misc/73337: nsswitch: potential invalid free

[Jacques Vidrine]

>Number:         73337
>Category:       misc
>Synopsis:       nsswitch: potential invalid free
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 31 09:40:32 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Jacques Vidrine
>Release:        5.3-STABLE
>Organization:
FreeBSD
>Environment:
FreeBSD madman.celabo.org 5.3-STABLE FreeBSD 5.3-STABLE #5: Mon Oct 18 20:11:13 CDT 2004     root at madman.celabo.org:/usr/obj/usr/src/sys/MADMAN  i386
>Description:
Date: Wed, 27 Oct 2004 09:33:33 +0200                                                            
From: Danny Braniss <danny at cs.huji.ac.il>                                                        
To: bushman at rsu.ru                                                                               
Cc: hackers at freebsd.org, "Jacques A. Vidrine" <nectar at freebsd.org>,                                      "Christian S.J. Peron" <csjp at freebsd.org>                                                
Subject: Re: nsdispatch services patch + lookupd                                                 
Message-Id: <20041027073335.8B74343D55 at mx1.FreeBSD.org>                                             

while trying to add hesiod/dns support, i've noticed, what looks as a problem:

in nss_tls.h, the function name##_getstate(...) can return a static pointer,
which gets freed in name##_endstate(...), as far as i know, freeing a non
malloced memory is asking for trouble.
proposed fix, instead of static, also do a calloc(...).

danny
>How-To-Repeat:
      
>Fix:
make jacques work on it
>Release-Note:
>Audit-Trail:
>Unformatted: