From: Jim Meyering <[EMAIL PROTECTED]> * arch/um/os-Linux/mem.c (make_tempfile): Don't deref NULL upon failed malloc.
* arch/um/os-Linux/mem.c (make_tempfile): Handle NULL tempdir. Don't let a long tempdir (e.g., via TMPDIR) provoke heap corruption. [ jdike - formatting cleanups, deleted obsolete comment ] Signed-off-by: Jim Meyering <[EMAIL PROTECTED]> Signed-off-by: Jeff Dike <[EMAIL PROTECTED]> --- arch/um/os-Linux/mem.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) Index: linux-2.6-git/arch/um/os-Linux/mem.c =================================================================== --- linux-2.6-git.orig/arch/um/os-Linux/mem.c 2008-02-05 13:20:46.000000000 -0500 +++ linux-2.6-git/arch/um/os-Linux/mem.c 2008-02-05 16:37:37.000000000 -0500 @@ -162,11 +162,6 @@ found: goto out; } -/* - * This proc still used in tt-mode - * (file: kernel/tt/ptproxy/proxy.c, proc: start_debugger). - * So it isn't 'static' yet. - */ static int __init make_tempfile(const char *template, char **out_tempname, int do_unlink) { @@ -175,10 +170,13 @@ static int __init make_tempfile(const ch which_tmpdir(); tempname = malloc(MAXPATHLEN); - if (!tempname) - goto out; + if (tempname == NULL) + return -1; find_tempdir(); + if ((tempdir == NULL) || (strlen(tempdir) >= MAXPATHLEN)) + return -1; + if (template[0] != '/') strcpy(tempname, tempdir); else @@ -196,9 +194,8 @@ static int __init make_tempfile(const ch } if (out_tempname) { *out_tempname = tempname; - } else { + } else free(tempname); - } return fd; out: free(tempname); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/