diff options
| author | Artur Grabowski <art@cvs.openbsd.org> | 2002-09-18 22:01:16 +0000 |
|---|---|---|
| committer | Artur Grabowski <art@cvs.openbsd.org> | 2002-09-18 22:01:16 +0000 |
| commit | 02cd9bc70d585f93c8b112390d06defc09772757 (patch) | |
| tree | b5cac76760d3b59cd885604ed515905b27427e61 /sys/kern | |
| parent | 4da947a81014fb75088f059db8b12841f2a2f0fd (diff) | |
We can jump to the fail: label before shellargp is initialized.
Make sure that we don't free random memory when that happens.
From <j at pureftpd.org>
deraadt@ ok
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/exec_script.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/sys/kern/exec_script.c b/sys/kern/exec_script.c index 27f5ff7935b..1d6ce8ed3c9 100644 --- a/sys/kern/exec_script.c +++ b/sys/kern/exec_script.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exec_script.c,v 1.16 2002/08/22 22:04:42 art Exp $ */ +/* $OpenBSD: exec_script.c,v 1.17 2002/09/18 22:01:15 art Exp $ */ /* $NetBSD: exec_script.c,v 1.13 1996/02/04 02:15:06 christos Exp $ */ /* @@ -69,7 +69,7 @@ exec_script_makecmds(p, epp) int error, hdrlinelen, shellnamelen, shellarglen; char *hdrstr = epp->ep_hdr; char *cp, *shellname, *shellarg, *oldpnbuf; - char **shellargp, **tmpsap; + char **shellargp = NULL, **tmpsap; struct vnode *scriptvp; #ifdef SETUIDSCRIPTS uid_t script_uid = -1; @@ -281,12 +281,13 @@ fail: FREE(epp->ep_ndp->ni_cnd.cn_pnbuf, M_NAMEI); /* free the fake arg list, because we're not returning it */ - tmpsap = shellargp; - while (*tmpsap != NULL) { - free(*tmpsap, M_EXEC); - tmpsap++; + if ((tmpsap = shellargp) != NULL) { + while (*tmpsap != NULL) { + free(*tmpsap, M_EXEC); + tmpsap++; + } + FREE(shellargp, M_EXEC); } - FREE(shellargp, M_EXEC); /* * free any vmspace-creation commands, |