From 37701b3c1181144cb1f8e97bcdeeb275f43118fb Mon Sep 17 00:00:00 2001 From: Otto Moerbeek Date: Tue, 4 Oct 2005 20:36:41 +0000 Subject: Fix use after free(). Bug found by mpech@; ok deraadt@ --- lib/libc/gen/login_cap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/libc/gen/login_cap.c b/lib/libc/gen/login_cap.c index d85b408f3db..227f23f041e 100644 --- a/lib/libc/gen/login_cap.c +++ b/lib/libc/gen/login_cap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_cap.c,v 1.24 2004/09/16 06:24:41 deraadt Exp $ */ +/* $OpenBSD: login_cap.c,v 1.25 2005/10/04 20:36:40 otto Exp $ */ /* * Copyright (c) 2000-2004 Todd C. Miller @@ -309,9 +309,9 @@ login_getcaptime(login_cap_t *lc, char *cap, quad_t def, quad_t e) if (!ep || ep == res || ((r == QUAD_MIN || r == QUAD_MAX) && errno == ERANGE)) { invalid: - free(sres); syslog(LOG_ERR, "%s:%s=%s: invalid time", lc->lc_class, cap, sres); + free(sres); errno = ERANGE; return (e); } @@ -393,9 +393,9 @@ login_getcapnum(login_cap_t *lc, char *cap, quad_t def, quad_t e) q = strtoll(res, &ep, 0); if (!ep || ep == res || ep[0] || ((q == QUAD_MIN || q == QUAD_MAX) && errno == ERANGE)) { - free(res); syslog(LOG_ERR, "%s:%s=%s: invalid number", lc->lc_class, cap, res); + free(res); errno = ERANGE; return (e); } @@ -444,9 +444,9 @@ login_getcapsize(login_cap_t *lc, char *cap, quad_t def, quad_t e) q = strtolimit(res, &ep, 0); if (!ep || ep == res || (ep[0] && ep[1]) || ((q == QUAD_MIN || q == QUAD_MAX) && errno == ERANGE)) { - free(res); syslog(LOG_ERR, "%s:%s=%s: invalid size", lc->lc_class, cap, res); + free(res); errno = ERANGE; return (e); } -- cgit v1.2.3