diff options
author | Neels Hofmeyr <neels@hofmeyr.de> | 2018-07-09 23:22:21 +0200 |
---|---|---|
committer | Neels Hofmeyr <neels@hofmeyr.de> | 2018-07-11 15:47:08 +0200 |
commit | 5314c513f23688462d7f7937e5ae5e0d5cd4548e (patch) | |
tree | 9a2eea692f88cf5f87534a4cdc85014d244af4c2 /debian | |
parent | 4e0add239f6516c11631a7539653bac6b6a51970 (diff) |
vty: fix use-after-free and memleaks in is_cmd_ambiguous()
vty_test: add test against ambiguous cmd causing use-after-free and memory
leaks. Add this test along with the fix, because the new test triggers the
memory use-after-free and leaks, causing build failures.
Add cmd_deopt_with_ctx() to allow passing a specific talloc ctx.
is_cmd_ambiguous(): keep all cmd_deopt() allocations until the function exits.
Add a comment explaining why. Before this, if a command matched an optional
"[arg]" with square brackets, we would keep it in local var 'matched', but we
would free the string it points to at the end of that loop iteration; upon
encountering another match, we would attempt to strcmp against the freed
'matched'. Instead of adding hard-to-read and -verify free/alloc dances to keep
the 'matched' accurately freed/non-freed/..., just keep all cmd_deopt() string
allocated until done.
Needless to say that this should have been implemented on a lower level upon
inventing optional args, but at least this is fixing a program crash.
Related: OS#33903390
Change-Id: Ia71ba742108b5ff020997bfb612ad5eb30d04fcd
Diffstat (limited to 'debian')
0 files changed, 0 insertions, 0 deletions