[bug-inetutils] [PATCH] Verify name is allocated in hostname.c/parse

bug-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-inetutils] [PATCH] Verify name is allocated in hostname.c/parse_arg

From:	Omer Anson
Subject:	[bug-inetutils] [PATCH] Verify name is allocated in hostname.c/parse_args
Date:	Fri, 23 Jun 2017 00:04:11 +0300

When calling parse_args, hostname assumes that a pointer is always
returned. However, if the input file contains only comments, and the
last line does not end with a newline, then parse_args can return NULL.

This happens because getline returns the number of characters read, and
sets the EOF flag on the file. Since it is a comment, the block
allocating 'name' is not entered, and 'name' remains NULL. The loops
exits since the EOF flag was set.

This change adds a test at the set_name (the only parse_args caller)
that exits if parse_args returns NULL.

parse_args is also modified to free its buffer in case of parser error,
so a pointer to uninitialized memory isn't returned.

parse_args allocated buffer size is also increased by 1. The previous
size was the return value of getline, which can potentially not have
enough room for the NUL terminator. getline returns the number of
characters read without the terminating null byte ('\0').

This is version 2 of the patch.
* The test was moved to set_name from parse_file
* parse_file now frees name on sscanf failure
* parse_file now allocs name to nread+1 characters
---
 src/hostname.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/hostname.c b/src/hostname.c
index e6a90f7..8cac8f3 100644
--- a/src/hostname.c
+++ b/src/hostname.c
@@ -232,7 +232,7 @@ set_name (const hostname_arguments *const args)
   else
     hostname_new = args->hostname_new;
 
-  size = strlen (hostname_new);
+  size = hostname_new ? strlen (hostname_new) : 0;
   if (!size)
     error (EXIT_FAILURE, 0, "Empty hostname");
 
@@ -407,9 +407,11 @@ parse_file (const char *const file_name)
 
       if (buffer[0] != '#')
         {
-         name = (char *) xmalloc (sizeof (char) * nread);
+         name = (char *) xmalloc (sizeof (char) * (nread + 1));
          if (sscanf (buffer, "%s", name)  == 1)
            break;
+         free (name);
+         name = NULL;
         }
     }
   while (feof (file) == 0);
-- 
2.4.11

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-inetutils] [PATCH] Verify name is allocated in hostname.c/parse_args, Omer Anson, 2017/06/19
- Re: [bug-inetutils] [PATCH] Verify name is allocated in hostname.c/parse_args, Giuseppe Scrivano, 2017/06/20
  - Re: [bug-inetutils] [PATCH] Verify name is allocated in hostname.c/parse_args, Alfred M. Szmidt, 2017/06/22
    - Re: [bug-inetutils] [PATCH] Verify name is allocated in hostname.c/parse_args, Omer Anson, 2017/06/22
    - [bug-inetutils] [PATCH] Verify name is allocated in hostname.c/parse_args, Omer Anson <=
- Re: [bug-inetutils] [PATCH] Verify name is allocated in hostname.c/parse_args, Alfred M. Szmidt, 2017/06/22

Prev by Date: Re: [bug-inetutils] Telnet client command parsing bugs
Next by Date: Re: [bug-inetutils] Telnet client command parsing bugs
Previous by thread: Re: [bug-inetutils] [PATCH] Verify name is allocated in hostname.c/parse_args
Next by thread: Re: [bug-inetutils] [PATCH] Verify name is allocated in hostname.c/parse_args
Index(es):
- Date
- Thread