CVS commit: src/usr.bin/mail

[Rin Okuyama]

Module Name:    src
Committed By:   rin
Date:           Wed Aug 23 03:49:00 UTC 2023

Modified Files:
        src/usr.bin/mail: fio.c thread.c

Log Message:
mail: Fix regression for recent use-after-free fix

For makemessage(), do not skip thread_fix_old_links() for
newly-allocated message as before.

Thanks jun@ for report.


To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 src/usr.bin/mail/fio.c
cvs rdiff -u -r1.15 -r1.16 src/usr.bin/mail/thread.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.bin/mail/fio.c
diff -u src/usr.bin/mail/fio.c:1.44 src/usr.bin/mail/fio.c:1.45
--- src/usr.bin/mail/fio.c:1.44	Thu Aug 10 20:36:28 2023
+++ src/usr.bin/mail/fio.c	Wed Aug 23 03:49:00 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: fio.c,v 1.44 2023/08/10 20:36:28 mrg Exp $	*/
+/*	$NetBSD: fio.c,v 1.45 2023/08/23 03:49:00 rin Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -34,7 +34,7 @@
 #if 0
 static char sccsid[] = "@(#)fio.c	8.2 (Berkeley) 4/20/95";
 #else
-__RCSID("$NetBSD: fio.c,v 1.44 2023/08/10 20:36:28 mrg Exp $");
+__RCSID("$NetBSD: fio.c,v 1.45 2023/08/23 03:49:00 rin Exp $");
 #endif
 #endif /* not lint */
 
@@ -126,6 +126,7 @@ makemessage(FILE *f, int omsgCount, int 
 	struct message *omessage;	/* old message structure array */
 	struct message *nmessage;
 	ptrdiff_t off;
+	int need_init;
 
 	omessage = get_abs_message(1);
 
@@ -135,13 +136,15 @@ makemessage(FILE *f, int omsgCount, int 
 		off = 0;
 	else
 		off = dot - omessage;
+	need_init = (omessage == NULL);
 	nmessage = realloc(omessage, size);
 	if (nmessage == NULL)
 		err(EXIT_FAILURE,
 		    "Insufficient memory for %d messages", nmsgCount);
 	dot = nmessage + off;
 
-	thread_fix_old_links(nmessage, off, omsgCount);
+	if (off != 0 || need_init != 0)
+		thread_fix_old_links(nmessage, off, omsgCount);
 
 #ifndef THREAD_SUPPORT
 	message = nmessage;

Index: src/usr.bin/mail/thread.c
diff -u src/usr.bin/mail/thread.c:1.15 src/usr.bin/mail/thread.c:1.16
--- src/usr.bin/mail/thread.c:1.15	Thu Aug 10 20:36:28 2023
+++ src/usr.bin/mail/thread.c	Wed Aug 23 03:49:00 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: thread.c,v 1.15 2023/08/10 20:36:28 mrg Exp $	*/
+/*	$NetBSD: thread.c,v 1.16 2023/08/23 03:49:00 rin Exp $	*/
 
 /*-
  * Copyright (c) 2006 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
 
 #include <sys/cdefs.h>
 #ifndef __lint__
-__RCSID("$NetBSD: thread.c,v 1.15 2023/08/10 20:36:28 mrg Exp $");
+__RCSID("$NetBSD: thread.c,v 1.16 2023/08/23 03:49:00 rin Exp $");
 #endif /* not __lint__ */
 
 #include <assert.h>
@@ -443,8 +443,6 @@ PUBLIC void
 thread_fix_old_links(struct message *nmessage, ptrdiff_t off, int omsgCount)
 {
 	int i;
-	if (off == 0)
-		return;
 
 #ifndef NDEBUG
 	message_array.t_head = nmessage; /* for assert check in thread_fix_new_links */