bin/83358: [patch] improper handling of malloc failures within rexec()

Dan Lukes dan at obluda.cz
Sun Jun 22 13:50:03 UTC 2008 

The following reply was made to PR bin/83358; it has been noted by GNATS.

From: Dan Lukes <dan at obluda.cz>
To: Garrett Cooper <yanefbsd at gmail.com>
Cc: bug-followup at FreeBSD.org
Subject: Re: bin/83358: [patch] improper handling of malloc failures within
 rexec()
Date: Sun, 22 Jun 2008 15:43:42 +0200

 Garrett Cooper wrote:
 > This patch includes the fixes provided previously (minus the port var
 > removal provided by the OP), plus some style fixes and source
 > updating.
 
 > +                            if (*aname == 0) {
 > +                                *aname = malloc(strlen(tokval)+1);
 > +                                if (*aname == NULL) {
 > +                                    warnx("malloc for aname failed\n");
 > +                                    goto bad;
 > +                                }
 > +                                strcpy(*aname, tokval);
 
 Minor:
 
 1.	Are you hate strdup() for a reason (in place of malloc+strcpy)?
 
 Very minor:
 
 2.	Are you sure the average user will be more happy with "malloc for 
 aname failed" than with "Cannot allocate memory for user name" ?
 
 >  bad:
 > -	(void) fclose(cfile);
 > -	return (-1);
 > +        ret_code = -1;
 > +done:
 > +        fclose(cfile);
 > +        return ret_code;
 >  }
 
 Major:
 
 3.	I found no exact specification of library function ruserpass().
 It seems you may got *aname, *apass, *aacct NULL or non-NULL on enter. 
 In the case you got NULL on enter, the memory may be allocated during 
 the processing and returned to the caller.
 
 Now what about proper cleanup (against memory leaks) ?
 
 If the function exit with 0, it's clear - the caller must free the 
 allocated memories. But what when the function fail ?
 
 To be on the safe side I would recommend to free() the memory if 
 allocated by the failing ruserpass()
 
 But if you are sure (e.g. you know the specification of ...) the caller 
 will free it even in the case of nonzero return code, it's not necesarry.
 
 > Which makes me wonder: is libcompat-4.3's rexec.c used for compiling
 > purposes at all?
 
 	The cpio and tar seems to use it.
 
 
 	By the way, it's very hard to analyze the patch containing both 
 functional and stylistic changes ...
 
 						Dan

More information about the freebsd-bugs mailing list