Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src/usr.sbin/sysinst Pull up following revision(s) (requested...
details: https://anonhg.NetBSD.org/src/rev/61fe9f964d41
branches: netbsd-8
changeset: 851819:61fe9f964d41
user: martin <martin%NetBSD.org@localhost>
date: Sat Jun 23 11:09:24 2018 +0000
description:
Pull up following revision(s) (requested by kamil in ticket #895):
usr.sbin/sysinst/util.c: revision 1.9
Fix invalid free(3) in sysinst(8)
The path variable is assigned with an allocation on the heap with
strdup(3). Later this pointer is changed with strsep(3) and this caused
invalid free(3).
Store the original pointer in a new helper variable opath and pass it to
free(3). With this change, the problem is going away.
Detected with MKSANITIZER=yes with AddressSanitizer.
diffstat:
usr.sbin/sysinst/util.c | 12 +++++++-----
1 files changed, 7 insertions(+), 5 deletions(-)
diffs (42 lines):
diff -r 3774f34b91ec -r 61fe9f964d41 usr.sbin/sysinst/util.c
--- a/usr.sbin/sysinst/util.c Sat Jun 23 11:05:21 2018 +0000
+++ b/usr.sbin/sysinst/util.c Sat Jun 23 11:09:24 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: util.c,v 1.7.8.1 2018/06/09 15:19:27 martin Exp $ */
+/* $NetBSD: util.c,v 1.7.8.2 2018/06/23 11:09:24 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@@ -1681,14 +1681,16 @@
int
binary_available(const char *prog)
{
- char *p, tmp[MAXPATHLEN], *path = getenv("PATH");
+ char *p, tmp[MAXPATHLEN], *path = getenv("PATH"), *opath;
if (path == NULL)
return access(prog, X_OK) == 0;
path = strdup(path);
if (path == NULL)
return 0;
-
+
+ opath = path;
+
while ((p = strsep(&path, ":")) != NULL) {
if (strlcpy(tmp, p, MAXPATHLEN) >= MAXPATHLEN)
continue;
@@ -1697,11 +1699,11 @@
if (strlcat(tmp, prog, MAXPATHLEN) >= MAXPATHLEN)
continue;
if (access(tmp, X_OK) == 0) {
- free(path);
+ free(opath);
return 1;
}
}
- free(path);
+ free(opath);
return 0;
}
Home |
Main Index |
Thread Index |
Old Index