From: Jim Meyering <meyer...@redhat.com> Without this, envlist_to_environ may silently fail to copy all strings into the destination buffer, and both callers would leak any env strings allocated after a failing strdup, because the freeing code stops at the first NULL pointer.
Signed-off-by: Jim Meyering <meyer...@redhat.com> --- envlist.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/envlist.c b/envlist.c index 1d98108..0dfb56c 100644 --- a/envlist.c +++ b/envlist.c @@ -234,8 +234,16 @@ envlist_to_environ(const envlist_t *envlist, size_t *count) return (NULL); for (entry = envlist->el_entries.lh_first; entry != NULL; - entry = entry->ev_link.le_next) { - *(penv++) = strdup(entry->ev_var); + entry = entry->ev_link.le_next, penv++) { + *penv = strdup(entry->ev_var); + if (*penv == NULL) { + char **e = env; + while (e <= penv) { + free(*e++); + } + free(env); + return NULL; + } } *penv = NULL; /* NULL terminate the list */ -- 1.7.10.2.552.gaa3bb87