mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-04-11 05:51:04 +02:00
BUG/MINOR: resolvers: fix memory leak on AAAA additional records
Commit c84c15d3938a ("BUG/MINOR: resolvers: Apply dns-accept-family
setting on additional records") converted a switch statement to an
if/else chain but left the break; in the AAAA branch. In the new
form, break exits the surrounding for loop instead of a switch case.
For every AAAA additional record in an SRV response:
- answer_record allocated at line 1460 is never freed and never
inserted into answer_tree -> ~580 bytes leaked per response
- all subsequent additional records in the response are silently
discarded
A DNS server controlling SRV responses for haproxy service discovery
can leak memory at MB/min rates given default resolution intervals.
Also breaks IPv6 SRV target resolution outright since the AAAA record
is leaked rather than attached to its SRV entry.
This commit is contained in:
Greg Kroah-Hartman
Christopher Faulet
parent
0e18e1cc77
commit
b63cae7f9b
@ -1527,7 +1527,6 @@ static int resolv_validate_dns_response(unsigned char *resp, unsigned char *bufe
|
||||
goto invalid_resp;
|
||||
answer_record->data.in6.sin6_family = AF_INET6;
|
||||
memcpy(&answer_record->data.in6.sin6_addr, reader, answer_record->data_len);
|
||||
break;
|
||||
}
|
||||
else {
|
||||
pool_free(resolv_answer_item_pool, answer_record);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user