Module Name: src
Committed By: martin
Date: Tue Oct 3 10:10:42 UTC 2023
Modified Files:
src/libexec/ftpd [netbsd-8]: conf.c
Log Message:
Pull up following revision(s) (requested by lukem in ticket #1905):
libexec/ftpd/conf.c: revision 1.65
Fix uninitialized memory usage in count_users()
If the file was previously empty, pids table is not set, the code however used
pids[0] which is uninitialized in this case. In some scenarios it may lead to
propagate garbage value from pids[0] to the file and cause writing outside of
allocated memory.
OK lukem@
To generate a diff of this commit:
cvs rdiff -u -r1.64 -r1.64.22.1 src/libexec/ftpd/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/ftpd/conf.c
diff -u src/libexec/ftpd/conf.c:1.64 src/libexec/ftpd/conf.c:1.64.22.1
--- src/libexec/ftpd/conf.c:1.64 Sun Nov 4 20:46:46 2012
+++ src/libexec/ftpd/conf.c Tue Oct 3 10:10:42 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.64 2012/11/04 20:46:46 christos Exp $ */
+/* $NetBSD: conf.c,v 1.64.22.1 2023/10/03 10:10:42 martin Exp $ */
/*-
* Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: conf.c,v 1.64 2012/11/04 20:46:46 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.64.22.1 2023/10/03 10:10:42 martin Exp $");
#endif /* not lint */
#include <sys/types.h>
@@ -909,7 +909,7 @@ count_users(void)
goto cleanup_count;
if (fstat(fd, &sb) == -1)
goto cleanup_count;
- if ((pids = malloc(sb.st_size + sizeof(pid_t))) == NULL)
+ if ((pids = calloc(sb.st_size + sizeof(pid_t), 1)) == NULL)
goto cleanup_count;
/* XXX: implement a better read loop */
scount = read(fd, pids, sb.st_size);
