Skip to content

Commit a33d77f

Browse files
iliaaliliaal
committed
Fix leak of resolved address list in snmp_session_init()
When php_network_getaddresses() succeeds but none of the resolved addresses yield a usable peer name (for example bracketed IPv6 syntax over an IPv4-only host), snmp_session_init() returned without calling php_network_freeaddresses(), leaking the address list on every such call. Free it on that error path as the success path already does. Closes GH-22340
1 parent a480965 commit a33d77f

2 files changed

Lines changed: 17 additions & 0 deletions

File tree

ext/snmp/snmp.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -910,6 +910,7 @@ static bool netsnmp_session_init(php_snmp_session **session_p, int version, zend
910910

911911
if (strlen(session->peername) == 0) {
912912
php_error_docref(NULL, E_WARNING, "Unknown failure while resolving '%s'", ZSTR_VAL(hostname));
913+
php_network_freeaddresses(psal);
913914
return false;
914915
}
915916
/* XXX FIXME

ext/snmp/tests/snmp_resolve_fail_leak.phpt

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
--TEST--
2+
snmp: resolved address list is freed when peername resolution drains empty
3+
--EXTENSIONS--
4+
snmp
5+
--FILE--
6+
<?php
7+
// Bracketed (IPv6) syntax over an IPv4-only literal forces IPv6 resolution,
8+
// which drains to no usable address, hitting the "Unknown failure while
9+
// resolving" path. That path must free the address list from
10+
// php_network_getaddresses() (it previously leaked it). No SNMP agent needed:
11+
// the function fails at peername resolution before any query is sent.
12+
var_dump(snmpget("[127.0.0.1]", "public", ".1.3.6.1.2.1.1.1.0"));
13+
?>
14+
--EXPECTF--
15+
Warning: snmpget(): Unknown failure while resolving '[127.0.0.1]' in %s on line %d
16+
bool(false)

0 commit comments

Comments
 (0)