On Sat, May 09, 2015 at 03:54:09PM -0700, Garrett Cooper wrote: > > > On May 9, 2015, at 12:12, Baptiste Daroussin <b...@freebsd.org> wrote: > > > > Author: bapt > > Date: Sat May 9 19:12:16 2015 > > New Revision: 282685 > > URL: https://svnweb.freebsd.org/changeset/base/282685 > > > > Log: > > Replace malloc(3) + strcpy(3) + strcat(3) by asprintf(3) > > > > Modified: > > head/usr.sbin/pw/pw_user.c > > > > Modified: head/usr.sbin/pw/pw_user.c > > ============================================================================== > > --- head/usr.sbin/pw/pw_user.c Sat May 9 19:11:01 2015 (r282684) > > +++ head/usr.sbin/pw/pw_user.c Sat May 9 19:12:16 2015 (r282685) > > @@ -363,11 +363,9 @@ pw_user(struct userconf * cnf, int mode, > > if (mode == M_LOCK) { > > if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str)-1) == > > 0) > > errx(EX_DATAERR, "user '%s' is already locked", > > pwd->pw_name); > > - passtmp = malloc(strlen(pwd->pw_passwd) + sizeof(locked_str)); > > + asprintf(&passtmp, "%s%s", locked_str, pwd->pw_passwd); > > if (passtmp == NULL) /* disaster */ > > errx(EX_UNAVAILABLE, "out of memory"); > > - strcpy(passtmp, locked_str); > > - strcat(passtmp, pwd->pw_passwd); > > pwd->pw_passwd = passtmp; > > edited = 1; > > } else if (mode == M_UNLOCK) { > > Please check the return values from asprintf..
As said in the manpage:
If sufficient space cannot be allocated, asprintf()
and vasprintf() will return -1 and set ret to be a NULL pointer.
hence:
if (passtmp == NULL) /* disaster */
errx(EX_UNAVAILABLE, "out of memory");
is checking properly asprintf return.
Am I missing something?
Best regards,
Bapt
pgpFYnWPWElFe.pgp
Description: PGP signature
