diff options
author | David Howells <dhowells@redhat.com> | 2014-01-29 18:40:37 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2014-01-29 18:53:42 +0000 |
commit | adda22a179445a5b219bbe180ba232937bd381a5 (patch) | |
tree | 7b6c4057a5dd38b351a2769f1c8f52eea368c4fb | |
parent | f20a78e894b89cb3971264dddc049111357e2030 (diff) | |
download | keyutils-adda22a179445a5b219bbe180ba232937bd381a5.tar.gz |
Lib: Don't use realloc() in keyctl_{describe,read,get_security}_alloc()
Don't use realloc() in keyctl_{describe,read,get_security}_alloc() as it
doesn't free the argument buffer if it fails and it will copy the empty buffer
if it moves it.
Use malloc+free instead.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
-rw-r--r-- | keyutils.c | 64 |
1 files changed, 25 insertions, 39 deletions
@@ -253,12 +253,12 @@ int keyctl_describe_alloc(key_serial_t id, char **_buffer) if (ret < 0) return -1; - buflen = ret; - buf = malloc(buflen); - if (!buf) - return -1; - for (;;) { + buflen = ret; + buf = malloc(buflen); + if (!buf) + return -1; + ret = keyctl_describe(id, buf, buflen); if (ret < 0) { free(buf); @@ -267,17 +267,12 @@ int keyctl_describe_alloc(key_serial_t id, char **_buffer) if (buflen >= ret) break; - - buflen = ret; - buf = realloc(buf, buflen); - if (!buf) - return -1; + free(buf); } *_buffer = buf; - return buflen - 1; - -} /* end keyctl_describe_alloc() */ + return ret - 1; +} /*****************************************************************************/ /* @@ -287,19 +282,19 @@ int keyctl_describe_alloc(key_serial_t id, char **_buffer) */ int keyctl_read_alloc(key_serial_t id, void **_buffer) { - void *buf; + char *buf; long buflen, ret; ret = keyctl_read(id, NULL, 0); if (ret < 0) return -1; - buflen = ret; - buf = malloc(buflen + 1); - if (!buf) - return -1; - for (;;) { + buflen = ret; + buf = malloc(buflen + 1); + if (!buf) + return -1; + ret = keyctl_read(id, buf, buflen); if (ret < 0) { free(buf); @@ -308,18 +303,13 @@ int keyctl_read_alloc(key_serial_t id, void **_buffer) if (buflen >= ret) break; - - buflen = ret; - buf = realloc(buf, buflen + 1); - if (!buf) - return -1; + free(buf); } - ((unsigned char *) buf)[buflen] = 0; + buf[ret] = 0; *_buffer = buf; - return buflen; - -} /* end keyctl_read_alloc() */ + return ret; +} /*****************************************************************************/ /* @@ -336,12 +326,12 @@ int keyctl_get_security_alloc(key_serial_t id, char **_buffer) if (ret < 0) return -1; - buflen = ret; - buf = malloc(buflen); - if (!buf) - return -1; - for (;;) { + buflen = ret; + buf = malloc(buflen); + if (!buf) + return -1; + ret = keyctl_get_security(id, buf, buflen); if (ret < 0) { free(buf); @@ -350,15 +340,11 @@ int keyctl_get_security_alloc(key_serial_t id, char **_buffer) if (buflen >= ret) break; - - buflen = ret; - buf = realloc(buf, buflen); - if (!buf) - return -1; + free(buf); } *_buffer = buf; - return buflen - 1; + return ret - 1; } /* |