lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-07-30 22:43:12 +03:00
Code Activity

posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048)

Browse Source 
POSIX requires that we make a copy, so we allocate a new string
and free it in posix_spawn_file_actions_destroy.

Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz.  This bug
may have security implications.
This commit is contained in:
Florian Weimer
2014-06-11 23:12:52 +02:00
parent c3a2ebe1f7
commit 89e435f355
6 changed files with 54 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
posix/spawn_faction_addopen.c
View File

@ -35,17 +35,24 @@ posix_spawn_file_actions_addopen (posix_spawn_file_actions_t *file_actions,
if (fd < 0 || fd >= maxfd)
return EBADF;
char *path_copy = strdup (path);
if (path_copy == NULL)
return ENOMEM;
/* Allocate more memory if needed. */
if (file_actions->__used == file_actions->__allocated
&& __posix_spawn_file_actions_realloc (file_actions) != 0)
/* This can only mean we ran out of memory. */
return ENOMEM;
{
/* This can only mean we ran out of memory. */
free (path_copy);
return ENOMEM;
}
/* Add the new value. */
rec = &file_actions->__actions[file_actions->__used];
rec->tag = spawn_do_open;
rec->action.open_action.fd = fd;
rec->action.open_action.path = path;
rec->action.open_action.path = path_copy;
rec->action.open_action.oflag = oflag;
rec->action.open_action.mode = mode;