summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOtto Moerbeek <otto@cvs.openbsd.org>2005-10-04 20:36:41 +0000
committerOtto Moerbeek <otto@cvs.openbsd.org>2005-10-04 20:36:41 +0000
commit37701b3c1181144cb1f8e97bcdeeb275f43118fb (patch)
treebe76d1153ba4ad486f052fdc23ee5354968ed2de
parenta752b99718bb1e5a0c1ade9994f06968e9d01f67 (diff)
Fix use after free(). Bug found by mpech@; ok deraadt@
-rw-r--r--lib/libc/gen/login_cap.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/libc/gen/login_cap.c b/lib/libc/gen/login_cap.c
index d85b408f3db..227f23f041e 100644
--- a/lib/libc/gen/login_cap.c
+++ b/lib/libc/gen/login_cap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_cap.c,v 1.24 2004/09/16 06:24:41 deraadt Exp $ */
+/* $OpenBSD: login_cap.c,v 1.25 2005/10/04 20:36:40 otto Exp $ */
/*
* Copyright (c) 2000-2004 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -309,9 +309,9 @@ login_getcaptime(login_cap_t *lc, char *cap, quad_t def, quad_t e)
if (!ep || ep == res ||
((r == QUAD_MIN || r == QUAD_MAX) && errno == ERANGE)) {
invalid:
- free(sres);
syslog(LOG_ERR, "%s:%s=%s: invalid time",
lc->lc_class, cap, sres);
+ free(sres);
errno = ERANGE;
return (e);
}
@@ -393,9 +393,9 @@ login_getcapnum(login_cap_t *lc, char *cap, quad_t def, quad_t e)
q = strtoll(res, &ep, 0);
if (!ep || ep == res || ep[0] ||
((q == QUAD_MIN || q == QUAD_MAX) && errno == ERANGE)) {
- free(res);
syslog(LOG_ERR, "%s:%s=%s: invalid number",
lc->lc_class, cap, res);
+ free(res);
errno = ERANGE;
return (e);
}
@@ -444,9 +444,9 @@ login_getcapsize(login_cap_t *lc, char *cap, quad_t def, quad_t e)
q = strtolimit(res, &ep, 0);
if (!ep || ep == res || (ep[0] && ep[1]) ||
((q == QUAD_MIN || q == QUAD_MAX) && errno == ERANGE)) {
- free(res);
syslog(LOG_ERR, "%s:%s=%s: invalid size",
lc->lc_class, cap, res);
+ free(res);
errno = ERANGE;
return (e);
}