-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-9.3.0
-
None
-
None
-
None
-
sst_cs_infra_services
-
ssg_core_services
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
Error: RESOURCE_LEAK (CWE-772): dnsmasq-2.85/src/option.c:1790: alloc_fn: Storage is returned from allocation function "opt_malloc". dnsmasq-2.85/src/option.c:1790: var_assign: Assigning: "path" = storage returned from "opt_malloc(strlen(directory) + len + 2UL)". dnsmasq-2.85/src/option.c:1791: noescape: Resource "path" is not freed or pointed-to in "strcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] dnsmasq-2.85/src/option.c:1792: noescape: Resource "path" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.] dnsmasq-2.85/src/option.c:1793: noescape: Resource "path" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.] dnsmasq-2.85/src/option.c:1796: noescape: Resource "path" is not freed or pointed-to in "stat". dnsmasq-2.85/src/option.c:1790: overwrite_var: Overwriting "path" in "path = opt_malloc(strlen(directory) + len + 2UL)" leaks the storage that "path" points to. # 1788| continue; # 1789| # 1790|-> path = opt_malloc(strlen(directory) + len + 2); # 1791| strcpy(path, directory); # 1792| strcat(path, "/"); #
Please provide the package NVR for which bug is seen:
How reproducible:
Steps to reproduce
Expected results
Fixed initialization.
Actual results
Fix. Existing leak, but done only when conf-dir points to non-regular files. Not usable for attack, but should be fixed