[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] stdbuf: avoid even the appearance of a possible use-after-free
|
From: |
Jim Meyering |
|
Subject: |
[PATCH] stdbuf: avoid even the appearance of a possible use-after-free |
|
Date: |
Fri, 18 Feb 2011 23:31:52 +0100 |
Steve Grubb reported a possible use-after-free,
but it looks like it can happen only in case of a
damaged or incomplete installation.
Here's a proposed fix:
>From 2895f44e891472c8e86a87989e0e2d41585b006f Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Fri, 18 Feb 2011 23:29:14 +0100
Subject: [PATCH] stdbuf: avoid even the appearance of a possible use-after-free
There was an execution path by which "libstdbuf" could be used after
being freed, but that would happen only if there were no libstdbuf.so
alongside the stdbuf program and there had been an installation error
leading to absence of the file, PKGLIBDIR/libstdbuf.so.
* src/stdbuf.c (set_LD_PRELOAD): Rearrange loop to make it perfectly
clear that there is no possibility of use-after-free.
Steve Grubb reported this possible use-after-free of "libstdbuf".
---
src/stdbuf.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/stdbuf.c b/src/stdbuf.c
index dce338f..607859c 100644
--- a/src/stdbuf.c
+++ b/src/stdbuf.c
@@ -209,7 +209,7 @@ set_LD_PRELOAD (void)
char const *const *path = search_path;
char *libstdbuf;
- do
+ while (true)
{
struct stat sb;
@@ -224,8 +224,11 @@ set_LD_PRELOAD (void)
if (stat (libstdbuf, &sb) == 0) /* file_exists */
break;
free (libstdbuf);
+
+ ++path;
+ if ( ! *path)
+ error (EXIT_CANCELED, 0, _("failed to find %s"), quote (LIB_NAME));
}
- while (*++path);
/* FIXME: Do we need to support libstdbuf.dll, c:, '\' separators etc? */
--
1.7.4.1.16.g759e8
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] stdbuf: avoid even the appearance of a possible use-after-free,
Jim Meyering <=