[fedfs-utils] [PATCH 2/8] fedfsd: don't return freed memory through **pathname parameter, ...
Chuck Lever
chuck.lever at oracle.com
Wed Nov 30 13:13:07 PST 2011
On Nov 30, 2011, at 3:51 PM, Jim Meyering wrote:
> From: Jim Meyering <meyering at redhat.com>
>
> even though upon error it will not be used.
> * src/fedfsd/svc.c (fedfsd_pathwalk): On an error path, don't
> set *pathname at all, and certainly not to a just-freed pointer.
>
> mount avoid one-byte heap-write overrun
> ---
> src/fedfsd/svc.c | 1 -
> 1 files changed, 0 insertions(+), 1 deletions(-)
>
> diff --git a/src/fedfsd/svc.c b/src/fedfsd/svc.c
> index 132be70..3509082 100644
> --- a/src/fedfsd/svc.c
> +++ b/src/fedfsd/svc.c
> @@ -318,7 +318,6 @@ fedfsd_pathwalk(const FedFsPathName fpath, char **pathname)
> retval = fedfsd_pathwalk_check_term(result);
> if (retval != FEDFS_OK)
> free(result);
> - *pathname = result;
if retval is FEDFS_OK, we want to preserve the result. So the existing code is incorrect, but this fix is also wrong. How about
if (retval != FEDFS_OK) {
free(result);
return retval;
}
*pathname = result;
return FEDFS_OK;
> return retval;
> }
>
> --
> 1.7.8.rc4
>
>
> _______________________________________________
> fedfs-utils-devel mailing list
> fedfs-utils-devel at oss.oracle.com
> http://oss.oracle.com/mailman/listinfo/fedfs-utils-devel
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
More information about the fedfs-utils-devel
mailing list