From fa7ea000ce636c8039f99135dc4688e28031f0fe Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] 0023-skill: Fix getline() usage. man getline: "If *lineptr is set to NULL and *n is set 0 before the call, then getline() will allocate a buffer for storing the line. This buffer should be freed by the user program even if getline() failed." --- skill.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/skill.c b/skill.c index 88c2fdf8..2b7eb575 100644 --- a/skill.c +++ b/skill.c @@ -178,8 +178,10 @@ static int ask_user(struct pids_stack *stack) PIDS_GETINT(PID), PIDS_GETSTR(CMD)); fflush(stdout); - if (getline(&buf, &len, stdin) == -1) + if (getline(&buf, &len, stdin) == -1) { + free(buf); return 0; + } if (rpmatch(buf) < 1) { free(buf); return 0;