Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 12 Oct 2002 18:02:59 -0700
From:      Terry Lambert <tlambert2@mindspring.com>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        jwe@che.utexas.edu, current@FreeBSD.org
Subject:   [PATCH] Re: man dumps core if no manpath.config directories exist
Message-ID:  <3DA8C643.7F7235B1@mindspring.com>
References:  <20021012225115.GA96279@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.
--------------C39E6217212C1D7272E53BDF
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Kris Kennaway wrote:
> It's pretty clear what's going on..none of the directories in
> /etc/manpath.config exist, so len=0, so malloc(0) "succeeds" and does
> nothing, leaving manpathlist a null pointer.
> 
> This situation can occur if e.g. you install the 'base' freebsd
> distribution into a jail, without installing any of the manpages.  In
> this situation none of the manpage directories are created either.

Uh... so fix it?

Patch attached.

Yes, this returns a strdup() without verifying the allocation; just
like the caller will return the result of get_manpath() or strdup(),
without verifying the allocation.  This is generally bad code, and
I'm not going to rewrite it to make all the interfaces reflexive,
like they should be, to fix a simple bug.

-- Terry
--------------C39E6217212C1D7272E53BDF
Content-Type: text/plain; charset=us-ascii;
 name="manpath.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="manpath.diff"

Index: manpath.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/man/manpath/manpath.c,v
retrieving revision 1.12
diff -c -r1.12 manpath.c
*** manpath.c	13 Feb 2001 16:55:42 -0000	1.12
--- manpath.c	12 Oct 2002 21:03:09 -0000
***************
*** 493,498 ****
--- 493,501 ----
        lp++;
      }
  
+   if (!len)
+     return strdup("");
+ 
    manpathlist = (char *) malloc (len);
    if (manpathlist == NULL)
      gripe_alloc (len, "manpathlist");

--------------C39E6217212C1D7272E53BDF--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DA8C643.7F7235B1>