Skip to content

Fix memory leaks, buffer overflows, and buffer overread#291

Merged
dledda-r7 merged 5 commits intorapid7:masterfrom
bcoles:cleanup
Feb 3, 2026
Merged

Fix memory leaks, buffer overflows, and buffer overread#291
dledda-r7 merged 5 commits intorapid7:masterfrom
bcoles:cleanup

Conversation

@bcoles
Copy link
Copy Markdown
Contributor

@bcoles bcoles commented Jan 19, 2026

No description provided.

@bcoles bcoles added the bug label Jan 19, 2026
@bcoles bcoles requested a review from Copilot January 20, 2026 22:56
Copilot AI reviewed Jan 20, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes memory leaks, buffer overflows, and a buffer overread vulnerability across multiple files in the mettle codebase.

Changes:

  • Fixed realloc memory leak pattern in TLV packet functions
  • Replaced unsafe sprintf calls with snprintf to prevent buffer overflows
  • Added proper cleanup on error paths to prevent memory leaks
  • Fixed buffer overread in console command parsing

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
mettle/src/tlv.c Fixed realloc memory leaks in tlv_packet_add_child_raw and tlv_packet_add_raw by storing realloc result in new pointer and freeing original on failure
mettle/src/stdapi/sys/memory.c Added memory cleanup for read_str and matches on realloc failure; replaced sprintf with snprintf to prevent buffer overflow
mettle/src/stdapi/audio/linux_output.c Fixed memory leak by using goto cleanup pattern to ensure ctx->buffer and ctx are always freed on error paths
mettle/src/stdapi/audio/linux_mic.c Added missing stdlib.h include; added cleanup for sound_device and proc_asound_pcm; replaced sprintf with snprintf
mettle/src/console.c Fixed buffer overread by properly parsing command with whitespace skipping and validation before accessing module name
mettle/src/buffer_queue.c Fixed memory leak by calling buffer_queue_drain_all before freeing queue to clean up all buffered data

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dledda-r7
Copy link
Copy Markdown
Contributor

dledda-r7 commented Feb 2, 2026
edited
Loading

@bcoles thanks, looks good!

msf payload(linux/x64/meterpreter_reverse_tcp) > [*] Meterpreter session 1 opened (192.168.136.136:4444 -> 192.168.136.136:38644) at 2026-02-02 11:15:22 -0500

msf payload(linux/x64/meterpreter_reverse_tcp) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > ls
Listing: /home/kali/Documents/github/mettle/build/x86_64-linux-musl/bin
=======================================================================

Mode              Size     Type  Last modified              Name
----              ----     ----  -------------              ----
100755/rwxr-xr-x  1121480  fil   2026-02-02 06:30:26 -0500  mettle
100644/rw-r--r--  3090404  fil   2026-02-02 06:30:27 -0500  mettle.bin
100755/rwxr-xr-x  561680   fil   2026-02-02 06:30:27 -0500  sniffer
100644/rw-r--r--  2611572  fil   2026-02-02 06:30:27 -0500  sniffer.bin

meterpreter > getuid
Server username: kali
meterpreter >

@dledda-r7 dledda-r7 merged commit 137a7ef into rapid7:master Feb 3, 2026
65 of 68 checks passed
@bcoles bcoles deleted the cleanup branch February 3, 2026 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bcoles @dledda-r7