From owner-freebsd-current Sat Oct 12 18: 4:16 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1542D37B401 for ; Sat, 12 Oct 2002 18:04:15 -0700 (PDT) Received: from harrier.mail.pas.earthlink.net (harrier.mail.pas.earthlink.net [207.217.120.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAF4143EAF for ; Sat, 12 Oct 2002 18:04:14 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from pool0069.cvx21-bradley.dialup.earthlink.net ([209.179.192.69] helo=mindspring.com) by harrier.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 180XAx-0005OE-00; Sat, 12 Oct 2002 18:04:12 -0700 Message-ID: <3DA8C643.7F7235B1@mindspring.com> Date: Sat, 12 Oct 2002 18:02:59 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: jwe@che.utexas.edu, current@FreeBSD.org Subject: [PATCH] Re: man dumps core if no manpath.config directories exist References: <20021012225115.GA96279@xor.obsecurity.org> Content-Type: multipart/mixed; boundary="------------C39E6217212C1D7272E53BDF" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------C39E6217212C1D7272E53BDF Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Kris Kennaway wrote: > It's pretty clear what's going on..none of the directories in > /etc/manpath.config exist, so len=0, so malloc(0) "succeeds" and does > nothing, leaving manpathlist a null pointer. > > This situation can occur if e.g. you install the 'base' freebsd > distribution into a jail, without installing any of the manpages. In > this situation none of the manpage directories are created either. Uh... so fix it? Patch attached. Yes, this returns a strdup() without verifying the allocation; just like the caller will return the result of get_manpath() or strdup(), without verifying the allocation. This is generally bad code, and I'm not going to rewrite it to make all the interfaces reflexive, like they should be, to fix a simple bug. -- Terry --------------C39E6217212C1D7272E53BDF Content-Type: text/plain; charset=us-ascii; name="manpath.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="manpath.diff" Index: manpath.c =================================================================== RCS file: /cvs/src/gnu/usr.bin/man/manpath/manpath.c,v retrieving revision 1.12 diff -c -r1.12 manpath.c *** manpath.c 13 Feb 2001 16:55:42 -0000 1.12 --- manpath.c 12 Oct 2002 21:03:09 -0000 *************** *** 493,498 **** --- 493,501 ---- lp++; } + if (!len) + return strdup(""); + manpathlist = (char *) malloc (len); if (manpathlist == NULL) gripe_alloc (len, "manpathlist"); --------------C39E6217212C1D7272E53BDF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message