Hosting Provided By

user/3414: bugs in usr.sbin/pkg_install/lib/exec.c

From: Patrick Latifi <patrick.l(at)hermes.usherb.ca>
Date: Mon Aug 25 2003 - 23:42:11 EDT

>Number: 3414
>Category: user
>Synopsis: bugs in vsystem()
>Confidential: yes
net
>Environment:

	System      : OpenBSD 3.4
	Architecture: OpenBSD.i386
	Machine     : i386

>Description:

	- plug memory leak
	- fix off-by-one error check of vsnprintf()
	- error check sysconf()

>How-To-Repeat:

Index: exec.c

RCS file: /cvs/src/usr.sbin/pkg_install/lib/exec.c,v retrieving revision 1.7
diff -u -r1.7 exec.c

--- exec.c	2003/07/04 17:31:19	1.7
+++ exec.c	2003/08/21 18:00:38
@@ -41,6 +41,11 @@
 	int	ret;
 
 	maxargs = (size_t) sysconf(_SC_ARG_MAX);
+	if ((long)maxargs == -1) {
+		pwarnx("vsystem can't retrieve max args");
+		return 1;
+	}
+
 	maxargs -= 32;			/* some slop for the sh -c */
 	if ((cmd = (char *) malloc(maxargs)) == (char *) NULL) {
 		pwarnx("vsystem can't alloc arg space");
@@ -48,8 +53,9 @@
 	}
 
 	va_start(args, fmt);
-	if (vsnprintf(cmd, maxargs, fmt, args) > maxargs) {
+	if (vsnprintf(cmd, maxargs, fmt, args) >= maxargs) {
 		pwarnx("vsystem args are too long");
+		free(cmd);
 		return 1;
 	}

#ifdef DEBUG
@@ -60,4 +66,3 @@

 	free(cmd);
 	return ret;

}
-

>Release-Note:
Received on Tue Aug 26 07:08:34 2003

This message: [ Message body ]
Next message: Mail Delivery Subsystem: "Returned mail: Rejected Mail"
Previous message: Postmaster Postmaster: "Re: Your details"
In reply to srp(at)srparish.net: "user/3169: Race fix for sftp-server rename breaks dir and symlink renames"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:30:08 EDT