From owner-cvs-src@FreeBSD.ORG Sat Sep 6 13:17:52 2008 Return-Path: Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 91CD41065691; Sat, 6 Sep 2008 13:17:52 +0000 (UTC) (envelope-from trasz@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 8862C8FC2F; Sat, 6 Sep 2008 13:17:52 +0000 (UTC) (envelope-from trasz@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id m86DHqeF074341; Sat, 6 Sep 2008 13:17:52 GMT (envelope-from trasz@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id m86DHqqn074335; Sat, 6 Sep 2008 13:17:52 GMT (envelope-from trasz@repoman.freebsd.org) Message-Id: <200809061317.m86DHqqn074335@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to trasz@repoman.freebsd.org using -f From: Edward Tomasz Napierala Date: Sat, 6 Sep 2008 13:17:35 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src/bin/setfacl setfacl.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Sep 2008 13:17:52 -0000 trasz 2008-09-06 13:17:35 UTC FreeBSD src repository Modified files: bin/setfacl setfacl.c Log: SVN rev 182813 on 2008-09-06 13:17:35Z by trasz Fix double free in setfacl(1). Description from the author: Initially, 'acl' (an 'acl_t *') is allocated, and its ACCESS_ACL and DEFAULT_ACL fields are passed to the 'libc' ACL routines for subsequent allocation. If the '-m' option (merge existing ACL with a new one) is specified, then 'set_acl_mask()' will be called and passed one of the two ACLs. This function, in turn, replaces this given ACL structure by another, freshly allocated. However, the pointer in the 'acl' variable in the caller is not updated. The caller then proceeds to free the ACL, incurring in a double free condition. Submitted by: Pedro Martelletto Approved by: rwatson (mentor) Revision Changes Path 1.14 +6 -4 src/bin/setfacl/setfacl.c