hello, During a static audit, a suspected double-free vulnerability was discovered
in funtion SLPDRegFileReadSrvReg of openslp/slpd/slpd_regfile.c
else
{
char * tmp_attrlist;
attrlistlen += strlen(slider1) + 3;
if ((tmp_attrlist = xrealloc(attrlist, attrlistlen + 1)) == 0)
{
xfree(attrlist);
result = SLP_ERROR_INTERNAL_ERROR;
goto CLEANUP;
}
attrlist = tmp_attrlist;
strcat(attrlist, ",");
}
it will xfree attrlist when xrealloc failed and it will be freed again when CLEANUP
CLEANUP:
/* check for errors and free memory */
switch(result)
{
case SLP_ERROR_INTERNAL_ERROR:
SLPDLog("\nERROR: Out of memory one reg file line:\n %s\n", line);
break;
case SLP_ERROR_INVALID_REGISTRATION:
SLPDLog("\nERROR: Invalid reg file format near:\n %s\n", line);
break;
case SLP_ERROR_SCOPE_NOT_SUPPORTED:
SLPDLog("\nERROR: Duplicate scopes or scope list with "
"embedded spaces near:\n %s\n", line);
break;
default:
break;
}
xfree(langtag);
xfree(scopelist);
xfree(url);
xfree(srvtype);
xfree(attrlist);
I compiled this project without DEBUG.
#else /* ?DEBUG */
void * slp_xmemdup(const void * ptr, size_t srclen);
#define xmalloc malloc
#define xcalloc calloc
#define xrealloc realloc
#define xfree free
#define xstrdup strdup
#define xmemdup slp_xmemdup
#endif /* ?DEBUG */
is it a bug?
hello, During a static audit, a suspected double-free vulnerability was discovered
in funtion SLPDRegFileReadSrvReg of openslp/slpd/slpd_regfile.c
it will xfree attrlist when xrealloc failed and it will be freed again when CLEANUP
I compiled this project without DEBUG.
is it a bug?