[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

library/1551: pointer warnings when using innetgr(3)

To: gnats@openbsd.org
Subject: library/1551: pointer warnings when using innetgr(3)
From: Dan Harnett <danh@nfol.com>
Date: Sat, 9 Dec 2000 12:14:14 -0500 (EST)
Resent-Date: Sat, 9 Dec 2000 10:20:02 -0700 (MST)
Resent-From: gnats@cvs.openbsd.org (GNATS Management)
Resent-Message-Id: <200012091720.eB9HK2d26331@cvs.openbsd.org>
Resent-Reply-To: gnats@cvs.openbsd.org, danh@nfol.com
Resent-Sender: owner-bugs@openbsd.org
Resent-To: bugs@cvs.openbsd.org


>Number:         1551
>Category:       library
>Synopsis:       pointer warnings when using innetgr(3)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Dec  9 10:20:01 MST 2000
>Last-Modified:
>Originator:     Dan Harnett
>Organization:
net
>Release:        2.8-current
>Environment:
	
	System      : OpenBSD 2.8
	Architecture: OpenBSD.i386
	Machine     : i386
>Description:
	
        Calls to innetgr(3) result in warnings of a junk pointer given
        to free(3).

>How-To-Repeat:
	
        Use any program that makes use of innetgr(3).  /usr/bin/sudo is
        one such program and will be used as an example.

        1. Create your /etc/netgroup file.  The following was used
           for the example:

           sudoers              (,user,)

        2. Run /usr/sbin/netgroup_mkdb.

        3. Run /usr/sbin/visudo and create /etc/sudoers.  Again, the
           following was used for the example:

           +sudoers     ALL = (ALL) NOPASSWD: ALL

        4. Run sudo as the user with the login of 'user'.

           (user@host ~)$ sudo echo hi 
	   sudo in free(): warning: junk pointer, too low to make sense.  
	   hi 
	   (user@host ~)$ exit


>Fix:
	
        This snippet was taken from the innetgr function located in the
        file /usr/src/lib/libc/gen/getnetgrent.c.  The code was cut of
        at column 72 for the purpose of this message.  It is only used
        as a reference point.

        703: int                                                       >
        704: innetgr(grp, host, user, domain)                          >
        705:    const char      *grp, *host, *user, *domain;           >
        706: {                                                         >
        707:    char    *ypdom = NULL;                                 >
        708: #ifdef YP                                                 >
        709:    char    *line;                                         >
        710: #endif                                                    >
        711:    int      found;                                        >
        712:    struct stringlist *sl;                                 >
        713:                                                           >
        714:    if (_ng_db == NULL)                                    >
        715:            _ng_db = dbopen(_PATH_NETGROUP_DB, O_RDONLY, 0 >
        716:                                                           >
        717: #ifdef YP                                                 >
        718:    /*                                                     >
        719:     * We use yp if there is a "+" in the netgroup file, o >
        720:     * no netgroup file at all                             >
        721:     */                                                    >
        722:    if (_ng_db == NULL)                                    >
        723:            yp_get_default_domain(&ypdom);                 >
        724:    else if (lookup(NULL, "+", &line, _NG_KEYBYNAME) == 0) >
        725:            yp_get_default_domain(&ypdom);                 >
        726:            free(line);                                    >
        727:    }                                                      >
        728: #endif                                                    >

        The call to free on line 726 appears to cause the warning.  If
        we look closer we see that on line 709 the variable 'line' is
        actually an uninitialized variable and may contain random
        garbage at the time of this call.  Initializing 'line' to NULL
	will avoid the warning.

	A patch follows:

Index: getnetgrent.c
===================================================================
RCS file: /cvs/src/lib/libc/gen/getnetgrent.c,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 getnetgrent.c
--- getnetgrent.c	2000/08/24 17:04:02	1.9
+++ getnetgrent.c	2000/12/08 21:31:04
@@ -706,7 +706,7 @@ innetgr(grp, host, user, domain)
 {
 	char	*ypdom = NULL;
 #ifdef YP
-	char	*line;
+	char	*line = NULL;
 #endif
 	int	 found;
 	struct stringlist *sl;

>Audit-Trail:
>Unformatted:

Prev by Date: Re: user/1550
Next by Date: Re: library/1551
Prev by thread: Re: user/1550
Next by thread: Re: library/1551
Index(es):
- Date
- Thread