hare

The Hare programming language
git clone https://git.torresjrjr.com/hare.git
Log | Files | Refs | README | LICENSE
commit 4b064c0a701a7139b6e883327d959ce2d5b38fd1
parent 5764d11c89789a93bf654058ec96c9ce9116e4ca
Author: Alexey Yerin <yyp@disroot.org>
Date:   Sun, 18 Apr 2021 14:43:05 +0300

Fix use-after-free in unix::passwd

The implementation was calling {gr,pw}ent_finish on every iteration,
even when the names match. Which means that the caller would get an
entry which is already freed, causing segfaults.

Diffstat:

Munix/passwd/group.ha | 3++-


Munix/passwd/passwd.ha | 3++-


2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/unix/passwd/group.ha b/unix/passwd/group.ha
@@ -71,10 +71,11 @@ export fn getgroup(name: str) (grent | void) = {
 			io::EOF => break,
 			* => abort("Invalid entry in /etc/group"),
 		};
-		defer grent_finish(ent);
 
 		if (ent.name == name) {
 			return ent;
+		} else {
+			grent_finish(ent);
 		};
 	};
 
diff --git a/unix/passwd/passwd.ha b/unix/passwd/passwd.ha
@@ -89,10 +89,11 @@ export fn getuser(username: str) (pwent | void) = {
 			io::EOF => break,
 			* => abort("Invalid entry in /etc/passwd"),
 		};
-		defer pwent_finish(ent);
 
 		if (ent.username == username) {
 			return ent;
+		} else {
+			pwent_finish(ent);
 		};
 	};