d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dispatch_add_command:

Browse Source 
Modify the logic so there's only one exit point instead of two.
Only insert valid (non-NULL) values into the queue.

dispatch_free_command:
Ensure that item is not NULL before removing it from the queue and
dereferencing the pointer.
NULL out free'd pointers to catch any use-after-free bugs.

PR:	bin/146855
Submitted by:	gcooper
MFC after: 3 days
This commit is contained in:
Rebecca Cran 2010-11-21 14:34:25 +00:00
parent c86bcbb3a7
commit f22de230a1
1 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
usr.sbin/sysinstall/dispatch.c
View File

@ -136,8 +136,12 @@ typedef struct command_buffer_ {
static void
dispatch_free_command(command_buffer *item)
{
REMQUE(item);
free(item->string);
if (item != NULL) {
REMQUE(item);
free(item->string);
item->string = NULL;
}
free(item);
}
@ -155,19 +159,29 @@ dispatch_free_all(qelement *head)
static command_buffer *
dispatch_add_command(qelement *head, char *string)
{
command_buffer *new;
command_buffer *new = NULL;
new = malloc(sizeof(command_buffer));
if (!new)
return NULL;
if (new != NULL) {
new->string = strdup(string);
INSQUEUE(new, head->q_back);
new->string = strdup(string);
/*
* We failed to copy `string'; clean up the allocated
* resources.
*/
if (new->string == NULL) {
free(new);
new = NULL;
} else {
INSQUEUE(new, head->q_back);
}
}
return new;
}
/*
* Command processing
*/
@ -280,7 +294,7 @@ dispatchCommand(char *str)
return i;
}
/*
* File processing
*/