Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 May 2020 18:06:32 +0000 (UTC)
From:      Conrad Meyer <cem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r360665 - head/bin/ls
Message-ID:  <202005051806.045I6WCC083929@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: cem
Date: Tue May  5 18:06:32 2020
New Revision: 360665
URL: https://svnweb.freebsd.org/changeset/base/360665

Log:
  ls(1): Fix trivial SEGV due to NULL deref in OOM path
  
  Reported by:	Anton Rang <rang AT acm.org>
  Sponsored by:	Dell EMC Isilon

Modified:
  head/bin/ls/ls.c

Modified: head/bin/ls/ls.c
==============================================================================
--- head/bin/ls/ls.c	Tue May  5 17:57:04 2020	(r360664)
+++ head/bin/ls/ls.c	Tue May  5 18:06:32 2020	(r360665)
@@ -838,7 +838,21 @@ display(const FTSENT *p, FTSENT *list, int options)
 					group = ngroup;
 				} else {
 					user = user_from_uid(sp->st_uid, 0);
+					/*
+					 * user_from_uid(..., 0) only returns
+					 * NULL in OOM conditions.  We could
+					 * format the uid here, but (1) in
+					 * general ls(1) exits on OOM, and (2)
+					 * there is another allocation/exit
+					 * path directly below, which will
+					 * likely exit anyway.
+					 */
+					if (user == NULL)
+						err(1, "user_from_uid");
 					group = group_from_gid(sp->st_gid, 0);
+					/* Ditto. */
+					if (group == NULL)
+						err(1, "group_from_gid");
 				}
 				if ((ulen = strlen(user)) > maxuser)
 					maxuser = ulen;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005051806.045I6WCC083929>