From owner-svn-src-all@FreeBSD.ORG Wed Nov 24 21:58:15 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 785EE1065740; Wed, 24 Nov 2010 21:58:15 +0000 (UTC) (envelope-from brucec@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 4CD9A8FC13; Wed, 24 Nov 2010 21:58:15 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id oAOLwFH3084348; Wed, 24 Nov 2010 21:58:15 GMT (envelope-from brucec@svn.freebsd.org) Received: (from brucec@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id oAOLwFse084346; Wed, 24 Nov 2010 21:58:15 GMT (envelope-from brucec@svn.freebsd.org) Message-Id: <201011242158.oAOLwFse084346@svn.freebsd.org> From: Bruce Cran Date: Wed, 24 Nov 2010 21:58:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r215807 - stable/7/usr.sbin/sysinstall X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Nov 2010 21:58:15 -0000 Author: brucec Date: Wed Nov 24 21:58:15 2010 New Revision: 215807 URL: http://svn.freebsd.org/changeset/base/215807 Log: MFC r215637: dispatch_add_command: Modify the logic so there's only one exit point instead of two. Only insert valid (non-NULL) values into the queue. dispatch_free_command: Ensure that item is not NULL before removing it from the queue and dereferencing the pointer. NULL out free'd pointers to catch any use-after-free bugs. PR: bin/146855 Submitted by: gcooper Modified: stable/7/usr.sbin/sysinstall/dispatch.c Directory Properties: stable/7/usr.sbin/sysinstall/ (props changed) Modified: stable/7/usr.sbin/sysinstall/dispatch.c ============================================================================== --- stable/7/usr.sbin/sysinstall/dispatch.c Wed Nov 24 21:57:45 2010 (r215806) +++ stable/7/usr.sbin/sysinstall/dispatch.c Wed Nov 24 21:58:15 2010 (r215807) @@ -135,8 +135,12 @@ typedef struct command_buffer_ { static void dispatch_free_command(command_buffer *item) { - REMQUE(item); - free(item->string); + if (item != NULL) { + REMQUE(item); + free(item->string); + item->string = NULL; + } + free(item); } @@ -154,19 +158,29 @@ dispatch_free_all(qelement *head) static command_buffer * dispatch_add_command(qelement *head, char *string) { - command_buffer *new; + command_buffer *new = NULL; new = malloc(sizeof(command_buffer)); - if (!new) - return NULL; + if (new != NULL) { - new->string = strdup(string); - INSQUEUE(new, head->q_back); + new->string = strdup(string); + + /* + * We failed to copy `string'; clean up the allocated + * resources. + */ + if (new->string == NULL) { + free(new); + new = NULL; + } else { + INSQUEUE(new, head->q_back); + } + } return new; } - + /* * Command processing */ @@ -278,7 +292,7 @@ dispatchCommand(char *str) return i; } - + /* * File processing */