatal("getifaddrs");

		for (ifap = interfaces; ifap != NULL; ifap = ifap->ifa_next) {
			sa = ifap->ifa_addr;

			if (sa->sa_family != AF_INET &&
			    sa->sa_family != AF_INET6)
				continue;

			if ((la = calloc(1, sizeof(struct listen_addr))) ==
			    NULL)
				fatal("setup_listeners calloc");

			memcpy(&la->sa, sa, SA_LEN(sa));
			TAILQ_INSERT_TAIL(&conf->listen_addrs, la, entry);
		}

		freeifaddrs(interfaces);
#else
		fprintf(stderr, "\"listen on *\" not supported on this "
		    "platform, interface address required\n");
		exit(1);
#endif
	}

	...
}

---------------------------------------------

-Tad