From owner-freebsd-audit  Wed Dec 13 15: 9:53 2000
From owner-freebsd-audit@FreeBSD.ORG  Wed Dec 13 15:09:50 2000
Return-Path: <owner-freebsd-audit@FreeBSD.ORG>
Delivered-To: freebsd-audit@freebsd.org
Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40])
	by hub.freebsd.org (Postfix) with ESMTP id 6CD9E37B69F
	for <freebsd-audit@freebsd.org>; Wed, 13 Dec 2000 15:09:42 -0800 (PST)
Received: by peitho.fxp.org (Postfix, from userid 1501)
	id 2EC3713612; Wed, 13 Dec 2000 18:09:45 -0500 (EST)
Date: Wed, 13 Dec 2000 18:09:45 -0500
From: Chris Faulhaber <jedgar@fxp.org>
To: "Michael C . Wu" <keichii@peorth.iteration.net>
Cc: freebsd-audit@freebsd.org
Subject: Re: libintl audit.
Message-ID: <20001213180945.A79894@peitho.fxp.org>
Mail-Followup-To: Chris Faulhaber <jedgar@fxp.org>,
	"Michael C . Wu" <keichii@peorth.iteration.net>,
	freebsd-audit@freebsd.org
References: <20001213163638.A17119@peorth.iteration.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20001213163638.A17119@peorth.iteration.net>; from keichii@iteration.net on Wed, Dec 13, 2000 at 04:36:38PM -0600
Sender: cdf.lists@fxp.org
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Dec 13, 2000 at 04:36:38PM -0600, Michael C . Wu wrote:
> Hello guys,
> 
> Will someone audit the attached tarball for me? :)
> 

So far: you should probably check the return values of strdup(3) calls.

I will take a closer look at the code when I get a chance this evening :)

-- 
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

--- gettext.c.orig	Wed Dec  6 02:39:35 2000
+++ gettext.c	Wed Dec 13 18:01:11 2000
@@ -405,6 +405,8 @@
 		v = NULL;
 	if (v) {
 		mohandle.mo.mo_charset = strdup(v + 8);
+		if (!mohandle.mo.mo_charset)
+			goto fail;
 		v = strchr(mohandle.mo.mo_charset, '\n');
 		if (v)
 			*v = '\0';
@@ -575,9 +577,13 @@
 	if (odomainname)
 		free(odomainname);
 	odomainname = strdup(domainname);
+	if (!odomainname)
+		goto fail;
 	if (ocname)
 		free(ocname);
 	ocname = strdup(cname);
+	if (!ocname)
+		goto fail;
 
 	strlcpy(olpath, lpath, sizeof(olpath));
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message