Page MenuHomeFreeBSD
Files F108398116

D38643.diff
No OneTemporary
Actions

D38643.diff
View Options

diff --git a/usr.sbin/config/lang.l b/usr.sbin/config/lang.l
--- a/usr.sbin/config/lang.l
+++ b/usr.sbin/config/lang.l
@@ -297,6 +297,8 @@
return (-1);
}
cfgfile_add(fnamebuf == NULL ? fname : fnamebuf);
+ free(fnamebuf);
+
in = malloc(sizeof(*in));
assert(in != NULL);
in->in_prev = inclp;
diff --git a/usr.sbin/config/main.cc b/usr.sbin/config/main.cc
--- a/usr.sbin/config/main.cc
+++ b/usr.sbin/config/main.cc
@@ -616,9 +616,9 @@
if (!changed && from_sb.st_size != to_sb.st_size)
changed++;
- tsize = (size_t)from_sb.st_size;
-
if (!changed) {
+ tsize = (size_t)from_sb.st_size;
+
p = (char *)mmap(NULL, tsize, PROT_READ, MAP_SHARED, from_fd,
(off_t)0);
if (p == MAP_FAILED)
@@ -736,7 +736,7 @@
struct stat st;
FILE *fp, *pp;
int error, osz, r;
- unsigned int i, off, size, t1, t2, align;
+ size_t i, off, size, t1, t2, align;
char *cmd, *o;
r = open(file, O_RDONLY);
@@ -765,8 +765,10 @@
free(cmd);
(void)fread(o, osz, 1, pp);
pclose(pp);
- r = sscanf(o, "%d%d%d%d%d", &off, &size, &t1, &t2, &align);
+ r = sscanf(o, "%zu%zu%zu%zu%zu", &off, &size, &t1, &t2, &align);
free(o);
+ if (size > SIZE_MAX - off || off + size > (size_t)st.st_size)
+ errx(EXIT_FAILURE, "%s: incoherent ELF headers", file);
if (r != 5)
errx(EXIT_FAILURE, "File %s doesn't contain configuration "
"file. Either unsupported, or not compiled with "
diff --git a/usr.sbin/config/mkoptions.cc b/usr.sbin/config/mkoptions.cc
--- a/usr.sbin/config/mkoptions.cc
+++ b/usr.sbin/config/mkoptions.cc
@@ -263,7 +263,7 @@
if (op == NULL)
err(EXIT_FAILURE, "calloc");
op->op_name = ns(name);
- op->op_value = value ? ns(value) : NULL;
+ op->op_value = ns(value);
SLIST_INSERT_HEAD(&op_head, op, op_next);
}
@@ -383,8 +383,10 @@
}
optname = ns(wd);
wd = get_word(fp);
- if (wd.eof())
- return (1);
+ if (wd.eof()) {
+ free(optname);
+ break;
+ }
if (wd.eol()) {
if (flags) {
fprintf(stderr, "%s: compat file requires two"
@@ -399,10 +401,18 @@
} else {
val = ns(wd);
}
- if (flags == 0)
+
+ if (flags == 0) {
+ /*
+ * insert_option takes possession of `optname` in the
+ * new option instead of making yet another copy.
+ */
insert_option(fname, optname, val);
- else
+ } else {
update_option(optname, val, flags);
+ free(optname);
+ optname = NULL;
+ }
}
(void)fclose(fp);
return (1);

File Metadata

Mime Type
text/plain
Expires
Sat, Jan 25, 11:31 AM (16 h, 48 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16140348
Default Alt Text
D38643.diff (2 KB)

Event Timeline