From 3ce9f837a339eb8d0bddd919d0fc10c1d56f68ab Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] proc/sig.c: Fix the strtosig() function.

Do not memleak "copy" in case of an error.

Do not use "sizeof(converted)" in snprintf(), since "converted" is a
"char *" (luckily, 8 >= sizeof(char *)). Also, remove "sizeof(char)"
which is guaranteed to be 1 by the C standard, and replace 8 with 12,
which is enough to hold any stringified int and does not consume more
memory (in both cases, the glibc malloc()ates a minimum-sized chunk).
---
 proc/sig.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/proc/sig.c b/proc/sig.c
index 6ca9512c..0885ff9d 100644
--- a/proc/sig.c
+++ b/proc/sig.c
@@ -264,7 +264,10 @@ char *strtosig(const char *restrict s){
     p += 3;
   if (isdigit(*p)){
     numsignal = strtol(s,&endp,10);
-    if(*endp || endp==s) return NULL; /* not valid */
+    if(*endp || endp==s){ /* not valid */
+      free(copy);
+      return NULL;
+    }
   }
   if (numsignal){
     for (i = 0; i < number_of_signals; i++){
@@ -276,9 +279,9 @@ char *strtosig(const char *restrict s){
   } else {
     for (i = 0; i < number_of_signals; i++){
       if (strcmp(p, sigtable[i].name) == 0){
-	converted = malloc(sizeof(char) * 8);
+	converted = malloc(12);
 	if (converted)
-	  snprintf(converted, sizeof(converted) - 1, "%d", sigtable[i].num);
+	  snprintf(converted, 12, "%d", sigtable[i].num);
 	break;
       }
     }