Vulnerability? Bug? Null write in the get_cmdln_options function in src/options.c. #26
Labels
Comments
|
it should terminate with an error and not just return and continue |
|
Under which circumstances do you think malloc() can fail and how can one easily reproduce the behaviour? |
|
I think https://www.quora.com/What-are-the-possible-ways-malloc-might-fail-Consider-malloc-code-doesnt-have-any-bugs sounds like a wrap up |
|
Thx for merging! |
|
Thx for contributing! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
In src/options.c, line 337.
// malloc() may fail, and str will be NULL.
str=(char*)malloc(strlen(pwd_entry->pw_dir)+14);
// write to Null
snprintf(str,strlen(pwd_entry->pw_dir)+14,"%s/.bwm-ng.conf",pwd_entry->pw_dir);
I think this is a vulnerability, and maybe we can patch it as following?
str=(char*)malloc(strlen(pwd_entry->pw_dir)+14);
if(!str) return
Thanks for any consideration!
Peiyu Liu,
NESA lab,
Zhejiang University
The text was updated successfully, but these errors were encountered: