From ee78a0f701fa7e676757de45910761189ce1e86c Mon Sep 17 00:00:00 2001 From: mpi Date: Sun, 13 Aug 2023 09:48:27 +0000 Subject: [PATCH] Prevent user-after/double free in map insertion. Freeing arguments tied to statements is not an option because rules are parsed multiple times. Always make a copy of them if they are assigned to a key in a map. --- usr.sbin/btrace/map.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr.sbin/btrace/map.c b/usr.sbin/btrace/map.c index be416e226e8..ab773dbd807 100644 --- a/usr.sbin/btrace/map.c +++ b/usr.sbin/btrace/map.c @@ -1,4 +1,4 @@ -/* $OpenBSD: map.c,v 1.21 2023/06/27 14:17:00 claudio Exp $ */ +/* $OpenBSD: map.c,v 1.22 2023/08/13 09:48:27 mpi Exp $ */ /* * Copyright (c) 2020 Martin Pieuchot @@ -134,10 +134,10 @@ map_insert(struct map *map, const char *key, struct bt_arg *bval, mep = mget(map, key); switch (bval->ba_type) { case B_AT_STR: - case B_AT_LONG: free(mep->mval); - mep->mval = bval; + mep->mval = ba_new(ba2str(bval, dtev), B_AT_LONG); break; + case B_AT_LONG: case B_AT_BI_PID: case B_AT_BI_TID: case B_AT_BI_CPU: -- 2.20.1