Module Name: src
Committed By: kamil
Date: Thu Jun 21 23:05:28 UTC 2018
Modified Files:
src/usr.sbin/sysinst: util.c
Log Message:
Fix invalid free(3) in sysinst(8)
The path variable is assigned with an allocation on the heap with
strdup(3). Later this pointer is changed with strsep(3) and this caused
invalid free(3).
Store the original pointer in a new helper variable opath and pass it to
free(3). With this change, the problem is going away.
Detected with MKSANITIZER=yes with AddressSanitizer.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/usr.sbin/sysinst/util.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/sysinst/util.c
diff -u src/usr.sbin/sysinst/util.c:1.8 src/usr.sbin/sysinst/util.c:1.9
--- src/usr.sbin/sysinst/util.c:1.8 Fri May 18 12:23:22 2018
+++ src/usr.sbin/sysinst/util.c Thu Jun 21 23:05:28 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: util.c,v 1.8 2018/05/18 12:23:22 joerg Exp $ */
+/* $NetBSD: util.c,v 1.9 2018/06/21 23:05:28 kamil Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@@ -1681,14 +1681,16 @@ set_menu_select(menudesc *m, void *arg)
int
binary_available(const char *prog)
{
- char *p, tmp[MAXPATHLEN], *path = getenv("PATH");
+ char *p, tmp[MAXPATHLEN], *path = getenv("PATH"), *opath;
if (path == NULL)
return access(prog, X_OK) == 0;
path = strdup(path);
if (path == NULL)
return 0;
-
+
+ opath = path;
+
while ((p = strsep(&path, ":")) != NULL) {
if (strlcpy(tmp, p, MAXPATHLEN) >= MAXPATHLEN)
continue;
@@ -1697,11 +1699,11 @@ binary_available(const char *prog)
if (strlcat(tmp, prog, MAXPATHLEN) >= MAXPATHLEN)
continue;
if (access(tmp, X_OK) == 0) {
- free(path);
+ free(opath);
return 1;
}
}
- free(path);
+ free(opath);
return 0;
}
