Hello,
On Wed, 16 Jul 2008, Vesa-Matti J Kari wrote:
> I hope I didn't break anything, so if you have the time, please check out
> the code and test it too. Yes, the program is trivial, but some errors
> may have crept in nevertheless...
I am very sorry for being hasty with sending the patch.
My sestatus.diff indeed contains a bug that makes double free() possible.
If strdup() fails to allocate memory, then load_checks() free():s all
the memory allocated so far, but it does not reset *npc and *nfc to zero.
Hence proccon_show() and filecon_show() might free() the memory that
has already been free():d by load_checks().
The fix patch is attached.
Apologies again.
Best regards,
vmk
--
************************************************************************
Tietotekniikkaosasto / Helsingin yliopisto
IT Department / University of Helsinki
************************************************************************--- sestatus.c.old 2008-07-16 16:20:56.000000000 +0300
+++ sestatus.c 2008-07-16 18:10:52.000000000 +0300
@@ -164,6 +164,7 @@
free(pc[i]);
for (i = 0; i < *nfc && i < MAX_CHECK; i++)
free(fc[i]);
+ *npc = *nfc = 0;
goto out;
}
