From ff70ca315e5e4966732f2d48dc4549c7ab5c8890 Mon Sep 17 00:00:00 2001 From: reyk Date: Wed, 23 Jul 2014 22:02:02 +0000 Subject: [PATCH] The media_encoding is not used in parse.y but stack garbage could lead to a double free; set it to NULL. This should fix a problem that was found by deraadt@ --- usr.sbin/httpd/httpd.c | 7 ++++++- usr.sbin/httpd/parse.y | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/usr.sbin/httpd/httpd.c b/usr.sbin/httpd/httpd.c index 100ea540cee..f370007fa90 100644 --- a/usr.sbin/httpd/httpd.c +++ b/usr.sbin/httpd/httpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.c,v 1.3 2014/07/23 19:03:56 reyk Exp $ */ +/* $OpenBSD: httpd.c,v 1.4 2014/07/23 22:02:02 reyk Exp $ */ /* * Copyright (c) 2014 Reyk Floeter @@ -820,6 +820,11 @@ media_add(struct mediatypes *types, struct media_type *media) return (NULL); memcpy(entry, media, sizeof(*entry)); + if (media->media_encoding != NULL && + (entry->media_encoding = strdup(media->media_encoding)) == NULL) { + free(entry); + return (NULL); + } RB_INSERT(mediatypes, types, entry); return (entry); diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y index ec2be910425..be355afeb9f 100644 --- a/usr.sbin/httpd/parse.y +++ b/usr.sbin/httpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.2 2014/07/13 14:17:37 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.3 2014/07/23 22:02:02 reyk Exp $ */ /* * Copyright (c) 2007 - 2014 Reyk Floeter @@ -820,6 +820,7 @@ load_config(const char *filename, struct httpd *x_conf) (void)strlcpy(m.media_subtype, mediatypes[i].media_subtype, sizeof(m.media_subtype)); + m.media_encoding = NULL; if (media_add(conf->sc_mediatypes, &m) == NULL) { log_warnx("failed to add default media \"%s\"", -- 2.20.1