backport-CVE-2023-5156.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

From ec6b95c3303c700eb89eebeda2d7264cc184a796 Mon Sep 17 00:00:00 2001
From: Romain Geissler <romain.geissler@amadeus.com>
Date: Mon, 25 Sep 2023 01:21:51 +0100
Subject: [PATCH] Fix leak in getaddrinfo introduced by the fix for
 CVE-2023-4806 [BZ #30843]

This patch fixes a very recently added leak in getaddrinfo.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

---
 sysdeps/posix/getaddrinfo.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index 614ee39f..b3321913 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -1160,6 +1160,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
 
   if (res.malloc_h_name){
     free (res.h_name);
+    res.malloc_h_name = false;
   }
 
   return result;
-- 
2.23.0