diff options
| author | Rami Ylimäki <rami.ylimaki@vincit.fi> | 2011-03-23 17:47:50 +0200 |
|---|---|---|
| committer | Peter Harris <pharris@opentext.com> | 2011-03-24 11:30:21 -0400 |
| commit | 70976d87f18d15c2ccc28eb7728e4822d3849e0d (patch) | |
| tree | 1e8a654d536ce97f8acb60d1fe014ff7c55ba0e6 /src | |
| parent | 3678159e4ed64502f9ce218a63c8d069649f2215 (diff) | |
Prevent theoretical double free and leak on get_peer_sock_name.
Variable new_sockname will leak and sockname will be double freed if
both of the cases shown below are true.
1. realloc succeeds and doesn't return the original pointer
2. calling socket_func fails
Signed-off-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Reviewed-by: Arnaud Fontaine <arnau@debian.org>
Signed-off-by: Peter Harris <pharris@opentext.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/xcb_auth.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/xcb_auth.c b/src/xcb_auth.c index 4839b78..a3a7e45 100644 --- a/src/xcb_auth.c +++ b/src/xcb_auth.c @@ -261,7 +261,7 @@ static struct sockaddr *get_peer_sock_name(int (*socket_func)(int, { socklen_t socknamelen = sizeof(struct sockaddr) + INITIAL_SOCKNAME_SLACK; socklen_t actual_socknamelen = socknamelen; - struct sockaddr *sockname = malloc(socknamelen), *new_sockname = NULL; + struct sockaddr *sockname = malloc(socknamelen); if (sockname == NULL) return NULL; @@ -274,14 +274,17 @@ static struct sockaddr *get_peer_sock_name(int (*socket_func)(int, if (actual_socknamelen > socknamelen) { + struct sockaddr *new_sockname = NULL; socknamelen = actual_socknamelen; - if ((new_sockname = realloc(sockname, actual_socknamelen)) == NULL || - socket_func(fd, new_sockname, &actual_socknamelen) == -1 || - actual_socknamelen > socknamelen) + if ((new_sockname = realloc(sockname, actual_socknamelen)) == NULL) goto sock_or_realloc_error; sockname = new_sockname; + + if (socket_func(fd, sockname, &actual_socknamelen) == -1 || + actual_socknamelen > socknamelen) + goto sock_or_realloc_error; } return sockname; |