wide-dhcps dumps core freeing modified pointer
qhwt at myrealbox.com
qhwt at myrealbox.com
Sun Aug 3 19:33:50 PDT 2003
Hello.
wide-dhcps dumps core upon boot if the bind file exists and non-empty
(actually I haven't tested if it dumps core even when the file exists
AND is empty, but who cares... :)
The bind file sometimes contains garbage (malloc error message)
after the core dump, but even if I delete the garbage and try to start dhcps
result in the same core dump.
The core dump occurs in function read_subnet() defined in server/database.c,
trying to free() a line buffer via a pointer already modified by prs_inaddr()
called from get_ip().
The following patch seem to remedie the core dump.
(I believe MIHIRA-san is the original author of this software, right?)
Regards.
--- database.c.orig Fri Jan 1 22:35:33 1999
+++ database.c Sun Aug 3 19:55:32 2003
@@ -560,15 +560,15 @@
char **cp;
struct in_addr *subnet;
{
- char *tmpstr;
+ char *tmpstr, *line;
struct in_addr *tmpaddr;
- if ((tmpstr = get_string(cp)) == NULL) {
+ if ((line = get_string(cp)) == NULL) {
errno = 0;
syslog(LOG_WARNING, "Can't get strings");
return(-1);
}
-
+ tmpstr = line;
if ((tmpaddr = get_ip(&tmpstr)) == NULL) {
errno = 0;
syslog(LOG_WARNING, "get_ip() error in read_subnet()");
@@ -576,7 +576,7 @@
}
*subnet = *tmpaddr;
- free(tmpstr);
+ free(line);
free(tmpaddr);
return(0);
More information about the freebsd-ports
mailing list