diff options
| author | Rich Felker <dalias@aerifal.cx> | 2015-05-01 12:25:01 -0400 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2015-05-01 12:25:01 -0400 |
| commit | 58fa856960d3073bcf84adac8e8bd6c555674271 (patch) | |
| tree | 6650cc37ca552169a994e857f3014d0fa0a39e62 | |
| parent | 18f75b80fd67fd7348fcfb807216f654597b592f (diff) | |
| download | musl-58fa856960d3073bcf84adac8e8bd6c555674271.tar.gz musl-58fa856960d3073bcf84adac8e8bd6c555674271.tar.xz musl-58fa856960d3073bcf84adac8e8bd6c555674271.zip | |
fix mishandling of ENOMEM return case in internal getgrent_a function
due to an incorrect return statement in this error case, the previously blocked cancellation state was not restored and no result was stored. this could lead to invalid (read) accesses in the caller resulting in crashes or nonsensical result data in the event of memory exhaustion.
| -rw-r--r-- | src/passwd/getgrent_a.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/passwd/getgrent_a.c b/src/passwd/getgrent_a.c index ecd2f2ea..7fc389d4 100644 --- a/src/passwd/getgrent_a.c +++ b/src/passwd/getgrent_a.c @@ -48,7 +48,8 @@ int __getgrent_a(FILE *f, struct group *gr, char **line, size_t *size, char ***m rv = errno; free(*line); *line = 0; - return 0; + gr = 0; + goto end; } if (*mems) { mem[0][0] = mems; |