[git commit] libbb: fix use-after-free in copy_file

Denys Vlasenko vda.linux at googlemail.com
Mon Sep 3 08:25:29 UTC 2018


commit: https://git.busybox.net/busybox/commit/?id=3060992ec94722b4f8f3711a1884270c81a6e5f5
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 libbb/copy_file.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libbb/copy_file.c b/libbb/copy_file.c
index 98bd4fe72..2d6557cd4 100644
--- a/libbb/copy_file.c
+++ b/libbb/copy_file.c
@@ -388,14 +388,15 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
 		char *lpath = xmalloc_readlink_or_warn(source);
 		if (lpath) {
 			int r = symlink(lpath, dest);
-			free(lpath);
 			if (r < 0) {
 				/* shared message */
 				bb_perror_msg("can't create %slink '%s' to '%s'",
 					"sym", dest, lpath
 				);
+				free(lpath);
 				return -1;
 			}
+			free(lpath);
 			if (flags & FILEUTILS_PRESERVE_STATUS)
 				if (lchown(dest, source_stat.st_uid, source_stat.st_gid) < 0)
 					bb_perror_msg("can't preserve %s of '%s'", "ownership", dest);


More information about the busybox-cvs mailing list