Re: acme-client calloc fix
Matthew Martin wrote: > On Wed, Jan 22, 2020 at 12:44:18AM -0500, Ted Unangst wrote: > > should not size the size until the allocation succeeds, or the free path > > will > > try to deref the null array. > > > > > > Index: json.c > > === > > RCS file: /home/cvs/src/usr.sbin/acme-client/json.c,v > > retrieving revision 1.14 > > diff -u -p -r1.14 json.c > > --- json.c 18 Jun 2019 18:50:07 - 1.14 > > +++ json.c 22 Jan 2020 05:37:59 - > > @@ -459,12 +459,13 @@ json_parse_order(struct jsmnn *n, struct > > if ((array = json_getarray(n, "authorizations")) == NULL) > > goto err; > > > > - if ((order->authsz = array->fields) > 0) { > > + if (array->fields > 0) { > > order->auths = calloc(sizeof(*order->auths), order->authsz); > > Shouldn't the second argument be switched to array->fields to maintain > the same behavior? thanks!
Re: acme-client calloc fix
oops, no kidding, otherwise it is the older value. Matthew Martin wrote: > On Wed, Jan 22, 2020 at 12:44:18AM -0500, Ted Unangst wrote: > > should not size the size until the allocation succeeds, or the free path > > will > > try to deref the null array. > > > > > > Index: json.c > > === > > RCS file: /home/cvs/src/usr.sbin/acme-client/json.c,v > > retrieving revision 1.14 > > diff -u -p -r1.14 json.c > > --- json.c 18 Jun 2019 18:50:07 - 1.14 > > +++ json.c 22 Jan 2020 05:37:59 - > > @@ -459,12 +459,13 @@ json_parse_order(struct jsmnn *n, struct > > if ((array = json_getarray(n, "authorizations")) == NULL) > > goto err; > > > > - if ((order->authsz = array->fields) > 0) { > > + if (array->fields > 0) { > > order->auths = calloc(sizeof(*order->auths), order->authsz); > > Shouldn't the second argument be switched to array->fields to maintain > the same behavior? > > > if (order->auths == NULL) { > > warn("malloc"); > > goto err; > > } > > + order->authsz = array->fields; > > } > > > > for (i = 0; i < array->fields; i++) { > > >
Re: acme-client calloc fix
On Wed, Jan 22, 2020 at 12:44:18AM -0500, Ted Unangst wrote: > should not size the size until the allocation succeeds, or the free path will > try to deref the null array. > > > Index: json.c > === > RCS file: /home/cvs/src/usr.sbin/acme-client/json.c,v > retrieving revision 1.14 > diff -u -p -r1.14 json.c > --- json.c18 Jun 2019 18:50:07 - 1.14 > +++ json.c22 Jan 2020 05:37:59 - > @@ -459,12 +459,13 @@ json_parse_order(struct jsmnn *n, struct > if ((array = json_getarray(n, "authorizations")) == NULL) > goto err; > > - if ((order->authsz = array->fields) > 0) { > + if (array->fields > 0) { > order->auths = calloc(sizeof(*order->auths), order->authsz); Shouldn't the second argument be switched to array->fields to maintain the same behavior? > if (order->auths == NULL) { > warn("malloc"); > goto err; > } > + order->authsz = array->fields; > } > > for (i = 0; i < array->fields; i++) { >
acme-client calloc fix
should not size the size until the allocation succeeds, or the free path will try to deref the null array. Index: json.c === RCS file: /home/cvs/src/usr.sbin/acme-client/json.c,v retrieving revision 1.14 diff -u -p -r1.14 json.c --- json.c 18 Jun 2019 18:50:07 - 1.14 +++ json.c 22 Jan 2020 05:37:59 - @@ -459,12 +459,13 @@ json_parse_order(struct jsmnn *n, struct if ((array = json_getarray(n, "authorizations")) == NULL) goto err; - if ((order->authsz = array->fields) > 0) { + if (array->fields > 0) { order->auths = calloc(sizeof(*order->auths), order->authsz); if (order->auths == NULL) { warn("malloc"); goto err; } + order->authsz = array->fields; } for (i = 0; i < array->fields; i++) {