Author: stevek Date: Thu Jun 1 19:21:30 2017 New Revision: 319453 URL: https://svnweb.freebsd.org/changeset/base/319453
Log: Fix memory leak in edithost The problem is that when the parameter 'pat' is null, the function locally allocates a NULL string but never frees it. Instead of tracking the local alloc, it is noted that the while(*pat) never enters when there is a local alloc. So instead of doing the local alloc, check that 'pat' is null before the while(*pat) loop. Found using clang's static analyzer - scan-build Submitted by: Thomas Rix <t...@juniper.net> Reviewed by: markm Approved by: sjg (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D9689 Modified: head/contrib/telnet/telnetd/utility.c Modified: head/contrib/telnet/telnetd/utility.c ============================================================================== --- head/contrib/telnet/telnetd/utility.c Thu Jun 1 18:39:54 2017 (r319452) +++ head/contrib/telnet/telnetd/utility.c Thu Jun 1 19:21:30 2017 (r319453) @@ -360,30 +360,30 @@ edithost(char *pat, char *host) { char *res = editedhost; - if (!pat) - pat = strdup(""); - while (*pat) { - switch (*pat) { + if (pat) { + while (*pat) { + switch (*pat) { - case '#': - if (*host) - host++; - break; + case '#': + if (*host) + host++; + break; - case '@': - if (*host) - *res++ = *host++; - break; + case '@': + if (*host) + *res++ = *host++; + break; - default: - *res++ = *pat; - break; + default: + *res++ = *pat; + break; + } + if (res == &editedhost[sizeof editedhost - 1]) { + *res = '\0'; + return; + } + pat++; } - if (res == &editedhost[sizeof editedhost - 1]) { - *res = '\0'; - return; - } - pat++; } if (*host) (void) strncpy(res, host, _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
