pppd: Eliminate memory leak with multiple instances of a string option

This eliminates the memory leak which occurs when a user gives the same string option multiple times. Although the leak is trivial under normal conditions, the fact that it can be triggered by the user means that it may be of interest to attackers, so let's plug the leak. This also means that any o_string option without OPT_STATIC set needs to have opt->addr pointing to a pointer which starts out NULL. That is the case for all current uses of o_string. Signed-off-by: Paul Mackerras <paulus@samba.org>
author: Paul Mackerras <paulus@samba.org> 2014-08-01 17:32:15 +1000
committer: Paul Mackerras <paulus@samba.org> 2014-08-01 21:36:51 +1000
commit: b94b7fbbaa0589aa6ec5fdc733aeb9ff294d2656 (patch)
tree: df450ed1710ee4093d5103dc210961637588faa6
parent: 7658e8257183f062dc01f87969c140707c7e52cb (diff)
download: ppp-b94b7fbbaa0589aa6ec5fdc733aeb9ff294d2656.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/pppd/options.c b/pppd/options.c
index e9042d1..f66b765 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -776,10 +776,13 @@ process_option(opt, cmd, argv)
 	if (opt->flags & OPT_STATIC) {
 	    strlcpy((char *)(opt->addr), *argv, opt->upper_limit);
 	} else {
+	    char **optptr = (char **)(opt->addr);
 	    sv = strdup(*argv);
 	    if (sv == NULL)
 		novm("option argument");
-	    *(char **)(opt->addr) = sv;
+	    if (*optptr)
+		free(*optptr);
+	    *optptr = sv;
 	}
 	break;
author	Paul Mackerras <paulus@samba.org>	2014-08-01 17:32:15 +1000
committer	Paul Mackerras <paulus@samba.org>	2014-08-01 21:36:51 +1000
commit	b94b7fbbaa0589aa6ec5fdc733aeb9ff294d2656 (patch)
tree	df450ed1710ee4093d5103dc210961637588faa6
parent	7658e8257183f062dc01f87969c140707c7e52cb (diff)
download	ppp-b94b7fbbaa0589aa6ec5fdc733aeb9ff294d2656.tar.gz