Hello,
Recently we did a static code analysis of the IGMP proxy
code, and we believe we've found a bug in one of the modules. We'd like to
send the fix upstream; please find attached our patch for the bug.
The bug is a problem with memory management on line 244 of the config.c
module. A buffer is allocated that is always one byte too small for the data
that is placed in it.
Thanks for your work with the IGMP proxy.
Regards,
Joe Walsh
--
genua
Gesellschaft fuer Netzwerk- und Unix-Administration mbH
Domagkstrasse 7, 85551 Kirchheim bei Muenchen
tel +49 89 991950-0, fax -999, www.genua.de
Geschaeftsfuehrer: Dr. Magnus Harlander, Dr. Michaela Harlander,
Bernhard Schneck. Amtsgericht Muenchen HRB 98238
--- config.c Mon Jun 3 16:16:30 2013
+++ config.c Mon Jun 3 18:44:21 2013
@@ -241,11 +241,10 @@
tmpPtr->allowednets = NULL;
// Make a copy of the token to store the IF name
- tmpPtr->name = (char *)malloc( sizeof(char) * strlen(token) );
+ tmpPtr->name = strdup(token);
if(tmpPtr->name == NULL) {
log(LOG_ERR, 0, "Out of memory.");
}
- strcpy(tmpPtr->name, token);
// Set the altnet pointer to the allowednets pointer.
anetPtr = &tmpPtr->allowednets;
