As the comment says, close() frees the variable, record. So we obtain
the length by evaluating the value from the copy, cbuf instead. This fixes a crash caused by previous commit (use-after-free) Submitted by: Dimitry Andric <dimitry andric com> Pointy hat to: delphij
This commit is contained in:
parent
9fe569d8f9
commit
718d3b2852
@ -260,7 +260,7 @@ getent(char **cap, u_int *len, char **db_array, int fd, const char *name,
|
||||
errno = ENOMEM;
|
||||
return (-2);
|
||||
}
|
||||
*len = strlen(record);
|
||||
*len = strlen(cbuf);
|
||||
*cap = cbuf;
|
||||
return (retval);
|
||||
} else {
|
||||
|
Loading…
Reference in New Issue
Block a user