Mercurial > gnulib

changeset 17634:23530dae897f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
modechange: avoid memory leaks for invalid octal modes * lib/modechange.c (mode_compile): During the parsing of notations like +40, free the 'mc' buffer for invalid mode strings like +17777 (greater than the maximum octal mode), =18 (bad octal mode characters) or u=1 ('affected' with octal modes). Reproducer, e.g.: $ valgrind --leak-check=full chmod +17777 file Introduced via the 2012-03-09 commit, 4730c3e3, "modechange: add notations +40, 00440, etc.". Spotted by coverity (RESOURCE_LEAK).
author Bernhard Voelker <mail@bernhard-voelker.de>
date Wed, 26 Mar 2014 01:42:11 +0100
parents 8b21b798e6d7
children 0a7fbe4650ff
files ChangeLog lib/modechange.c
diffstat 2 files changed, 16 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Tue Mar 25 06:08:30 2014 -0700
+++ b/ChangeLog	Wed Mar 26 01:42:11 2014 +0100
@@ -1,3 +1,17 @@
+2014-03-26  Bernhard Voelker  <mail@bernhard-voelker.de>
+
+	modechange: avoid memory leaks for invalid octal modes
+	* lib/modechange.c (mode_compile): During the parsing of
+	notations like +40, free the 'mc' buffer for invalid mode
+	strings like +17777 (greater than the maximum octal mode),
+	=18 (bad octal mode characters) or u=1 ('affected' with
+	octal modes).
+	Reproducer, e.g.:
+	    $ valgrind --leak-check=full chmod +17777 file
+	Introduced via the 2012-03-09 commit, 4730c3e3, "modechange:
+	add notations +40, 00440, etc.".
+	Spotted by coverity (RESOURCE_LEAK).
+
 2014-03-24  Paul Eggert  <eggert@cs.ucla.edu>
 
 	gitlog-to-changelog: include a dummy git-log-fix file
--- a/lib/modechange.c	Tue Mar 25 06:08:30 2014 -0700
+++ b/lib/modechange.c	Wed Mar 26 01:42:11 2014 +0100
@@ -220,12 +220,12 @@
                   {
                     octal_mode = 8 * octal_mode + *p++ - '0';
                     if (ALLM < octal_mode)
-                      return NULL;
+                      goto invalid;
                   }
                 while ('0' <= *p && *p < '8');
 
                 if (affected || (*p && *p != ','))
-                  return NULL;
+                  goto invalid;
                 affected = mentioned = CHMOD_MODE_BITS;
                 value = octal_to_mode (octal_mode);
                 flag = MODE_ORDINARY_CHANGE;