artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5a4c3a3)
Avoid an occasional double free in getpwent() which corrupted memory. It
authorderaadt <deraadt@openbsd.org>
Wed, 23 Jul 2008 19:36:47 +0000 (19:36 +0000)
committerderaadt <deraadt@openbsd.org>
Wed, 23 Jul 2008 19:36:47 +0000 (19:36 +0000)
happened only in the case of a + record indicating to use YP, but with ypbind
not actually running.  Problem found by pyr; solution found with millert
ok millert pyr

lib/libc/gen/getpwent.c patch | blob | history

diff --git a/lib/libc/gen/getpwent.c b/lib/libc/gen/getpwent.c
index f369c22..48b4e6f 100644 (file)
--- a/lib/libc/gen/getpwent.c
+++ b/lib/libc/gen/getpwent.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: getpwent.c,v 1.37 2008/07/06 22:19:39 deraadt Exp $ */
+/*     $OpenBSD: getpwent.c,v 1.38 2008/07/23 19:36:47 deraadt Exp $ */
 /*
  * Copyright (c) 2008 Theo de Raadt
  * Copyright (c) 1988, 1993
@@ -332,7 +332,7 @@ again:
        if (__getpwent_has_yppw && (__ypmode != YPMODE_NONE)) {
                const char *user, *host, *dom;
                int keylen, datalen, r, s;
-               char *key, *data;
+               char *key, *data = NULL;
 
                if (!__ypdomain) {
                        if (_yp_check(&__ypdomain) == 0) {
@@ -352,7 +352,6 @@ again:
                                        __ypmode = YPMODE_NONE;
                                        if (data)
                                                free(data);
-                                       data = NULL;
                                        goto again;
                                }
                                __ypcurrent = key;
@@ -371,7 +370,6 @@ again:
                        }
                        bcopy(data, __ypline, datalen);
                        free(data);
-                       data = NULL;
                        break;
                case YPMODE_NETGRP:
                        s = getnetgrent(&host, &user, &dom);
@@ -397,7 +395,6 @@ again:
                        }
                        bcopy(data, __ypline, datalen);
                        free(data);
-                       data = NULL;
                        break;
                case YPMODE_USER:
                        if (name) {
@@ -414,7 +411,6 @@ again:
                                }
                                bcopy(data, __ypline, datalen);
                                free(data);
-                               data = NULL;
                        } else {                /* XXX */
                                __ypmode = YPMODE_NONE;
                                goto again;
OpenBSD src
by Ahmet Artu Yildirim