Author: brucec
Date: Sun Nov 21 14:34:25 2010
New Revision: 215637
URL: http://svn.freebsd.org/changeset/base/215637
Log:
dispatch_add_command:
Modify the logic so there's only one exit point instead of two.
Only insert valid (non-NULL) values into the queue.
dispatch_free_command:
Ensure that item is not NULL before removing it from the queue and
dereferencing the pointer.
NULL out free'd pointers to catch any use-after-free bugs.
PR: bin/146855
Submitted by: gcooper
MFC after: 3 days
Modified:
head/usr.sbin/sysinstall/dispatch.c
Modified: head/usr.sbin/sysinstall/dispatch.c
==============================================================================
--- head/usr.sbin/sysinstall/dispatch.c Sun Nov 21 13:41:04 2010
(r215636)
+++ head/usr.sbin/sysinstall/dispatch.c Sun Nov 21 14:34:25 2010
(r215637)
@@ -136,8 +136,12 @@ typedef struct command_buffer_ {
static void
dispatch_free_command(command_buffer *item)
{
- REMQUE(item);
- free(item->string);
+ if (item != NULL) {
+ REMQUE(item);
+ free(item->string);
+ item->string = NULL;
+ }
+
free(item);
}
@@ -155,19 +159,29 @@ dispatch_free_all(qelement *head)
static command_buffer *
dispatch_add_command(qelement *head, char *string)
{
- command_buffer *new;
+ command_buffer *new = NULL;
new = malloc(sizeof(command_buffer));
- if (!new)
- return NULL;
+ if (new != NULL) {
- new->string = strdup(string);
- INSQUEUE(new, head->q_back);
+ new->string = strdup(string);
+
+ /*
+ * We failed to copy `string'; clean up the allocated
+ * resources.
+ */
+ if (new->string == NULL) {
+ free(new);
+ new = NULL;
+ } else {
+ INSQUEUE(new, head->q_back);
+ }
+ }
return new;
}
-�
+
/*
* Command processing
*/
@@ -280,7 +294,7 @@ dispatchCommand(char *str)
return i;
}
-�
+
/*
* File processing
*/
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
