Module Name: src
Committed By: shm
Date: Fri Sep 29 14:49:03 UTC 2023
Modified Files:
src/libexec/ftpd: conf.c
Log Message:
Fix uninitialized memory usage in count_users()
If the file was previously empty, pids table is not set, the code however used
pids[0] which is uninitialized in this case. In some scenarios it may lead to
propagate garbage value from pids[0] to the file and cause writing outside of
allocated memory.
OK lukem@
To generate a diff of this commit:
cvs rdiff -u -r1.64 -r1.65 src/libexec/ftpd/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/ftpd/conf.c
diff -u src/libexec/ftpd/conf.c:1.64 src/libexec/ftpd/conf.c:1.65
--- src/libexec/ftpd/conf.c:1.64 Sun Nov 4 20:46:46 2012
+++ src/libexec/ftpd/conf.c Fri Sep 29 14:49:03 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.64 2012/11/04 20:46:46 christos Exp $ */
+/* $NetBSD: conf.c,v 1.65 2023/09/29 14:49:03 shm Exp $ */
/*-
* Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: conf.c,v 1.64 2012/11/04 20:46:46 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.65 2023/09/29 14:49:03 shm Exp $");
#endif /* not lint */
#include <sys/types.h>
@@ -909,7 +909,7 @@ count_users(void)
goto cleanup_count;
if (fstat(fd, &sb) == -1)
goto cleanup_count;
- if ((pids = malloc(sb.st_size + sizeof(pid_t))) == NULL)
+ if ((pids = calloc(sb.st_size + sizeof(pid_t), 1)) == NULL)
goto cleanup_count;
/* XXX: implement a better read loop */
scount = read(fd, pids, sb.st_size);
