svn commit: r299821 - head/sbin/routed
Pedro F. Giffuni
pfg at FreeBSD.org
Sun May 15 02:30:35 UTC 2016
Author: pfg
Date: Sun May 15 02:30:34 2016
New Revision: 299821
URL: https://svnweb.freebsd.org/changeset/base/299821
Log:
routed(8): Avoid NULL de-reference and two possible memory leaks.
The reports and fixes are straightforward but it's nice to be able
to confirm against NetBSD.
CID: 271080, 272306, 272307
Obtained from: NetBSD (CVS ref. 1.21 - 1.23)
MFC after: 2 weeks.
Modified:
head/sbin/routed/parms.c
Modified: head/sbin/routed/parms.c
==============================================================================
--- head/sbin/routed/parms.c Sun May 15 01:15:20 2016 (r299820)
+++ head/sbin/routed/parms.c Sun May 15 02:30:34 2016 (r299821)
@@ -588,8 +588,10 @@ parse_parms(char *line,
intnetp->intnet_metric = (int)strtol(val+1,&p,0);
if (*p != '\0'
|| intnetp->intnet_metric <= 0
- || intnetp->intnet_metric >= HOPCNT_INFINITY)
+ || intnetp->intnet_metric >= HOPCNT_INFINITY) {
+ free(intnetp);
return bad_str(line);
+ }
}
if (!getnet(buf, &intnetp->intnet_addr, &intnetp->intnet_mask)
|| intnetp->intnet_mask == HOST_MASK
@@ -670,7 +672,7 @@ parse_parms(char *line,
* The parm_net stuff is needed to allow several
* -F settings.
*/
- if (!getnet(val0, &addr, &mask)
+ if (val0 == NULL || !getnet(val0, &addr, &mask)
|| parm.parm_name[0] != '\0')
return bad_str(tgt);
parm.parm_net = addr;
@@ -681,6 +683,8 @@ parse_parms(char *line,
/* since cleartext passwords are so weak allow
* them anywhere
*/
+ if (val0 == NULL)
+ return bad_str("no passwd");
msg = get_passwd(tgt,val0,&parm,RIP_AUTH_PW,1);
if (msg) {
*val0 = '\0';
@@ -812,8 +816,10 @@ parse_parms(char *line,
|| !getnet(buf2, &tg->tgate_nets[i].net,
&tg->tgate_nets[i].mask)
|| tg->tgate_nets[i].net == RIP_DEFAULT
- || tg->tgate_nets[i].mask == 0)
+ || tg->tgate_nets[i].mask == 0) {
+ free(tg);
return bad_str(tgt);
+ }
i++;
}
tg->tgate_next = tgates;
More information about the svn-src-head
mailing list