This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/19653] New: Potential for NULL pointer dereference (CWE-476) in glibc-2.22
- From: "wp02855 at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 17 Feb 2016 18:03:34 +0000
- Subject: [Bug libc/19653] New: Potential for NULL pointer dereference (CWE-476) in glibc-2.22
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=19653
Bug ID: 19653
Summary: Potential for NULL pointer dereference (CWE-476) in
glibc-2.22
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: wp02855 at gmail dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
Created attachment 9000
--> https://sourceware.org/bugzilla/attachment.cgi?id=9000&action=edit
patch file for above bug report (diff -u)
Hello All,
In reviewing source code in glibc-2.22, in directory 'inet', file
'ruserpass.c', there is a call to malloc() which is not checked for
a return value of NULL indicating failure, but immediately after the
call to malloc(), a call to strcpy() is made using the variable
'*aacct', but if '*aacct' is NULL, a segmentation fault/violation
will occur. The code block this is contained in is currently
commented out via the pre-processor via #if 0, but if this is
re-enabled in the future, it could segmentation fault without
the check for NULL from malloc().
The patch file below adds the necessary test for the return
value from malloc():
--- ruserpass.c.orig 2016-02-16 16:24:23.632257052 -0800
+++ ruserpass.c 2016-02-16 16:27:02.262262819 -0800
@@ -206,6 +206,10 @@
}
if (token() && *aacct == 0) {
*aacct = malloc((unsigned) strlen(tokval) + 1);
+ if (*aacct == NULL) {
+ warnx(_("out of memory"));
+ goto bad;
+ }
(void) strcpy(*aacct, tokval);
}
#endif
=======================================================================
Bill Parker (wp02855 at gmail dot com)
--
You are receiving this mail because:
You are on the CC list for the bug.