[BZ #199]

2004-06-08 Jakub Jelinek <jakub@redhat.com> [BZ #199] * crypt/md5-crypt.c (__md5_crypt): Only update buflen if realloc succeeds. Reported by Miles Ohlrich <miles@cray.com>. * elf/chroot_canon.c (chroot_canon): Avoid segfault if first malloc fails. Avoid memory leak if realloc fails.
2024-11-23 17:53:37 +08:00 · 2004-06-10 02:16:08 +00:00 · 2004-06-10 02:16:08 +00:00 · f05a089da9
commit f05a089da9
parent e17f8b6119
3 changed files with 19 additions and 8 deletions
--- a/9
+++ b/9
@ -1,3 +1,12 @@
+2004-06-08  Jakub Jelinek  <jakub@redhat.com>
+
+	[BZ #199]
+	* crypt/md5-crypt.c (__md5_crypt): Only update buflen if realloc
+	succeeds.  Reported by Miles Ohlrich <miles@cray.com>.
+
+	* elf/chroot_canon.c (chroot_canon): Avoid segfault if first malloc
+	fails.  Avoid memory leak if realloc fails.
+
 2004-06-09  Jakub Jelinek  <jakub@redhat.com>

 	* sysdeps/generic/setenv.c (setenv): Return -1/EINVAL if name is
--- a/crypt/md5-crypt.c
+++ b/crypt/md5-crypt.c
@ -1,6 +1,7 @@
 /* One way encryption based on MD5 sum.
   Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0.
-   Copyright (C) 1996,1997,1999,2000,2001,2002 Free Software Foundation, Inc.
+   Copyright (C) 1996, 1997, 1999, 2000, 2001, 2002, 2004
+   Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.

@ -250,15 +251,12 @@ __md5_crypt (const char *key, const char *salt)

  if (buflen < needed)
    {
-      char *new_buffer;
-
-      buflen = needed;
-
-      new_buffer = (char *) realloc (buffer, buflen);
+      char *new_buffer = (char *) realloc (buffer, needed);
      if (new_buffer == NULL)
 	return NULL;

      buffer = new_buffer;
+      buflen = needed;
    }

  return __md5_crypt_r (key, salt, buffer, buflen);
--- a/elf/chroot_canon.c
+++ b/elf/chroot_canon.c
@ -1,5 +1,6 @@
 /* Return the canonical absolute name of a given file inside chroot.
-   Copyright (C) 1996,1997,1998,1999,2000,2001 Free Software Foundation, Inc.
+   Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2004
+   Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
@ -59,6 +60,9 @@ chroot_canon (const char *chroot, const char *name)
    }

  rpath = malloc (chroot_len + PATH_MAX);
+  if (rpath == NULL)
+    return NULL;
+
  rpath_limit = rpath + chroot_len + PATH_MAX;

  rpath_root = (char *) mempcpy (rpath, chroot, chroot_len) - 1;
@ -108,7 +112,7 @@ chroot_canon (const char *chroot, const char *name)
 		new_size += PATH_MAX;
 	      new_rpath = (char *) realloc (rpath, new_size);
 	      if (new_rpath == NULL)
-		return NULL;
+		goto error;
 	      rpath = new_rpath;
 	      rpath_limit = rpath + new_size;