d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Always return either a dynamically allocated string or NULL from

Browse Source 
expand().  Never return the name parameter, which could be a the buf[]
buffer which is allocated on the stack by getdeadletter() and which
would then be used after getdeadletter() has returned.

Reported by:	Coverity
CID:		1199383
MFC after:	1 week
This commit is contained in:
Don Lewis 2016-05-13 06:15:05 +00:00
parent dde1276e8e
commit 090fc1c839
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
usr.bin/mail/fio.c
View File

@ -367,10 +367,10 @@ expand(char *name)
name = savestr(xname); name = savestr(xname);
} }
if (!strpbrk(name, "~{[*?$`'\"\\")) if (!strpbrk(name, "~{[*?$`'\"\\"))
return (name); return (savestr(name));
if (pipe(pivec) < 0) { if (pipe(pivec) < 0) {
warn("pipe"); warn("pipe");
return (name); return (NULL);
} }
(void)snprintf(cmdbuf, sizeof(cmdbuf), "echo %s", name); (void)snprintf(cmdbuf, sizeof(cmdbuf), "echo %s", name);
if ((sh = value("SHELL")) == NULL) if ((sh = value("SHELL")) == NULL)