diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2004-03-06 21:41:45 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2004-03-06 21:41:45 +0000 |
| commit | 89956417b40508d375254309715010722e32d72b (patch) | |
| tree | 74e7ba4d141bd5498b381400a6f314fb7e8680f5 /usr.sbin/bgpd | |
| parent | 7f6bff0ce4622a1e39aafe25ea76960bdf2f32fe (diff) | |
plug a memory leak in the lexer.
the issue is this code fragement from yylex():
. token = lookup(buf);
. yylval.v.string = strdup(buf);
. if (yylval.v.string == NULL)
. fatal("yylex: strdup");
. return (token);
lookup() tries to match buf against a list of keywords, and returns the
associated token if it has a match, or the token STRING otherwise.
STRING is the only token that needs (and free()s) yylval.v.string. however,
we assigned memory for it with the strdup in yylex for each and every token.
the fix is obviously only setting yylval.v.string when lookup() returns STRING.
Patrick Latifi noticed that something was leaking with token handling,
analysis and fix by me.
ok deraadt@
Diffstat (limited to 'usr.sbin/bgpd')
| -rw-r--r-- | usr.sbin/bgpd/parse.y | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index 143e1e4f8fa..31adefd60dd 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.70 2004/03/05 21:52:45 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.71 2004/03/06 21:41:44 henning Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -977,10 +977,9 @@ top: } while ((c = lgetc(fin)) != EOF && (allowed_in_string(c))); lungetc(c); *p = '\0'; - token = lookup(buf); - yylval.v.string = strdup(buf); - if (yylval.v.string == NULL) - fatal("yylex: strdup"); + if ((token = lookup(buf)) == STRING) + if ((yylval.v.string = strdup(buf)) == NULL) + fatal("yylex: strdup"); return (token); } if (c == '\n') { |