Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-30800

dnsmasq SAST: Error: RESOURCE_LEAK (CWE-772):dnsmasq-2.85/src/option.c:1790: alloc_fn: Storage is returned from allocation function "opt_malloc".

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.3.0
    • dnsmasq
    • None
    • None
    • None
    • sst_cs_infra_services
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Error: RESOURCE_LEAK (CWE-772):
      dnsmasq-2.85/src/option.c:1790: alloc_fn: Storage is returned from allocation function "opt_malloc".
      dnsmasq-2.85/src/option.c:1790: var_assign: Assigning: "path" = storage returned from "opt_malloc(strlen(directory) + len + 2UL)".
      dnsmasq-2.85/src/option.c:1791: noescape: Resource "path" is not freed or pointed-to in "strcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
      dnsmasq-2.85/src/option.c:1792: noescape: Resource "path" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
      dnsmasq-2.85/src/option.c:1793: noescape: Resource "path" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
      dnsmasq-2.85/src/option.c:1796: noescape: Resource "path" is not freed or pointed-to in "stat".
      dnsmasq-2.85/src/option.c:1790: overwrite_var: Overwriting "path" in "path = opt_malloc(strlen(directory) + len + 2UL)" leaks the storage that "path" points to.
      # 1788|                 continue;
      # 1789|               
      # 1790|->             path = opt_malloc(strlen(directory) + len + 2);
      # 1791|               strcpy(path, directory);
      # 1792|               strcat(path, "/");
      # 
      

      Please provide the package NVR for which bug is seen:

      How reproducible:

      Steps to reproduce

      Expected results

      Fixed initialization.

      Actual results

      Fix. Existing leak, but done only when conf-dir points to non-regular files. Not usable for attack, but should be fixed

            pemensik@redhat.com Petr Mensik
            pemensik@redhat.com Petr Mensik
            Petr Mensik Petr Mensik
            rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: