Vulnerability? Bug? Missing check after xmalloc() in xstrdup().
liupeiyu at zju.edu.cn
liupeiyu at zju.edu.cn
Mon Apr 27 05:26:58 CEST 2020
Hi,
In lib/string.h line 38,
static inline char *
xstrdup(const char *c)
{
size_t l = strlen(c) + 1;
// xmalloc may fail, and z will be NULL.
char *z = xmalloc(l);
// write to a NULL pointer, crash.
memcpy(z, c, l);
return z;
}
I think this is a vulnerability, and maybe we can fix it as following:
static inline char *
xstrdup(const char *c)
{
size_t l = strlen(c) + 1;
char *z = xmalloc(1);
if(z)
{
memcpy(z, c, l);
return z;
}
else return -1;
}
Thanks for any consideration!
Peiyu Liu,
NESA lab,
Zhejiang University
--
-----原始邮件-----
发件人:liupeiyu at zju.edu.cn
发送时间:2020-04-27 10:06:41 (星期一)
收件人:bird-users at network.cz
抄送:
主题:Vulnerability? Bug? Missing check after xmalloc() in xstrdup().
Hi,
In lib/string.h line 38,
static inline char *
xstrdup(const char *c)
{ size_t l = strlen(c) + 1;
// xmalloc may fail, and z will be NULL.
char *z = xmalloc(l);
// write to a NULL pointer, crash.
memcpy(z, c, l);
return z;
}
I think this is a vulnerability, and maybe we can fix it as following:
static inline char *
xstrdup(const char *c)
{
size_t l = strlen(c) + 1;
char *z = xmalloc(1);
if(z)
{
memcpy(z, c, l);
return z;
}
else return -1;
}
Thanks for any consideration!
Peiyu Liu,
NESA lab,
Zhejiang University
More information about the Bird-users
mailing list