diff options
| author | Otto Moerbeek <otto@cvs.openbsd.org> | 2004-12-22 18:57:29 +0000 |
|---|---|---|
| committer | Otto Moerbeek <otto@cvs.openbsd.org> | 2004-12-22 18:57:29 +0000 |
| commit | 5dfaac9f1500daf82bfcb146882a1dc9de88e430 (patch) | |
| tree | 001ffd476fe39a714df5a3c6fb93472388197080 /bin/ksh/exec.c | |
| parent | 417f256310e4ca6f040929ed5a3a5932198f83d6 (diff) | |
Fix a use-after-free, that causs core dumps if a shell is killed
running with strict malloc.conf options. Problem spotted by hshoexer@;
fix by me with some help from millert@.
ok millert@ hshoexer@ krw@ deraadt@
Diffstat (limited to 'bin/ksh/exec.c')
| -rw-r--r-- | bin/ksh/exec.c | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/bin/ksh/exec.c b/bin/ksh/exec.c index c09ccd7a3ec..b2c87d64f3b 100644 --- a/bin/ksh/exec.c +++ b/bin/ksh/exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exec.c,v 1.38 2004/12/22 17:14:34 millert Exp $ */ +/* $OpenBSD: exec.c,v 1.39 2004/12/22 18:57:28 otto Exp $ */ /* * execute command tree @@ -166,7 +166,7 @@ execute(struct op *volatile t, i = sigsetjmp(e->jbuf, 0); if (i) { sigprocmask(SIG_SETMASK, &omask, (sigset_t *) 0); - quitenv(); + quitenv(NULL); unwind(i); /*NOTREACHED*/ } @@ -264,7 +264,7 @@ execute(struct op *volatile t, if ((e->flags&EF_BRKCONT_PASS) || (i != LBREAK && i != LCONTIN)) { - quitenv(); + quitenv(NULL); unwind(i); } else if (i == LBREAK) { rv = 0; @@ -301,7 +301,7 @@ execute(struct op *volatile t, if ((e->flags&EF_BRKCONT_PASS) || (i != LBREAK && i != LCONTIN)) { - quitenv(); + quitenv(NULL); unwind(i); } else if (i == LBREAK) { rv = 0; @@ -363,7 +363,7 @@ execute(struct op *volatile t, Break: exstat = rv; - quitenv(); /* restores IO */ + quitenv(NULL); /* restores IO */ if ((flags&XEXEC)) unwind(LEXIT); /* exit child */ if (rv != 0 && !(flags & XERROK)) { @@ -616,11 +616,11 @@ comexec(struct op *t, struct tbl *volatile tp, char **ap, volatile int flags) case LEXIT: case LLEAVE: case LSHELL: - quitenv(); + quitenv(NULL); unwind(i); /*NOTREACHED*/ default: - quitenv(); + quitenv(NULL); internal_errorf(1, "CFUNC %d", i); } break; @@ -1188,8 +1188,7 @@ herein(const char *content, int sub) i = sigsetjmp(e->jbuf, 0); if (i) { source = osource; - quitenv(); - shf_close(shf); /* after quitenv */ + quitenv(shf); close(fd); return -2; /* special to iosetup(): don't print error */ } @@ -1205,7 +1204,7 @@ herein(const char *content, int sub) } else shf_puts(content, shf); - quitenv(); + quitenv(NULL); if (shf_close(shf) == EOF) { close(fd); |