mirrors/ppp
0
0
Fork 0
mirror of https://github.com/paulusmack/ppp.git synced 2024-11-23 18:33:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

pppd: Eliminate memory leak with multiple instances of a string option

Browse Source 
This eliminates the memory leak which occurs when a user gives the
same string option multiple times.  Although the leak is trivial under
normal conditions, the fact that it can be triggered by the user
means that it may be of interest to attackers, so let's plug the leak.

This also means that any o_string option without OPT_STATIC set needs
to have opt->addr pointing to a pointer which starts out NULL.  That
is the case for all current uses of o_string.

Signed-off-by: Paul Mackerras <paulus@samba.org>
This commit is contained in:
Paul Mackerras 2014-08-01 17:32:15 +10:00
parent 7658e82571
commit b94b7fbbaa
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pppd/options.c
View File

@ -776,10 +776,13 @@ process_option(opt, cmd, argv)
if (opt->flags & OPT_STATIC) {
strlcpy((char *)(opt->addr), *argv, opt->upper_limit);
} else {
char **optptr = (char **)(opt->addr);
sv = strdup(*argv);
if (sv == NULL)
novm("option argument");
*(char **)(opt->addr) = sv;
if (*optptr)
free(*optptr);
*optptr = sv;
}
break;