CVS commit: src/share/examples/puffs/pgfs

Mon, 22 Apr 2013 06:28:32 -0700 

Module Name:    src
Committed By:   yamt
Date:           Mon Apr 22 13:28:28 UTC 2013

Modified Files:
        src/share/examples/puffs/pgfs: mount.c

Log Message:
fix user-after-free bug


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/share/examples/puffs/pgfs/mount.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/share/examples/puffs/pgfs/mount.c
diff -u src/share/examples/puffs/pgfs/mount.c:1.3 src/share/examples/puffs/pgfs/mount.c:1.4
--- src/share/examples/puffs/pgfs/mount.c:1.3	Mon Apr 22 13:27:49 2013
+++ src/share/examples/puffs/pgfs/mount.c	Mon Apr 22 13:28:28 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: mount.c,v 1.3 2013/04/22 13:27:49 yamt Exp $	*/
+/*	$NetBSD: mount.c,v 1.4 2013/04/22 13:28:28 yamt Exp $	*/
 
 /*-
  * Copyright (c)2010,2011 YAMAMOTO Takashi,
@@ -28,7 +28,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: mount.c,v 1.3 2013/04/22 13:27:49 yamt Exp $");
+__RCSID("$NetBSD: mount.c,v 1.4 2013/04/22 13:28:28 yamt Exp $");
 #endif /* not lint */
 
 #include <err.h>
@@ -40,6 +40,7 @@ __RCSID("$NetBSD: mount.c,v 1.3 2013/04/
 #include <stdbool.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <util.h>
 
 #include "pgfs.h"
 #include "pgfs_db.h"
@@ -47,6 +48,21 @@ __RCSID("$NetBSD: mount.c,v 1.3 2013/04/
 #define	PGFS_MNT_ALT_DUMMY	1
 #define	PGFS_MNT_ALT_DEBUG	2
 
+static char *
+xstrcpy(const char *str)
+{
+	char *n;
+	size_t len;
+
+	if (str == NULL) {
+		return NULL;
+	}
+	len = strlen(str);
+	n = emalloc(len + 1);
+	memcpy(n, str, len + 1);
+	return n;
+}
+
 int
 main(int argc, char *argv[])
 {
@@ -94,8 +110,8 @@ main(int argc, char *argv[])
 				err(EXIT_FAILURE, "getmntopts");
 			}
 			getmnt_silent = 1; /* XXX silly api */
-			dbname = getmntoptstr(mp, "dbname");
-			dbuser = getmntoptstr(mp, "dbuser");
+			dbname = xstrcpy(getmntoptstr(mp, "dbname"));
+			dbuser = xstrcpy(getmntoptstr(mp, "dbuser"));
 			v = getmntoptnum(mp, "nconn");
 			getmnt_silent = 0;
 			if (v != -1) {
@@ -143,6 +159,8 @@ main(int argc, char *argv[])
 		err(EXIT_FAILURE, "puffs_init");
 	}
 	error = pgfs_connectdb(pu, dbname, dbuser, debug, dosync, nconn);
+	free(__UNCONST(dbname));
+	free(__UNCONST(dbuser));
 	if (error != 0) {
 		errno = error;
 		err(EXIT_FAILURE, "pgfs_connectdb");

Reply via email to