summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJim Meyering <meyering@redhat.com>2011-02-18 23:29:14 +0100
committerJim Meyering <meyering@redhat.com>2011-02-18 23:31:29 +0100
commit2895f44e891472c8e86a87989e0e2d41585b006f (patch)
tree9f7c597be4dd41eba44a1e7ecf92ed1cb1729b19
parente6067bcb040f110238bd7cbf9f3781f2e149e0c0 (diff)
downloadcoreutils-2895f44e891472c8e86a87989e0e2d41585b006f.tar.xz
stdbuf: avoid even the appearance of a possible use-after-free
There was an execution path by which "libstdbuf" could be used after being freed, but that would happen only if there were no libstdbuf.so alongside the stdbuf program and there had been an installation error leading to absence of the file, PKGLIBDIR/libstdbuf.so. * src/stdbuf.c (set_LD_PRELOAD): Rearrange loop to make it perfectly clear that there is no possibility of use-after-free. Steve Grubb reported this possible use-after-free of "libstdbuf".
-rw-r--r--src/stdbuf.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/stdbuf.c b/src/stdbuf.c
index dce338f4f..607859ca1 100644
--- a/src/stdbuf.c
+++ b/src/stdbuf.c
@@ -209,7 +209,7 @@ set_LD_PRELOAD (void)
char const *const *path = search_path;
char *libstdbuf;
- do
+ while (true)
{
struct stat sb;
@@ -224,8 +224,11 @@ set_LD_PRELOAD (void)
if (stat (libstdbuf, &sb) == 0) /* file_exists */
break;
free (libstdbuf);
+
+ ++path;
+ if ( ! *path)
+ error (EXIT_CANCELED, 0, _("failed to find %s"), quote (LIB_NAME));
}
- while (*++path);
/* FIXME: Do we need to support libstdbuf.dll, c:, '\' separators etc? */