changeset 1517:7dacf2eda737 draft

Fix use-after-free spotted by Ashwini Sharma's static analysis. We xstrdup() an optargs string to avoid modifying our environment space (because it can change what "ps" shows to other processes), and then parse out colon delimited strings and save them in globals that can later be used in the -v codepath and so on. But those globals _aren't_ strdup (no point) which means we can't free the string while we're still using pointers into the middle of it. So move the free to the end. (I hardly ever test with CFG_TOYBOX_FREE switched on because even nommu doesn't need it.)
author Rob Landley <rob@landley.net>
date Thu, 09 Oct 2014 12:17:36 -0500
parents 9d6ce6b0fa31
children 4bfbd8b96f66
files toys/posix/chgrp.c
diffstat 1 files changed, 2 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/toys/posix/chgrp.c	Wed Oct 08 13:59:16 2014 -0500
+++ b/toys/posix/chgrp.c	Thu Oct 09 12:17:36 2014 -0500
@@ -90,7 +90,6 @@
       if (!p && isdigit(*own)) p=getpwuid(atoi(own));
       if (!p) error_exit("no user '%s'", own);
       TT.owner = p->pw_uid;
-      if (CFG_TOYBOX_FREE) free(own);
     }
   } else TT.group_name = *toys.optargs;
 
@@ -107,4 +106,6 @@
     if (new) dirtree_handle_callback(new, do_chgrp);
     else toys.exitval = 1;
   }
+
+  if (CFG_TOYBOX_FREE && ischown) free(own);
 }