[Bug 207627] Negative array index in ctl.c
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Jul 16 22:02:38 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207627
--- Comment #2 from rday <ryan at ryanday.net> ---
Comment on attachment 172594
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=172594
Proposed patch for #207627
After looking over the code I wanted to propose a patch to fix this problem.
If the name length or value length was 0, a negative array index would occur
while checking for a NUL terminator. This patch adds a check preventing a 0
name length or value length.
Since the length of value shouldn't be negative, this patch changes the type of
namelen and vallen to unsigned.
If memory couldn't be allocated for the argument name or value, the bailout
path would attempt to free() a null pointer. This patch adds a check to prevent
that from happening.
I also updated some comments detailing which values need a nul termination.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list