[PATCH iproute2-next] misc: fix memory leak in ifstat.c

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH iproute2-next] misc: fix memory leak in ifstat.c
@ 2025-07-19 10:18 Anton Moryakov
  2025-07-20 15:12 ` Stephen Hemminger
  0 siblings, 1 reply; 2+ messages in thread
From: Anton Moryakov @ 2025-07-19 10:18 UTC (permalink / raw)
  To: netdev; +Cc: Anton Moryakov

A memory leak was detected by the static analyzer SVACE in the function
get_nlmsg_extended(). The issue occurred when parsing extended interface
statistics failed due to a missing nested attribute. In this case,
memory allocated for 'n->name' via strdup() was not freed before returning,
resulting in a leak.

The fix adds an explicit 'free(n->name)' call before freeing the containing
structure in the error path.

Reported-by: SVACE static analyzer
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
---
 misc/ifstat.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/misc/ifstat.c b/misc/ifstat.c
index 4ce5ca8a..5b59fd8f 100644
--- a/misc/ifstat.c
+++ b/misc/ifstat.c
@@ -139,6 +139,7 @@ static int get_nlmsg_extended(struct nlmsghdr *m, void *arg)
 		attr = parse_rtattr_one_nested(sub_type, tb[filter_type]);
 		if (attr == NULL) {
 			free(n);
+			free(n->name);
 			return 0;
 		}
 		memcpy(&n->val, RTA_DATA(attr), sizeof(n->val));
-- 
2.39.2

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH iproute2-next] misc: fix memory leak in ifstat.c
  2025-07-19 10:18 [PATCH iproute2-next] misc: fix memory leak in ifstat.c Anton Moryakov
@ 2025-07-20 15:12 ` Stephen Hemminger
  0 siblings, 0 replies; 2+ messages in thread
From: Stephen Hemminger @ 2025-07-20 15:12 UTC (permalink / raw)
  To: Anton Moryakov; +Cc: netdev

On Sat, 19 Jul 2025 13:18:52 +0300
Anton Moryakov <ant.v.moryakov@gmail.com> wrote:

> A memory leak was detected by the static analyzer SVACE in the function
> get_nlmsg_extended(). The issue occurred when parsing extended interface
> statistics failed due to a missing nested attribute. In this case,
> memory allocated for 'n->name' via strdup() was not freed before returning,
> resulting in a leak.
> 
> The fix adds an explicit 'free(n->name)' call before freeing the containing
> structure in the error path.
> 
> Reported-by: SVACE static analyzer
> Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
> ---
>  misc/ifstat.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/misc/ifstat.c b/misc/ifstat.c
> index 4ce5ca8a..5b59fd8f 100644
> --- a/misc/ifstat.c
> +++ b/misc/ifstat.c
> @@ -139,6 +139,7 @@ static int get_nlmsg_extended(struct nlmsghdr *m, void *arg)
>  		attr = parse_rtattr_one_nested(sub_type, tb[filter_type]);
>  		if (attr == NULL) {
>  			free(n);
> +			free(n->name);

No. A use after free is worse than a leak.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-07-20 15:12 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-19 10:18 [PATCH iproute2-next] misc: fix memory leak in ifstat.c Anton Moryakov
2025-07-20 15:12 ` Stephen Hemminger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).