From a0c08ce019cf88278f882d823f876c6edc2d5218 Mon Sep 17 00:00:00 2001 From: "[anp/hsw]" Date: Sun, 14 Mar 2021 22:33:10 +0700 Subject: Prevent memory corruption on config file reload MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Starting program: /usr/sbin/accel-pppd -c /etc/accel-ppp/accel-ppp.conf [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". [New Thread 0xb7ad9b40 (LWP 24563)] [New Thread 0xb72d8b40 (LWP 24566)] [New Thread 0xb6ad7b40 (LWP 24567)] [New Thread 0xb60ffb40 (LWP 24569)] [New Thread 0xb58feb40 (LWP 24570)] [New Thread 0xb50fdb40 (LWP 24572)] [New Thread 0xb48fcb40 (LWP 24573)] conf_file:/etc/accel-ppp/accel-ppp.conf:93: no section opened memory corruption: malloc(10) at /var/tmp/portage/net-dialup/accel-ppp-9999/work/accel-ppp-9999/accel-pppd/triton/conf_file.c:117 free at /var/tmp/portage/net-dialup/accel-ppp-9999/work/accel-ppp-9999/accel-pppd/triton/conf_file.c:193 *** Error in `/usr/sbin/accel-pppd': corrupted double-linked list: 0xb61018c8 *** Thread 3 "accel-pppd" received signal SIGABRT, Aborted. [Switching to Thread 0xb72d8b40 (LWP 24566)] 0xb7fdc428 in __kernel_vsyscall () (gdb) bt full No symbol table info available. No symbol table info available. No symbol table info available. at /var/tmp/portage/net-dialup/accel-ppp-9999/work/accel-ppp-9999/accel-pppd/memdebug.c:90 mem = 0xb61018d0 r = 0 ctx = {fname = 0xb7fda1c4 "D\036ПЁт!\020╤╓R\005─\\m\005──", file = 0xfa8c7f2b, line = 108205909, items = 0x0} sect = 0x8002f1bf r = -2147097804 sections_bak = {next = 0xb3d01554, prev = 0xb3d016ec} t = 0xb7ff2750 r = 4 set = {__val = {516, 0 }} sig = 10 need_free = 0 stack = 0x0 No symbol table info available. No symbol table info available. --- accel-pppd/triton/conf_file.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/triton/conf_file.c b/accel-pppd/triton/conf_file.c index ebde6af..e1d9650 100644 --- a/accel-pppd/triton/conf_file.c +++ b/accel-pppd/triton/conf_file.c @@ -33,9 +33,6 @@ static int sect_add_item(struct conf_ctx *ctx, const char *name, char *val, char static struct conf_option_t *find_item(struct conf_sect_t *, const char *name); static int load_file(struct conf_ctx *ctx); -static char *buf; -static struct conf_sect_t *cur_sect; - static int __conf_load(struct conf_ctx *ctx, const char *fname) { struct conf_ctx ctx1; @@ -59,10 +56,15 @@ static int __conf_load(struct conf_ctx *ctx, const char *fname) static int load_file(struct conf_ctx *ctx) { - char *str, *str2, *raw; - int len; + char *str2, *raw; + char buf[1024] = {0}; + + static struct conf_sect_t *cur_sect = NULL; while(1) { + int len; + char *str; + if (!fgets(buf, 1024, ctx->file)) break; ctx->line++; @@ -93,13 +95,14 @@ static int load_file(struct conf_ctx *ctx) return -1; } + cur_sect = find_sect(str); + if (cur_sect && ctx->items != &cur_sect->items) { fprintf(stderr, "conf_file:%s:%i: cann't open section inside option\n", ctx->fname, ctx->line); return -1; } *str2 = 0; - cur_sect = find_sect(str); if (!cur_sect) cur_sect = create_sect(str); ctx->items = &cur_sect->items; @@ -184,14 +187,9 @@ int conf_load(const char *fname) } else fname = conf_fname; - buf = _malloc(1024); - - cur_sect = NULL; ctx.items = NULL; r = __conf_load(&ctx, fname); - _free(buf); - return r; } @@ -219,8 +217,6 @@ int conf_reload(const char *fname) list_splice_init(§ions, §ions_bak); - cur_sect = NULL; - r = conf_load(fname); if (r) -- cgit v1.2.3