From dan@kulesh.obluda.cz  Tue Jul 12 16:34:13 2005
Return-Path: <dan@kulesh.obluda.cz>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C216916A41C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 12 Jul 2005 16:34:13 +0000 (GMT)
	(envelope-from dan@kulesh.obluda.cz)
Received: from kulesh.obluda.cz (kulesh.obluda.cz [193.179.22.243])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A7A8D43D46
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 12 Jul 2005 16:34:12 +0000 (GMT)
	(envelope-from dan@kulesh.obluda.cz)
Received: from kulesh.obluda.cz (localhost.eunet.cz [127.0.0.1])
	by kulesh.obluda.cz (8.13.3/8.13.3) with ESMTP id j6CGYAIf015767
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 12 Jul 2005 18:34:10 +0200 (CEST)
	(envelope-from dan@kulesh.obluda.cz)
Received: (from root@localhost)
	by kulesh.obluda.cz (8.13.3/8.13.1/Submit) id j6CGY9BP015766;
	Tue, 12 Jul 2005 18:34:09 +0200 (CEST)
	(envelope-from dan)
Message-Id: <200507121634.j6CGY9BP015766@kulesh.obluda.cz>
Date: Tue, 12 Jul 2005 18:34:09 +0200 (CEST)
From: Dan Lukes <dan@obluda.cz>
Reply-To: Dan Lukes <dan@obluda.cz>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [ PATCH ] libc's getent() don't check for malloc failure
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         83338
>Category:       bin
>Synopsis:       [patch] libc's getent() don't check for malloc failure
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 12 16:40:10 GMT 2005
>Closed-Date:    Thu May 28 21:53:16 UTC 2009
>Last-Modified:  Thu May 28 22:00:04 UTC 2009
>Originator:     Dan Lukes
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
Obludarium
>Environment:
System: FreeBSD 5.4-STABLE #8: Sat Jul 9 16:31:08 CEST 2005 i386
src/lib/libc/gen/getcap.c,v 1.19 2003/01/02 10:19:43 thomas

>Description:
	getent() called from cgetent() don't check for malloc failure
>How-To-Repeat:
>Fix:

--- patch begins here ---
--- lib/libc/gen/getcap.c.ORIG	Thu Jan  2 20:26:24 2003
+++ lib/libc/gen/getcap.c	Tue Jul 12 18:27:20 2005
@@ -255,9 +255,11 @@
 					return (retval);
 				}
 				/* save the data; close frees it */
-				clen = strlen(record);
-				cbuf = malloc(clen + 1);
-				memcpy(cbuf, record, clen + 1);
+				if ((clen = strdup(record)) == NULL) {
+					capdbp->close(capdbp);
+					errno = ENOMEM;
+					return (-2);
+				}
 				if (capdbp->close(capdbp) < 0) {
 					free(cbuf);
 					return (-2);
--- patch ends here ---
>Release-Note:
>Audit-Trail:

From: Dan Lukes <dan@obluda.cz>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/83338: [ PATCH ] libc's getent() don't check for malloc failure
Date: Tue, 12 Jul 2005 20:35:15 +0200

 This is a multi-part message in MIME format.
 --------------070009010608060701060504
 Content-Type: text/plain; charset=ISO-8859-2; format=flowed
 Content-Transfer-Encoding: 7bit
 
 	I'm sorry, the incorrect patch file has been attached. The correct one 
 follows.
 
 					Dan
 
 
 -- 
 Dan Lukes                                   SISAL MFF UK
 AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz
 
 --------------070009010608060701060504
 Content-Type: text/plain;
  name="x"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="x"
 
 --- lib/libc/gen/getcap.c.ORIG	Thu Jan  2 20:26:24 2003
 +++ lib/libc/gen/getcap.c	Tue Jul 12 20:30:53 2005
 @@ -193,7 +193,7 @@
  {
  	DB *capdbp;
  	char *r_end, *rp, **db_p;
 -	int myfd, eof, foundit, retval, clen;
 +	int myfd, eof, foundit, retval;
  	char *record, *cbuf;
  	int tc_not_resolved;
  	char pbuf[_POSIX_PATH_MAX];
 @@ -255,14 +255,16 @@
  					return (retval);
  				}
  				/* save the data; close frees it */
 -				clen = strlen(record);
 -				cbuf = malloc(clen + 1);
 -				memcpy(cbuf, record, clen + 1);
 +				if ((cbuf = strdup(record)) == NULL) {
 +					capdbp->close(capdbp);
 +					errno = ENOMEM;
 +					return (-2);
 +				}
  				if (capdbp->close(capdbp) < 0) {
  					free(cbuf);
  					return (-2);
  				}
 -				*len = clen;
 +				*len = strlen(cbuf);
  				*cap = cbuf;
  				return (retval);
  			} else {
 
 --------------070009010608060701060504--
State-Changed-From-To: open->patched 
State-Changed-By: delphij 
State-Changed-When: Thu Apr 2 22:17:02 UTC 2009 
State-Changed-Why:  
A different patch applied against -HEAD, MFC reminder. 


Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: delphij 
Responsible-Changed-When: Thu Apr 2 22:17:02 UTC 2009 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=83338 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/83338: commit references a PR
Date: Thu,  2 Apr 2009 22:17:19 +0000 (UTC)

 Author: delphij
 Date: Thu Apr  2 22:17:02 2009
 New Revision: 190661
 URL: http://svn.freebsd.org/changeset/base/190661
 
 Log:
   Properly handle malloc() failures.
   
   PR:		bin/83338
 
 Modified:
   head/lib/libc/gen/getcap.c
 
 Modified: head/lib/libc/gen/getcap.c
 ==============================================================================
 --- head/lib/libc/gen/getcap.c	Thu Apr  2 22:04:44 2009	(r190660)
 +++ head/lib/libc/gen/getcap.c	Thu Apr  2 22:17:02 2009	(r190661)
 @@ -189,7 +189,7 @@ getent(char **cap, u_int *len, char **db
  {
  	DB *capdbp;
  	char *r_end, *rp, **db_p;
 -	int myfd, eof, foundit, retval, clen;
 +	int myfd, eof, foundit, retval;
  	char *record, *cbuf;
  	int tc_not_resolved;
  	char pbuf[_POSIX_PATH_MAX];
 @@ -251,14 +251,16 @@ getent(char **cap, u_int *len, char **db
  					return (retval);
  				}
  				/* save the data; close frees it */
 -				clen = strlen(record);
 -				cbuf = malloc(clen + 1);
 -				memcpy(cbuf, record, clen + 1);
 +				cbuf = strdup(record);
  				if (capdbp->close(capdbp) < 0) {
  					free(cbuf);
  					return (-2);
  				}
 -				*len = clen;
 +				if (cbuf == NULL) {
 +					errno = ENOMEM;
 +					return (-2);
 +				}
 +				*len = strlen(record);
  				*cap = cbuf;
  				return (retval);
  			} else {
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: delphij 
State-Changed-When: Thu May 28 21:52:47 UTC 2009 
State-Changed-Why:  
Patch applied against -HEAD, stable/6 and stable/7, thanks for your 
submission! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=83338 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/83338: commit references a PR
Date: Thu, 28 May 2009 21:52:13 +0000 (UTC)

 Author: delphij
 Date: Thu May 28 21:52:00 2009
 New Revision: 192999
 URL: http://svn.freebsd.org/changeset/base/192999
 
 Log:
   Merge r192129+r190661:
   
   Properly handle malloc() failures.
   
   PR:	bin/83338
 
 Modified:
   stable/7/lib/libc/   (props changed)
   stable/7/lib/libc/gen/getcap.c
   stable/7/lib/libc/string/ffsll.c   (props changed)
   stable/7/lib/libc/string/flsll.c   (props changed)
 
 Modified: stable/7/lib/libc/gen/getcap.c
 ==============================================================================
 --- stable/7/lib/libc/gen/getcap.c	Thu May 28 21:41:01 2009	(r192998)
 +++ stable/7/lib/libc/gen/getcap.c	Thu May 28 21:52:00 2009	(r192999)
 @@ -189,7 +189,7 @@ getent(char **cap, u_int *len, char **db
  {
  	DB *capdbp;
  	char *r_end, *rp, **db_p;
 -	int myfd, eof, foundit, retval, clen;
 +	int myfd, eof, foundit, retval;
  	char *record, *cbuf;
  	int tc_not_resolved;
  	char pbuf[_POSIX_PATH_MAX];
 @@ -251,14 +251,16 @@ getent(char **cap, u_int *len, char **db
  					return (retval);
  				}
  				/* save the data; close frees it */
 -				clen = strlen(record);
 -				cbuf = malloc(clen + 1);
 -				memcpy(cbuf, record, clen + 1);
 +				cbuf = strdup(record);
  				if (capdbp->close(capdbp) < 0) {
  					free(cbuf);
  					return (-2);
  				}
 -				*len = clen;
 +				if (cbuf == NULL) {
 +					errno = ENOMEM;
 +					return (-2);
 +				}
 +				*len = strlen(cbuf);
  				*cap = cbuf;
  				return (retval);
  			} else {
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/83338: commit references a PR
Date: Thu, 28 May 2009 21:52:49 +0000 (UTC)

 Author: delphij
 Date: Thu May 28 21:52:36 2009
 New Revision: 193000
 URL: http://svn.freebsd.org/changeset/base/193000
 
 Log:
   Merge r192129+r190661:
   
   Properly handle malloc() failures.
   
   PR:	bin/83338
 
 Modified:
   stable/6/lib/libc/   (props changed)
   stable/6/lib/libc/gen/getcap.c
   stable/6/lib/libc/inet/inet_net_pton.c   (props changed)
   stable/6/lib/libc/sys/   (props changed)
 
 Modified: stable/6/lib/libc/gen/getcap.c
 ==============================================================================
 --- stable/6/lib/libc/gen/getcap.c	Thu May 28 21:52:00 2009	(r192999)
 +++ stable/6/lib/libc/gen/getcap.c	Thu May 28 21:52:36 2009	(r193000)
 @@ -193,7 +193,7 @@ getent(char **cap, u_int *len, char **db
  {
  	DB *capdbp;
  	char *r_end, *rp, **db_p;
 -	int myfd, eof, foundit, retval, clen;
 +	int myfd, eof, foundit, retval;
  	char *record, *cbuf;
  	int tc_not_resolved;
  	char pbuf[_POSIX_PATH_MAX];
 @@ -255,14 +255,16 @@ getent(char **cap, u_int *len, char **db
  					return (retval);
  				}
  				/* save the data; close frees it */
 -				clen = strlen(record);
 -				cbuf = malloc(clen + 1);
 -				memcpy(cbuf, record, clen + 1);
 +				cbuf = strdup(record);
  				if (capdbp->close(capdbp) < 0) {
  					free(cbuf);
  					return (-2);
  				}
 -				*len = clen;
 +				if (cbuf == NULL) {
 +					errno = ENOMEM;
 +					return (-2);
 +				}
 +				*len = strlen(cbuf);
  				*cap = cbuf;
  				return (retval);
  			} else {
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
