misc/73337: nsswitch: potential invalid free
Jacques Vidrine
nectar at FreeBSD.org
Sun Oct 31 01:40:33 PST 2004
>Number: 73337
>Category: misc
>Synopsis: nsswitch: potential invalid free
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Oct 31 09:40:32 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Jacques Vidrine
>Release: 5.3-STABLE
>Organization:
FreeBSD
>Environment:
FreeBSD madman.celabo.org 5.3-STABLE FreeBSD 5.3-STABLE #5: Mon Oct 18 20:11:13 CDT 2004 root at madman.celabo.org:/usr/obj/usr/src/sys/MADMAN i386
>Description:
Date: Wed, 27 Oct 2004 09:33:33 +0200
From: Danny Braniss <danny at cs.huji.ac.il>
To: bushman at rsu.ru
Cc: hackers at freebsd.org, "Jacques A. Vidrine" <nectar at freebsd.org>, "Christian S.J. Peron" <csjp at freebsd.org>
Subject: Re: nsdispatch services patch + lookupd
Message-Id: <20041027073335.8B74343D55 at mx1.FreeBSD.org>
while trying to add hesiod/dns support, i've noticed, what looks as a problem:
in nss_tls.h, the function name##_getstate(...) can return a static pointer,
which gets freed in name##_endstate(...), as far as i know, freeing a non
malloced memory is asking for trouble.
proposed fix, instead of static, also do a calloc(...).
danny
>How-To-Repeat:
>Fix:
make jacques work on it
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list