Date: Mon, 4 Aug 2003 11:33:19 +0900 From: qhwt@myrealbox.com To: sanpei@FreeBSD.org Cc: qhwt@myrealbox.com Subject: wide-dhcps dumps core freeing modified pointer Message-ID: <20030804023319.GA969@myrealbox.com>
next in thread | raw e-mail | index | archive | help
Hello.
wide-dhcps dumps core upon boot if the bind file exists and non-empty
(actually I haven't tested if it dumps core even when the file exists
AND is empty, but who cares... :)
The bind file sometimes contains garbage (malloc error message)
after the core dump, but even if I delete the garbage and try to start dhcps
result in the same core dump.
The core dump occurs in function read_subnet() defined in server/database.c,
trying to free() a line buffer via a pointer already modified by prs_inaddr()
called from get_ip().
The following patch seem to remedie the core dump.
(I believe MIHIRA-san is the original author of this software, right?)
Regards.
--- database.c.orig Fri Jan 1 22:35:33 1999
+++ database.c Sun Aug 3 19:55:32 2003
@@ -560,15 +560,15 @@
char **cp;
struct in_addr *subnet;
{
- char *tmpstr;
+ char *tmpstr, *line;
struct in_addr *tmpaddr;
- if ((tmpstr = get_string(cp)) == NULL) {
+ if ((line = get_string(cp)) == NULL) {
errno = 0;
syslog(LOG_WARNING, "Can't get strings");
return(-1);
}
-
+ tmpstr = line;
if ((tmpaddr = get_ip(&tmpstr)) == NULL) {
errno = 0;
syslog(LOG_WARNING, "get_ip() error in read_subnet()");
@@ -576,7 +576,7 @@
}
*subnet = *tmpaddr;
- free(tmpstr);
+ free(line);
free(tmpaddr);
return(0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030804023319.GA969>