[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug in checkpassword code
- To: qmail-sql@xxxxxxxxxx
- Subject: Bug in checkpassword code
- From: Russell Smith <r.smith@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 16 Jan 2005 12:54:12 +1100
- Delivered-to: mailing list email@example.com
- Mailing-list: contact firstname.lastname@example.org; run by ezmlm
- Organization: Diamond Valley College
- User-agent: KMail/1.7
After much pain, I appear to have found a bug in the checkpassword-sql
the string allocation routines use realloc to increase the memory space if your
query is too long. However the form of these realloc statements is
From the man page for realloc.
void *realloc(void *ptr, size_t size);
realloc() returns a pointer to the newly allocated memory, which is
suitably aligned for any kind of variable and may be different from
ptr, or NULL if the request fails.
The the code shown will not correctly resize the array's on linux given the
information shown from the man page.
They should more likely be.
stra->s = realloc(stra->s, size);
stra->s = realloc(stra->s, stra->strlen+len);
stra->s = realloc(stra->s,stra->s,stra->strlen+1);
However this does run the risk of stra->s becoming a null pointer if the realloc
fails. But givent he coding, I'm not sure on the best way to resolve that
unless you just fail, and exit the program.
This problem does not become apparent until you have gone past the initially
allocated size for a string, as realloc is never called in that situation.