[PATCH 1/4] isrv_identd: Fix use after free
Denys Vlasenko
vda.linux at googlemail.com
Thu Jan 9 18:16:03 UTC 2014
Applied with some corrections, thanks!
On Thu, Jan 2, 2014 at 11:13 PM, Ryan Mallon <rmallon at gmail.com> wrote:
> Fix a use of buf after it has been freed at the end of the
> do_rd() function. If the connection is being terminated, then there is
> no need to do the fcntl(), so just return immediately.
>
> This bug was found with Smatch (http://smatch.sourceforge.net/).
>
> Signed-off-by: Ryan Mallon <rmallon at gmail.com>
> ---
> networking/isrv_identd.c | 5 ++---
> 1 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/networking/isrv_identd.c b/networking/isrv_identd.c
> index a41405c..d571eb4 100644
> --- a/networking/isrv_identd.c
> +++ b/networking/isrv_identd.c
> @@ -51,7 +51,6 @@ static int do_rd(int fd, void **paramp)
> {
> identd_buf_t *buf = *paramp;
> char *cur, *p;
> - int retval = 0; /* session is ok (so far) */
> int sz;
>
> cur = buf->buf + buf->pos;
> @@ -79,11 +78,11 @@ static int do_rd(int fd, void **paramp)
> fdprintf(fd, "%s : USERID : UNIX : %s\r\n", buf->buf, bogouser);
> term:
> free(buf);
> - retval = 1; /* terminate */
> + return 1; /* terminate */
> ok:
> if (buf->fd_flag & O_NONBLOCK)
> fcntl(fd, F_SETFL, buf->fd_flag & ~O_NONBLOCK);
> - return retval;
> + return 0;
> }
>
> static int do_timeout(void **paramp UNUSED_PARAM)
> --
> 1.7.1
>
More information about the busybox
mailing list