Vulnerability? Bug? Missing check after xmalloc() in xstrdup().
liupeiyu at zju.edu.cn
liupeiyu at zju.edu.cn
Mon Apr 27 04:06:41 CEST 2020
Hi,In lib/string.h line 38,staticinlinechar*xstrdup(constchar*c){size_tl=strlen(c)+1;// xmalloc may fail, and z will be NULL. char*z=xmalloc(l);// write to a NULL pointer, crash. memcpy(z,c,l);returnz;}I think this is a vulnerability, and maybe we can fix it as following:staticinlinechar*xstrdup(constchar*c){size_tl=strlen(c)+1;char*z=xmalloc(l); if(z) { memcpy(z,c,l);returnz; } else return -1;}Thanks for any consideration!Peiyu Liu, NESA lab, Zhejiang University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20200427/20dbbbda/attachment.htm>
More information about the Bird-users
mailing list