Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/lib/libutil Fix stack use after scope in libutil/pty



details:   https://anonhg.NetBSD.org/src/rev/864f0660424d
branches:  trunk
changeset: 833410:864f0660424d
user:      kamil <kamil%NetBSD.org@localhost>
date:      Sun Jun 24 09:30:26 2018 +0000

description:
Fix stack use after scope in libutil/pty

The pt variable's elements are used after the end of the pt scope.
A move of pt to outer scope fixes this.

Detected with MKSANITIZER/ASan with tmux(1), a forkpty(3) user.

diffstat:

 lib/libutil/pty.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (34 lines):

diff -r e6269f1da3ff -r 864f0660424d lib/libutil/pty.c
--- a/lib/libutil/pty.c Sun Jun 24 09:17:58 2018 +0000
+++ b/lib/libutil/pty.c Sun Jun 24 09:30:26 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pty.c,v 1.31 2009/02/20 16:44:06 christos Exp $        */
+/*     $NetBSD: pty.c,v 1.32 2018/06/24 09:30:26 kamil Exp $   */
 
 /*-
  * Copyright (c) 1990, 1993, 1994
@@ -34,7 +34,7 @@
 #if 0
 static char sccsid[] = "@(#)pty.c      8.3 (Berkeley) 5/16/94";
 #else
-__RCSID("$NetBSD: pty.c,v 1.31 2009/02/20 16:44:06 christos Exp $");
+__RCSID("$NetBSD: pty.c,v 1.32 2018/06/24 09:30:26 kamil Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -70,6 +70,7 @@
        mode_t mode;
        struct group grs, *grp;
        char grbuf[1024];
+       struct ptmget pt;
 
        _DIAGASSERT(amaster != NULL);
        _DIAGASSERT(aslave != NULL);
@@ -78,7 +79,6 @@
        /* winp may be NULL */
 
        if ((master = open("/dev/ptm", O_RDWR)) != -1) {
-               struct ptmget pt;
                if (ioctl(master, TIOCPTMGET, &pt) != -1) {
                        (void)close(master);
                        master = pt.cfd;



Home | Main Index | Thread Index | Old Index