svn commit: r309642 - stable/10/contrib/telnet/telnetd

Tue, 06 Dec 2016 10:52:58 -0800 

Author: glebius
Date: Tue Dec  6 18:52:18 2016
New Revision: 309642
URL: https://svnweb.freebsd.org/changeset/base/309642

Log:
  Merge r309638 from head:
  
    When telnetd(8) composes argument list for login(1), an unexpected sequence
    of memory allocation failures combined with insufficient error checking
    could result in the construction and execution of an argument sequence that
    was not intended.
  
    Fix that treating malloc(3) failures as fatal condition.
  
  Submitted by: brooks
  Security:     FreeBSD-SA-16:36.telnetd

Modified:
  stable/10/contrib/telnet/telnetd/sys_term.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/contrib/telnet/telnetd/sys_term.c
==============================================================================
--- stable/10/contrib/telnet/telnetd/sys_term.c Tue Dec  6 18:52:02 2016        
(r309641)
+++ stable/10/contrib/telnet/telnetd/sys_term.c Tue Dec  6 18:52:18 2016        
(r309642)
@@ -1159,7 +1159,7 @@ addarg(char **argv, const char *val)
                 */
                argv = (char **)malloc(sizeof(*argv) * 12);
                if (argv == NULL)
-                       return(NULL);
+                       fatal(net, "failure allocating argument space");
                *argv++ = (char *)10;
                *argv = (char *)0;
        }
@@ -1170,11 +1170,12 @@ addarg(char **argv, const char *val)
                *argv = (char *)((long)(*argv) + 10);
                argv = (char **)realloc(argv, sizeof(*argv)*((long)(*argv) + 
2));
                if (argv == NULL)
-                       return(NULL);
+                       fatal(net, "failure allocating argument space");
                argv++;
                cpp = &argv[(long)argv[-1] - 10];
        }
-       *cpp++ = strdup(val);
+       if ((*cpp++ = strdup(val)) == NULL)
+               fatal(net, "failure allocating argument space");
        *cpp = 0;
        return(argv);
 }
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"

Reply via email to