Am 17.08.2012 20:24, schrieb Jim Meyering: > From: Jim Meyering <meyer...@redhat.com> > > Without this, envlist_to_environ may silently fail to copy all > strings into the destination buffer, and both callers would leak > any env strings allocated after a failing strdup, because the > freeing code stops at the first NULL pointer. > > Signed-off-by: Jim Meyering <meyer...@redhat.com> > --- > envlist.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/envlist.c b/envlist.c > index 230596f..cf3f2d8 100644 > --- a/envlist.c > +++ b/envlist.c > @@ -245,8 +245,16 @@ envlist_to_environ(const envlist_t *envlist, size_t > *count) > } > > for (entry = envlist->el_entries.lh_first; entry != NULL; > - entry = entry->ev_link.le_next) { > - *(penv++) = strdup(entry->ev_var); > + entry = entry->ev_link.le_next, penv++) { > + *penv = strdup(entry->ev_var); > + if (*penv == NULL) { > + char **e = env; > + while (e <= penv) { > + free(*e++); > + } > + free(env); > + return NULL; > + } > } > *penv = NULL; /* NULL terminate the list */ >
Acked-by: Andreas Färber <afaer...@suse.de> Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg