Bugzilla – Attachment 3585 Details for
Bug 3403
Memory leak
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
use freeargs(), more addargs(), etc paranoia
bz3403.diff (text/plain), 2.07 KB, created by
Damien Miller
on 2022-03-18 13:52:08 AEDT
(
hide
)
Description:
use freeargs(), more addargs(), etc paranoia
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2022-03-18 13:52:08 AEDT
Size:
2.07 KB
patch
obsolete
>diff --git a/misc.c b/misc.c >index 1c32489..262f1e0 100644 >--- a/misc.c >+++ b/misc.c >@@ -1022,16 +1022,21 @@ addargs(arglist *args, char *fmt, ...) > r = vasprintf(&cp, fmt, ap); > va_end(ap); > if (r == -1) >- fatal("addargs: argument too long"); >+ fatal_f("argument too long"); > > nalloc = args->nalloc; > if (args->list == NULL) { > nalloc = 32; > args->num = 0; >- } else if (args->num+2 >= nalloc) >+ } else if (args->num > (256 * 1024)) >+ fatal_f("too many arguments"); >+ else if (args->num >= args->nalloc) >+ fatal_f("arglist corrupt"); >+ else if (args->num+2 >= nalloc) > nalloc *= 2; > >- args->list = xrecallocarray(args->list, args->nalloc, nalloc, sizeof(char *)); >+ args->list = xrecallocarray(args->list, args->nalloc, >+ nalloc, sizeof(char *)); > args->nalloc = nalloc; > args->list[args->num++] = cp; > args->list[args->num] = NULL; >@@ -1048,10 +1053,12 @@ replacearg(arglist *args, u_int which, char *fmt, ...) > r = vasprintf(&cp, fmt, ap); > va_end(ap); > if (r == -1) >- fatal("replacearg: argument too long"); >+ fatal_f("argument too long"); >+ if (args->list == NULL || args->num >= args->nalloc) >+ fatal_f("arglist corrupt"); > > if (which >= args->num) >- fatal("replacearg: tried to replace invalid arg %d >= %d", >+ fatal_f("tried to replace invalid arg %d >= %d", > which, args->num); > free(args->list[which]); > args->list[which] = cp; >@@ -1062,13 +1069,15 @@ freeargs(arglist *args) > { > u_int i; > >- if (args->list != NULL) { >+ if (args == NULL) >+ return; >+ if (args->list != NULL && args->num < args->nalloc) { > for (i = 0; i < args->num; i++) > free(args->list[i]); > free(args->list); >- args->nalloc = args->num = 0; >- args->list = NULL; > } >+ args->nalloc = args->num = 0; >+ args->list = NULL; > } > > /* >diff --git a/scp.c b/scp.c >index d2f6252..7a450c4 100644 >--- a/scp.c >+++ b/scp.c >@@ -935,7 +935,7 @@ do_sftp_connect(char *host, char *user, int port, char *sftp_direct, > return NULL; > > } else { >- args.list = NULL; >+ freeargs(&args); > addargs(&args, "sftp-server"); > if (do_cmd(sftp_direct, host, NULL, -1, 0, "sftp", > reminp, remoutp, pidp) < 0)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3585">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 3403
: 3585