Hi, In lib/string.h line 38, static inline char * xstrdup(const char *c) { size_t l = strlen(c) + 1; // xmalloc may fail, and z will be NULL. char *z = xmalloc(l); // write to a NULL pointer, crash. memcpy(z, c, l); return z; } I think this is a vulnerability, and maybe we can fix it as following: static inline char * xstrdup(const char *c) { size_t l = strlen(c) + 1; char *z = xmalloc(1); if(z) { memcpy(z, c, l); return z; } else return -1; } Thanks for any consideration! Peiyu Liu, NESA lab, Zhejiang University -- -----原始邮件----- 发件人:liupeiyu@zju.edu.cn 发送时间:2020-04-27 10:06:41 (星期一) 收件人:bird-users@network.cz 抄送: 主题:Vulnerability? Bug? Missing check after xmalloc() in xstrdup(). Hi, In lib/string.h line 38, static inline char * xstrdup(const char *c) { size_t l = strlen(c) + 1; // xmalloc may fail, and z will be NULL. char *z = xmalloc(l); // write to a NULL pointer, crash. memcpy(z, c, l); return z; } I think this is a vulnerability, and maybe we can fix it as following: static inline char * xstrdup(const char *c) { size_t l = strlen(c) + 1; char *z = xmalloc(1); if(z) { memcpy(z, c, l); return z; } else return -1; } Thanks for any consideration! Peiyu Liu, NESA lab, Zhejiang University