Bug in parse_ini.c default_file()?
Gary Wong
gtw at gnu.org
Thu Jan 18 19:08:33 CET 2018
Hi,
I believe there is a bug in lib/parse_ini.c where np_get_defaults()
can invoke free() on an invalid pointer. The trouble is that
parse_locator(), when finding a default file, sets i->file to
the return value of default_file(). Sometimes (when $MP_CONFIG_FILE
is set), this will be malloc()ed memory, and all is well. But
when $MP_CONFIG_FILE is unset and one of the default_ini_path_names[]
exists, then a pointer to the static string is returned (line 367), which
eventually gets stored into i->file by parse_locator() (line 106)
and then free()d in np_get_defaults() (line 139). This bug is still
present as of commit 9661ee74.
To reproduce: create a valid config file (e.g., /etc/monitoring-plugins.ini),
compile or run with a sufficiently pedantic free() implementation
(gcc 6.4.0/glibc 2.25 will do it for me, or use valgrind), and then
run (e.g.) "check_snmp -H 127.0.0.1 -o 1 --extra-opts".
To fix: apply the following patch. The new strdup() ensures that
default_file() always returns malloc()ed memory, whether the filename
is constructed from an environment variable or merely set to a
built-in default.
--- a/lib/parse_ini.c
+++ b/lib/parse_ini.c
@@ -364,7 +364,7 @@
return ini_file;
for (p = default_ini_path_names; *p != NULL; p++)
if (access(*p, F_OK) == 0)
- return *p;
+ return strdup(*p);
return NULL;
}
Thanks,
Gary.
--
Gary Wong gtw at gnu.org http://www.cs.utah.edu/~gtw/
More information about the Devel
mailing list