[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug in checkpassword code

Dear List,

After much pain, I appear to have found a bug in the checkpassword-sql

the string allocation routines use realloc to increase the memory space if your
query is too long.  However the form of these realloc statements is

realloc(stra->s, size);
realloc(stra->s, stra->strlen+len);

From the man page for realloc.

void *realloc(void *ptr, size_t size);

 realloc() returns a pointer to the newly  allocated  memory,  which  is
       suitably  aligned  for  any  kind of variable and may be different from
       ptr, or NULL if the request fails.

The the code shown will not correctly resize the array's on linux given the
information shown from the man page.

They should more likely be.
stra->s = realloc(stra->s, size);
stra->s = realloc(stra->s, stra->strlen+len);
stra->s = realloc(stra->s,stra->s,stra->strlen+1);

However this does run the risk of stra->s becoming a null pointer if the realloc
fails.  But givent he coding, I'm not sure on the best way to resolve that
unless you just fail, and exit the program.

This problem does not become apparent until you have gone past the initially
allocated size for a string, as realloc is never called in that situation.


Russell Smith