diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-11-30 20:08:22 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-11-30 20:08:22 +0100 |
| commit | bdaa0022550a319c42de5f019d22a40625845182 (patch) | |
| tree | bed7e5210d80b698536da287d939167a0430ee57 /sys/src/cmd/webcookies.c | |
| parent | 1d8f2ac0502bff4c3d92f431f20680e27255a896 (diff) | |
webcookies: strdup() file argument to avoid crash (thanks mischief)
mischief reports:
acid: lstk()
abort()+0x0 /sys/src/libc/9sys/abort.c:6
ppanic(p=0x1bff4,fmt=0x1d749)+0x146 /sys/src/libc/port/malloc.c:166
pv=0x1dad8
msg=0x1e4a8
v=0x3ffffe7c
n=0x2f
D2B(p=0x1bff4,v=0x3fffffae)+0x57 /sys/src/libc/port/pool.c:926
a=0x3fffffa4
poolfreel(v=0x3fffffae,p=0x1bff4)+0x20 /sys/src/libc/port/pool.c:1152
ab=0x1dad8
poolfree(p=0x1bff4,v=0x3fffffae)+0x3b /sys/src/libc/port/pool.c:1287
free(v=0x3fffffb6)+0x23 /sys/src/libc/port/malloc.c:250
readjar(file=0x3fffffb6)+0xce /sys/src/cmd/webcookies.c:473
jar=0x1ea28
lock=0x1ea68
p=0x1ea6d
main(argv=0x3fffffa0,argc=0x0)+0x10f /sys/src/cmd/webcookies.c:1295
file=0x3fffffb6
srv=0x0
mtpt=0x1cfd0
_argc=0x66
_args=0x1cfe0
home=0x0
_main+0x31 /sys/src/libc/386/main9.s:16
acid:
Diffstat (limited to 'sys/src/cmd/webcookies.c')
| -rw-r--r-- | sys/src/cmd/webcookies.c | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/sys/src/cmd/webcookies.c b/sys/src/cmd/webcookies.c index d95b9d41d..c338fa113 100644 --- a/sys/src/cmd/webcookies.c +++ b/sys/src/cmd/webcookies.c @@ -448,6 +448,27 @@ syncjar(Jar *jar) return 0; } +void +closejar(Jar *jar) +{ + int i; + + if(jar == nil) + return; + expirejar(jar, 0); + if(jar->dirty) + if(syncjar(jar) < 0) + fprint(2, "warning: cannot rewrite cookie jar: %r\n"); + + for(i=0; i<jar->nc; i++) + freecookie(&jar->c[i]); + + free(jar->lockfile); + free(jar->file); + free(jar->c); + free(jar); +} + Jar* readjar(char *file) { @@ -455,6 +476,7 @@ readjar(char *file) Jar *jar; jar = newjar(); + file = estrdup9p(file); lock = emalloc9p(strlen(file)+10); strcpy(lock, file); if((p = strrchr(lock, '/')) != nil) @@ -469,33 +491,12 @@ readjar(char *file) jar->dirty = 0; if(syncjar(jar) < 0){ - free(jar->file); - free(jar->lockfile); - free(jar); + closejar(jar); return nil; } return jar; } -void -closejar(Jar *jar) -{ - int i; - - if(jar == nil) - return; - expirejar(jar, 0); - if(jar->dirty) - if(syncjar(jar) < 0) - fprint(2, "warning: cannot rewrite cookie jar: %r\n"); - - for(i=0; i<jar->nc; i++) - freecookie(&jar->c[i]); - - free(jar->file); - free(jar->c); - free(jar); -} /* * Domain name matching is per RFC2109, section 2: @@ -1152,8 +1153,7 @@ fswrite(Req *r) } } snprint(a->outhttp, AuxBuf, "%J", j); - if(j) - closejar(j); + closejar(j); }else{ if(strlen(a->inhttp)+r->ifcall.count >= AuxBuf){ respond(r, "http headers too large"); |