nwrap: Fix memory leak in nwrap_gethostbyname_r()

Fix reimplements how memory is used.
Results from vector are copied to user provided buf.

Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/lib/nss_wrapper/nss_wrapper.c b/lib/nss_wrapper/nss_wrapper.c
index 970b5b00add975d63ce326ef3ab6b1e0bf97aad3..f85395e189797a17d94cdf564d8ecb13568c7aa6 100644 (file)
--- a/lib/nss_wrapper/nss_wrapper.c
+++ b/lib/nss_wrapper/nss_wrapper.c
@@ -3406,7 +3406,21 @@ static int nwrap_gethostbyname_r(const char *name,
                return -1;
        }
 
-       memset(buf, '\0', buflen);
+       if (buflen < (addr_list->count * sizeof(void *))) {
+               SAFE_FREE(addr_list->items);
+               SAFE_FREE(addr_list);
+               return ERANGE;
+       }
+
+       /* Copy all to user provided buffer and change
+        * pointers in returned structure.
+        * +1 is for ending NULL pointer. */
+       memcpy(buf, addr_list->items, (addr_list->count + 1) * sizeof(void *));
+
+       free(addr_list->items);
+       free(addr_list);
+
+       ret->h_addr_list = (char **)buf;
        *result = ret;
        return 0;
 }