Date: Sat, 12 Oct 2002 18:02:59 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Kris Kennaway <kris@obsecurity.org> Cc: jwe@che.utexas.edu, current@FreeBSD.org Subject: [PATCH] Re: man dumps core if no manpath.config directories exist Message-ID: <3DA8C643.7F7235B1@mindspring.com> References: <20021012225115.GA96279@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Kris Kennaway wrote:
> It's pretty clear what's going on..none of the directories in
> /etc/manpath.config exist, so len=0, so malloc(0) "succeeds" and does
> nothing, leaving manpathlist a null pointer.
>
> This situation can occur if e.g. you install the 'base' freebsd
> distribution into a jail, without installing any of the manpages. In
> this situation none of the manpage directories are created either.
Uh... so fix it?
Patch attached.
Yes, this returns a strdup() without verifying the allocation; just
like the caller will return the result of get_manpath() or strdup(),
without verifying the allocation. This is generally bad code, and
I'm not going to rewrite it to make all the interfaces reflexive,
like they should be, to fix a simple bug.
-- Terry
[-- Attachment #2 --]
Index: manpath.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/man/manpath/manpath.c,v
retrieving revision 1.12
diff -c -r1.12 manpath.c
*** manpath.c 13 Feb 2001 16:55:42 -0000 1.12
--- manpath.c 12 Oct 2002 21:03:09 -0000
***************
*** 493,498 ****
--- 493,501 ----
lp++;
}
+ if (!len)
+ return strdup("");
+
manpathlist = (char *) malloc (len);
if (manpathlist == NULL)
gripe_alloc (len, "manpathlist");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DA8C643.7F7235B1>