[PATCH 1/4] isrv_identd: Fix use after free
Ryan Mallon
rmallon at gmail.com
Thu Jan 2 22:13:45 UTC 2014
Fix a use of buf after it has been freed at the end of the
do_rd() function. If the connection is being terminated, then there is
no need to do the fcntl(), so just return immediately.
This bug was found with Smatch (http://smatch.sourceforge.net/).
Signed-off-by: Ryan Mallon <rmallon at gmail.com>
---
networking/isrv_identd.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/networking/isrv_identd.c b/networking/isrv_identd.c
index a41405c..d571eb4 100644
--- a/networking/isrv_identd.c
+++ b/networking/isrv_identd.c
@@ -51,7 +51,6 @@ static int do_rd(int fd, void **paramp)
{
identd_buf_t *buf = *paramp;
char *cur, *p;
- int retval = 0; /* session is ok (so far) */
int sz;
cur = buf->buf + buf->pos;
@@ -79,11 +78,11 @@ static int do_rd(int fd, void **paramp)
fdprintf(fd, "%s : USERID : UNIX : %s\r\n", buf->buf, bogouser);
term:
free(buf);
- retval = 1; /* terminate */
+ return 1; /* terminate */
ok:
if (buf->fd_flag & O_NONBLOCK)
fcntl(fd, F_SETFL, buf->fd_flag & ~O_NONBLOCK);
- return retval;
+ return 0;
}
static int do_timeout(void **paramp UNUSED_PARAM)
--
1.7.1
More information about the busybox
mailing list