From 4415cb391d3578fb051a4ba447dbd6060480de8a Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 7 Mar 2008 10:07:04 +0100 Subject: [PATCH] [BUG] str2sun could leak a small buffer in case of error during parsing Matt Farnsworth reported a memory leak in str2sun() in case a too large socket path is passed. The bug is very minor because it only happens once during config parsing, but has to be fixed nevertheless. The patch Matt provided could even be improved by completely removing the useless strdup() in this function. (cherry picked from commit caf720d3ff7758273278aecab26bb7624ec2f555) --- include/common/standard.h | 2 +- src/standard.c | 15 ++++----------- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/include/common/standard.h b/include/common/standard.h index 248bbe91b..d4d8191e3 100644 --- a/include/common/standard.h +++ b/include/common/standard.h @@ -128,7 +128,7 @@ extern const char *invalid_char(const char *name); * converts to a struct sockaddr_un* which is locally allocated. * The format is "/path", where "/path" is a path to a UNIX domain socket. */ -struct sockaddr_un *str2sun(char *str); +struct sockaddr_un *str2sun(const char *str); /* * converts to a struct sockaddr_in* which is locally allocated. diff --git a/src/standard.c b/src/standard.c index 93cf1f89e..7f749f957 100644 --- a/src/standard.c +++ b/src/standard.c @@ -83,27 +83,20 @@ const char *limit_r(unsigned long n, char *buffer, int size, const char *alt) * converts to a struct sockaddr_un* which is locally allocated. * The format is "/path", where "/path" is a path to a UNIX domain socket. */ -struct sockaddr_un *str2sun(char *str) +struct sockaddr_un *str2sun(const char *str) { static struct sockaddr_un su; int strsz; /* length included null */ memset(&su, 0, sizeof(su)); - str = strdup(str); - if (str == NULL) - goto out_nofree; - strsz = strlen(str) + 1; if (strsz > sizeof(su.sun_path)) { Alert("Socket path '%s' too long (max %d)\n", str, sizeof(su.sun_path) - 1); - goto out_nofree; + } else { + su.sun_family = AF_UNIX; + memcpy(su.sun_path, str, strsz); } - su.sun_family = AF_UNIX; - memcpy(su.sun_path, str, strsz); - - free(str); - out_nofree: return &su; }