Package: libnss-db Severity: important Tags: patch X-Debbugs-Cc: [email protected]
Dear Maintainer, The patch "200-set-db-environment.dpatch" uses `strdup()` on line 209 (https://salsa.debian.org/debian/libnss-db/-/blob/debian/latest/debian/patches/200-set-db-environment.dpatch?ref_type=heads#L209). However, the allocated memory is only freed if there is an error (line 237 of the patch). In the normal case, line 237 of this patch is not attained (there is a `return NSS_STATUS_SUCCESS;` before it). Hence, the `strdup()` is never freed and there is a memory leak. This leak can become quite large with long-running processes. The proposed patch moves the `free()` right after the `dbenv->open()` call. This call copies this string itself (https://salsa.debian.org/debian/db5.3/-/blob/master/src/env/env_open.c#L465) and the parameter can thus be freed right after. Kind regards, François Lesueur -- alwaysdata diff '--color=auto' -ru libnss-db-2.2.3pre1-orig/src/db-open.c libnss-db-2.2.3pre1/src/db-open.c --- libnss-db-2.2.3pre1-orig/src/db-open.c 2026-03-10 11:02:42.217268756 +0100 +++ libnss-db-2.2.3pre1/src/db-open.c 2026-03-10 11:03:34.066449398 +0100 @@ -65,6 +65,7 @@ filecopy = strdup(file); home = dirname(filecopy); err = dbenv->open(dbenv, home, DB_INIT_MPOOL | DB_CREATE | DB_PRIVATE, 0); + if (filecopy) free(filecopy); if (err != 0) goto fail_env; err = db_open (file, DB_BTREE, DB_RDONLY, 0, dbenv, NULL, &db); @@ -87,7 +88,6 @@ fail_env: dbenv->close (dbenv, 0); fail: - if (filecopy) free(filecopy); if (err > 0) errno = err; return NSS_STATUS_UNAVAIL; -- System Information: Debian Release: 12.13 Architecture: amd64 (x86_64) Versions of packages libnss-db depends on: ii libc6 2.36-9+deb12u13 ii libdb5.3 5.3.28+dfsg2-1 ii libselinux1 3.4-1+b6 libnss-db recommends no packages. libnss-db suggests no packages.
