On Saturday, January 11, 2025 10:43:47 PM Pacific Standard Time Hal Murray via
devel wrote:
> The Linux man page says
> If ptr is NULL, no operation is performed.
>
> I'd expect a wrapper if there really was a problem.
>
> This code is in ntpd/ntp_config.c
> if (NULL == s) { /* free() hates NULL */
> s = estrdup("");
> }
>
> Any reason not to nuke that chunk of code?
Have we looked beyond the sound bite? A bush league check by this armchair
asshole suggest that a NULL that slips through here can go into estrdup,
strlen, get_logmask, stats_config, or other places I haven't found yet. Just be
aware that sucker is a stopper; it would be prudent to check everything
downstream.
Ah, it looks like estrdup and strlen at least would react poorly[1] to being
fed a null from the wrapping code. huh.
[1] https://stackoverflow.com/questions/5796103/strlen-not-checking-for-null
_______________________________________________
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel
