From owner-svn-src-all@freebsd.org Sun May 15 02:30:35 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF654B39F4F; Sun, 15 May 2016 02:30:35 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 681CF1CDE; Sun, 15 May 2016 02:30:35 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u4F2UYGH040439; Sun, 15 May 2016 02:30:34 GMT (envelope-from pfg@FreeBSD.org) Received: (from pfg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u4F2UYBx040438; Sun, 15 May 2016 02:30:34 GMT (envelope-from pfg@FreeBSD.org) Message-Id: <201605150230.u4F2UYBx040438@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pfg set sender to pfg@FreeBSD.org using -f From: "Pedro F. Giffuni" Date: Sun, 15 May 2016 02:30:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r299821 - head/sbin/routed X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 May 2016 02:30:35 -0000 Author: pfg Date: Sun May 15 02:30:34 2016 New Revision: 299821 URL: https://svnweb.freebsd.org/changeset/base/299821 Log: routed(8): Avoid NULL de-reference and two possible memory leaks. The reports and fixes are straightforward but it's nice to be able to confirm against NetBSD. CID: 271080, 272306, 272307 Obtained from: NetBSD (CVS ref. 1.21 - 1.23) MFC after: 2 weeks. Modified: head/sbin/routed/parms.c Modified: head/sbin/routed/parms.c ============================================================================== --- head/sbin/routed/parms.c Sun May 15 01:15:20 2016 (r299820) +++ head/sbin/routed/parms.c Sun May 15 02:30:34 2016 (r299821) @@ -588,8 +588,10 @@ parse_parms(char *line, intnetp->intnet_metric = (int)strtol(val+1,&p,0); if (*p != '\0' || intnetp->intnet_metric <= 0 - || intnetp->intnet_metric >= HOPCNT_INFINITY) + || intnetp->intnet_metric >= HOPCNT_INFINITY) { + free(intnetp); return bad_str(line); + } } if (!getnet(buf, &intnetp->intnet_addr, &intnetp->intnet_mask) || intnetp->intnet_mask == HOST_MASK @@ -670,7 +672,7 @@ parse_parms(char *line, * The parm_net stuff is needed to allow several * -F settings. */ - if (!getnet(val0, &addr, &mask) + if (val0 == NULL || !getnet(val0, &addr, &mask) || parm.parm_name[0] != '\0') return bad_str(tgt); parm.parm_net = addr; @@ -681,6 +683,8 @@ parse_parms(char *line, /* since cleartext passwords are so weak allow * them anywhere */ + if (val0 == NULL) + return bad_str("no passwd"); msg = get_passwd(tgt,val0,&parm,RIP_AUTH_PW,1); if (msg) { *val0 = '\0'; @@ -812,8 +816,10 @@ parse_parms(char *line, || !getnet(buf2, &tg->tgate_nets[i].net, &tg->tgate_nets[i].mask) || tg->tgate_nets[i].net == RIP_DEFAULT - || tg->tgate_nets[i].mask == 0) + || tg->tgate_nets[i].mask == 0) { + free(tg); return bad_str(tgt); + } i++; } tg->tgate_next = tgates;