nis: Fix leak on realloc failure in nis_getnames [BZ #28150]

If pos >= count but realloc fails, tmp will not have been placed in
getnames[pos] yet, and so will not be freed in free_null.  Detected
by Coverity.

Also remove misleading comment from nis_getnames(), since it actually
did properly release getnames when out of memory.

Tested-by: Carlos O'Donell <carlos@redhat.com>
This commit is contained in:
Robbie Harwood 2021-07-28 14:23:32 -04:00 committed by Carlos O'Donell
parent db737c79c6
commit 6069826312

View File

@ -103,9 +103,6 @@ count_dots (const_nis_name str)
return count;
}
/* If we run out of memory, we don't give already allocated memory
free. The overhead for bringing getnames back in a safe state to
free it is to big. */
nis_name *
nis_getnames (const_nis_name name)
{
@ -271,7 +268,10 @@ nis_getnames (const_nis_name name)
nis_name *newp = realloc (getnames,
(count + 1) * sizeof (char *));
if (__glibc_unlikely (newp == NULL))
goto free_null;
{
free (tmp);
goto free_null;
}
getnames = newp;
}
getnames[pos] = tmp;