From 3ce9f837a339eb8d0bddd919d0fc10c1d56f68ab Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] proc/sig.c: Fix the strtosig() function. Do not memleak "copy" in case of an error. Do not use "sizeof(converted)" in snprintf(), since "converted" is a "char *" (luckily, 8 >= sizeof(char *)). Also, remove "sizeof(char)" which is guaranteed to be 1 by the C standard, and replace 8 with 12, which is enough to hold any stringified int and does not consume more memory (in both cases, the glibc malloc()ates a minimum-sized chunk). --- proc/sig.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/proc/sig.c b/proc/sig.c index 6ca9512c..0885ff9d 100644 --- a/proc/sig.c +++ b/proc/sig.c @@ -264,7 +264,10 @@ char *strtosig(const char *restrict s){ p += 3; if (isdigit(*p)){ numsignal = strtol(s,&endp,10); - if(*endp || endp==s) return NULL; /* not valid */ + if(*endp || endp==s){ /* not valid */ + free(copy); + return NULL; + } } if (numsignal){ for (i = 0; i < number_of_signals; i++){ @@ -276,9 +279,9 @@ char *strtosig(const char *restrict s){ } else { for (i = 0; i < number_of_signals; i++){ if (strcmp(p, sigtable[i].name) == 0){ - converted = malloc(sizeof(char) * 8); + converted = malloc(12); if (converted) - snprintf(converted, sizeof(converted) - 1, "%d", sigtable[i].num); + snprintf(converted, 12, "%d", sigtable[i].num); break; } }