Vulnerability? Bug? Missing check after xmalloc() in xstrdup().

Maria Matějka maria.matejka at nic.cz
Mon Apr 27 08:18:55 CEST 2020


Hello!
xmalloc is guaranteed to return non-NULL. If it were to return NULL, BIRD would die instead. That's why it's xmalloc and not malloc.
Maria


On April 27, 2020 5:26:58 AM GMT+02:00, liupeiyu at zju.edu.cn wrote:
>Hi,
>
>In lib/string.h line 38,
>
>static inline char * 
>xstrdup(const char *c) 
>{ 
>    size_t l = strlen(c) + 1;
>    // xmalloc may fail, and z will be NULL. 
>    char *z = xmalloc(l);
>    // write to a NULL pointer, crash. 
>    memcpy(z, c, l); 
>    return z; 
>} 
>
>I think this is a vulnerability, and maybe we can fix it as following:
>
>static inline char * 
>xstrdup(const char *c) 
>{ 
>    size_t l = strlen(c) + 1;
>    char *z = xmalloc(1);
>    if(z)
>    { 
>        memcpy(z, c, l);
>        return z;
>    }
>    else return -1; 
>}
>
>Thanks for any consideration!
>
>Peiyu Liu, 
>NESA lab, 
>Zhejiang University
>
>
>
>--
>
>-----原始邮件-----
>发件人:liupeiyu at zju.edu.cn
>发送时间:2020-04-27 10:06:41 (星期一)
>收件人:bird-users at network.cz
>抄送: 
>主题:Vulnerability? Bug?  Missing check after xmalloc() in xstrdup().
>
>Hi,
>
>In lib/string.h line 38,
>
>static inline char * 
>xstrdup(const char *c) 
>{ size_t l = strlen(c) + 1;
>// xmalloc may fail, and z will be NULL. 
>char *z = xmalloc(l);
>// write to a NULL pointer, crash. 
>memcpy(z, c, l); 
>return z; 
>} 
>
>I think this is a vulnerability, and maybe we can fix it as following:
>
> 
>static inline char * 
>xstrdup(const char *c) 
>{ 
>size_t l = strlen(c) + 1;
>char *z = xmalloc(1);
>if(z)
>{ 
>memcpy(z, c, l);
>return z;
>}
>else return -1; 
>}
>
>Thanks for any consideration!
>
>Peiyu Liu, 
>NESA lab, 
>Zhejiang University

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20200427/3218de8a/attachment.htm>


More information about the Bird-users mailing list