diff options
author | Alan Jenkins <alan-jenkins@tuffmail.co.uk> | 2009-09-30 17:22:10 +0100 |
---|---|---|
committer | Alan Jenkins <alan-jenkins@tuffmail.co.uk> | 2010-02-25 15:29:24 +0000 |
commit | 6c20c7fccae46cd5ac70e27fced1a7f93c96ff59 (patch) | |
tree | 74c06b8bcaf8f5943809f020e79e617e41f41d40 | |
parent | 4b4fb8c2e5a1f6f85c3e19c7183bc6e79852f5f7 (diff) | |
download | module-init-tools-6c20c7fccae46cd5ac70e27fced1a7f93c96ff59.tar.gz |
elfops: fix crash on grab_fd() failure
If we call release_elf_file() when grab_fd() fails, it will call
release_file() with a NULL pointer and undefined length. This can
cause a crash when zlib support is disabled and release_file() is
implemented using munmap().
This is only theoretical at the moment. However it will allow
grab_elf_file_fd() to be removed straightforwardly, without
creating a more significant bug.
Signed-off-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk>
-rw-r--r-- | elfops.c | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -91,17 +91,16 @@ struct elf_file *grab_elf_file_fd(const char *pathname, int fd) file = malloc(sizeof(*file)); if (!file) { errno = ENOMEM; - return NULL; + goto fail; } file->pathname = strdup(pathname); if (!file->pathname) { - free(file); errno = ENOMEM; - return NULL; + goto fail_free_file; } file->data = grab_fd(fd, &file->len); if (!file->data) - goto fail; + goto fail_free_pathname; switch (elf_ident(file->data, file->len, &file->conv)) { case ELFCLASS32: @@ -117,8 +116,12 @@ struct elf_file *grab_elf_file_fd(const char *pathname, int fd) goto fail; } return file; + +fail_free_pathname: + free(file->pathname); +fail_free_file: + free(file); fail: - release_elf_file(file); return NULL; } |