From f05a089da96014435cce5c9f17f386ba846a1a6e Mon Sep 17 00:00:00 2001 From: Roland McGrath Date: Thu, 10 Jun 2004 02:16:08 +0000 Subject: [PATCH] [BZ #199] 2004-06-08 Jakub Jelinek [BZ #199] * crypt/md5-crypt.c (__md5_crypt): Only update buflen if realloc succeeds. Reported by Miles Ohlrich . * elf/chroot_canon.c (chroot_canon): Avoid segfault if first malloc fails. Avoid memory leak if realloc fails. --- ChangeLog | 9 +++++++++ crypt/md5-crypt.c | 10 ++++------ elf/chroot_canon.c | 8 ++++++-- 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 46fcd8de87..13ee51fed7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2004-06-08 Jakub Jelinek + + [BZ #199] + * crypt/md5-crypt.c (__md5_crypt): Only update buflen if realloc + succeeds. Reported by Miles Ohlrich . + + * elf/chroot_canon.c (chroot_canon): Avoid segfault if first malloc + fails. Avoid memory leak if realloc fails. + 2004-06-09 Jakub Jelinek * sysdeps/generic/setenv.c (setenv): Return -1/EINVAL if name is diff --git a/crypt/md5-crypt.c b/crypt/md5-crypt.c index ededfaec71..7ba1491db6 100644 --- a/crypt/md5-crypt.c +++ b/crypt/md5-crypt.c @@ -1,6 +1,7 @@ /* One way encryption based on MD5 sum. Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0. - Copyright (C) 1996,1997,1999,2000,2001,2002 Free Software Foundation, Inc. + Copyright (C) 1996, 1997, 1999, 2000, 2001, 2002, 2004 + Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper , 1996. @@ -250,15 +251,12 @@ __md5_crypt (const char *key, const char *salt) if (buflen < needed) { - char *new_buffer; - - buflen = needed; - - new_buffer = (char *) realloc (buffer, buflen); + char *new_buffer = (char *) realloc (buffer, needed); if (new_buffer == NULL) return NULL; buffer = new_buffer; + buflen = needed; } return __md5_crypt_r (key, salt, buffer, buflen); diff --git a/elf/chroot_canon.c b/elf/chroot_canon.c index 6b7e444800..d29a032163 100644 --- a/elf/chroot_canon.c +++ b/elf/chroot_canon.c @@ -1,5 +1,6 @@ /* Return the canonical absolute name of a given file inside chroot. - Copyright (C) 1996,1997,1998,1999,2000,2001 Free Software Foundation, Inc. + Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2004 + Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -59,6 +60,9 @@ chroot_canon (const char *chroot, const char *name) } rpath = malloc (chroot_len + PATH_MAX); + if (rpath == NULL) + return NULL; + rpath_limit = rpath + chroot_len + PATH_MAX; rpath_root = (char *) mempcpy (rpath, chroot, chroot_len) - 1; @@ -108,7 +112,7 @@ chroot_canon (const char *chroot, const char *name) new_size += PATH_MAX; new_rpath = (char *) realloc (rpath, new_size); if (new_rpath == NULL) - return NULL; + goto error; rpath = new_rpath; rpath_limit = rpath + new_size;