[BUG] str2sun could leak a small buffer in case of error during parsing
Matt Farnsworth reported a memory leak in str2sun() in case a too large
socket path is passed. The bug is very minor because it only happens
once during config parsing, but has to be fixed nevertheless. The patch
Matt provided could even be improved by completely removing the useless
strdup() in this function.
diff --git a/include/common/standard.h b/include/common/standard.h
index 162a9eb..a120f56 100644
--- a/include/common/standard.h
+++ b/include/common/standard.h
@@ -139,7 +139,7 @@
* converts <str> to a struct sockaddr_un* which is locally allocated.
* The format is "/path", where "/path" is a path to a UNIX domain socket.
*/
-struct sockaddr_un *str2sun(char *str);
+struct sockaddr_un *str2sun(const char *str);
/*
* converts <str> to a struct sockaddr_in* which is locally allocated.
diff --git a/src/standard.c b/src/standard.c
index 93cf1f8..7f749f9 100644
--- a/src/standard.c
+++ b/src/standard.c
@@ -83,27 +83,20 @@
* converts <str> to a struct sockaddr_un* which is locally allocated.
* The format is "/path", where "/path" is a path to a UNIX domain socket.
*/
-struct sockaddr_un *str2sun(char *str)
+struct sockaddr_un *str2sun(const char *str)
{
static struct sockaddr_un su;
int strsz; /* length included null */
memset(&su, 0, sizeof(su));
- str = strdup(str);
- if (str == NULL)
- goto out_nofree;
-
strsz = strlen(str) + 1;
if (strsz > sizeof(su.sun_path)) {
Alert("Socket path '%s' too long (max %d)\n",
str, sizeof(su.sun_path) - 1);
- goto out_nofree;
+ } else {
+ su.sun_family = AF_UNIX;
+ memcpy(su.sun_path, str, strsz);
}
- su.sun_family = AF_UNIX;
- memcpy(su.sun_path, str, strsz);
-
- free(str);
- out_nofree:
return &su;
}