The media_encoding is not used in parse.y but stack garbage could lead

to a double free; set it to NULL.

This should fix a problem that was found by deraadt@

diff --git a/usr.sbin/httpd/httpd.c b/usr.sbin/httpd/httpd.c
index 100ea54..f370007 100644 (file)
--- a/usr.sbin/httpd/httpd.c
+++ b/usr.sbin/httpd/httpd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: httpd.c,v 1.3 2014/07/23 19:03:56 reyk Exp $  */
+/*     $OpenBSD: httpd.c,v 1.4 2014/07/23 22:02:02 reyk Exp $  */
 
 /*
  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -820,6 +820,11 @@ media_add(struct mediatypes *types, struct media_type *media)
                return (NULL);
 
        memcpy(entry, media, sizeof(*entry));
+       if (media->media_encoding != NULL &&
+           (entry->media_encoding = strdup(media->media_encoding)) == NULL) {
+               free(entry);
+               return (NULL);
+       }
        RB_INSERT(mediatypes, types, entry);
 
        return (entry);

diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y
index ec2be91..be355af 100644 (file)
--- a/usr.sbin/httpd/parse.y
+++ b/usr.sbin/httpd/parse.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parse.y,v 1.2 2014/07/13 14:17:37 reyk Exp $  */
+/*     $OpenBSD: parse.y,v 1.3 2014/07/23 22:02:02 reyk Exp $  */
 
 /*
  * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -820,6 +820,7 @@ load_config(const char *filename, struct httpd *x_conf)
                        (void)strlcpy(m.media_subtype,
                            mediatypes[i].media_subtype,
                            sizeof(m.media_subtype));
+                       m.media_encoding = NULL;
 
                        if (media_add(conf->sc_mediatypes, &m) == NULL) {
                                log_warnx("failed to add default media \"%s\"",