Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-8]: src/usr.sbin/sysinst Pull up following revision(s) (requested...



details:   https://anonhg.NetBSD.org/src/rev/5ff830948657
branches:  netbsd-8
changeset: 435083:5ff830948657
user:      martin <martin%NetBSD.org@localhost>
date:      Sat Jun 23 11:09:24 2018 +0000

description:
Pull up following revision(s) (requested by kamil in ticket #895):

        usr.sbin/sysinst/util.c: revision 1.9

Fix invalid free(3) in sysinst(8)

The path variable is assigned with an allocation on the heap with
strdup(3). Later this pointer is changed with strsep(3) and this caused
invalid free(3).

Store the original pointer in a new helper variable opath and pass it to
free(3). With this change, the problem is going away.

Detected with MKSANITIZER=yes with AddressSanitizer.

diffstat:

 usr.sbin/sysinst/util.c |  12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diffs (42 lines):

diff -r d780ae00a9ac -r 5ff830948657 usr.sbin/sysinst/util.c
--- a/usr.sbin/sysinst/util.c   Sat Jun 23 11:05:21 2018 +0000
+++ b/usr.sbin/sysinst/util.c   Sat Jun 23 11:09:24 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: util.c,v 1.7.8.1 2018/06/09 15:19:27 martin Exp $      */
+/*     $NetBSD: util.c,v 1.7.8.2 2018/06/23 11:09:24 martin Exp $      */
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -1681,14 +1681,16 @@
 int
 binary_available(const char *prog)
 {
-        char *p, tmp[MAXPATHLEN], *path = getenv("PATH");
+        char *p, tmp[MAXPATHLEN], *path = getenv("PATH"), *opath;
  
         if (path == NULL)
                 return access(prog, X_OK) == 0;
         path = strdup(path);
         if (path == NULL)
                 return 0;
- 
+
+       opath = path;
+
         while ((p = strsep(&path, ":")) != NULL) {
                 if (strlcpy(tmp, p, MAXPATHLEN) >= MAXPATHLEN)
                         continue;
@@ -1697,11 +1699,11 @@
                 if (strlcat(tmp, prog, MAXPATHLEN) >= MAXPATHLEN)
                         continue;
                 if (access(tmp, X_OK) == 0) {
-                        free(path);
+                        free(opath);
                         return 1;
                 }
         }
-        free(path);
+        free(opath);
         return 0;
 }
 



Home | Main Index | Thread Index | Old Index