svn commit: r319453 - head/contrib/telnet/telnetd
Stephen J. Kiernan
stevek at FreeBSD.org
Thu Jun 1 19:21:32 UTC 2017
Author: stevek
Date: Thu Jun 1 19:21:30 2017
New Revision: 319453
URL: https://svnweb.freebsd.org/changeset/base/319453
Log:
Fix memory leak in edithost
The problem is that when the parameter 'pat' is null, the function locally
allocates a NULL string but never frees it.
Instead of tracking the local alloc, it is noted that the while(*pat) never
enters when there is a local alloc.
So instead of doing the local alloc, check that 'pat' is null before the
while(*pat) loop.
Found using clang's static analyzer - scan-build
Submitted by: Thomas Rix <trix at juniper.net>
Reviewed by: markm
Approved by: sjg (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D9689
Modified:
head/contrib/telnet/telnetd/utility.c
Modified: head/contrib/telnet/telnetd/utility.c
==============================================================================
--- head/contrib/telnet/telnetd/utility.c Thu Jun 1 18:39:54 2017 (r319452)
+++ head/contrib/telnet/telnetd/utility.c Thu Jun 1 19:21:30 2017 (r319453)
@@ -360,30 +360,30 @@ edithost(char *pat, char *host)
{
char *res = editedhost;
- if (!pat)
- pat = strdup("");
- while (*pat) {
- switch (*pat) {
+ if (pat) {
+ while (*pat) {
+ switch (*pat) {
- case '#':
- if (*host)
- host++;
- break;
+ case '#':
+ if (*host)
+ host++;
+ break;
- case '@':
- if (*host)
- *res++ = *host++;
- break;
+ case '@':
+ if (*host)
+ *res++ = *host++;
+ break;
- default:
- *res++ = *pat;
- break;
+ default:
+ *res++ = *pat;
+ break;
+ }
+ if (res == &editedhost[sizeof editedhost - 1]) {
+ *res = '\0';
+ return;
+ }
+ pat++;
}
- if (res == &editedhost[sizeof editedhost - 1]) {
- *res = '\0';
- return;
- }
- pat++;
}
if (*host)
(void) strncpy(res, host,
More information about the svn-src-head
mailing list