Change in libosmocore[master]: vty: fix use-after-free and memleaks in is_cmd_ambiguous()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Wed Jul 11 13:47:12 UTC 2018 

Hello Jenkins Builder, 

I'd like you to reexamine a change. Please visit

    https://gerrit.osmocom.org/9939

to look at the new patch set (#2).

Change subject: vty: fix use-after-free and memleaks in is_cmd_ambiguous()
......................................................................

vty: fix use-after-free and memleaks in is_cmd_ambiguous()

vty_test: add test against ambiguous cmd causing use-after-free and memory
leaks. Add this test along with the fix, because the new test triggers the
memory use-after-free and leaks, causing build failures.

Add cmd_deopt_with_ctx() to allow passing a specific talloc ctx.

is_cmd_ambiguous(): keep all cmd_deopt() allocations until the function exits.
Add a comment explaining why. Before this, if a command matched an optional
"[arg]" with square brackets, we would keep it in local var 'matched', but we
would free the string it points to at the end of that loop iteration; upon
encountering another match, we would attempt to strcmp against the freed
'matched'. Instead of adding hard-to-read and -verify free/alloc dances to keep
the 'matched' accurately freed/non-freed/..., just keep all cmd_deopt() string
allocated until done.

Needless to say that this should have been implemented on a lower level upon
inventing optional args, but at least this is fixing a program crash.

Related: OS#33903390
Change-Id: Ia71ba742108b5ff020997bfb612ad5eb30d04fcd
---
M src/vty/command.c
M tests/vty/vty_test.c
M tests/vty/vty_test.ok
3 files changed, 124 insertions(+), 20 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/39/9939/2
-- 
To view, visit https://gerrit.osmocom.org/9939
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ia71ba742108b5ff020997bfb612ad5eb30d04fcd
Gerrit-Change-Number: 9939
Gerrit-PatchSet: 2
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-CC: Pau Espin Pedrol <pespin at sysmocom.de>
Gerrit-CC: Vadim Yanitskiy <axilirator at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180711/18203084/attachment.htm>

More information about the gerrit-log mailing list