From: Kevin Day Date: Wed, 18 May 2022 02:48:50 +0000 (-0500) Subject: Security: The realpath() calls malloc() and free() is not called (memory leak). X-Git-Tag: 0.5.10~117 X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=8bb9c4bca207462b44f22e993a007bad7e175077;p=fll Security: The realpath() calls malloc() and free() is not called (memory leak). I change the code and didn't realize that realpath() conditionally calls malloc(). When I change th code to pass a variable initialized to 0, I ended up triggering realpath() to call malloc(). This results in a memory leak. Instead, pass a statically allocated array. --- diff --git a/level_0/f_path/c/private-path.c b/level_0/f_path/c/private-path.c index c41f454..8ef4fed 100644 --- a/level_0/f_path/c/private-path.c +++ b/level_0/f_path/c/private-path.c @@ -8,9 +8,14 @@ extern "C" { #if !defined(_di_f_path_current_) || !defined(_di_f_path_real_) f_status_t private_f_path_real(const char *path, f_string_dynamic_t * const real) { - char *buffer = realpath(path, buffer); + // Use a static array so that realpath() does not call malloc(). + char temporary[PATH_MAX]; - if (buffer == 0) { + memset(temporary, 0, sizeof(char) * F_path_length_max_d); + + char * const buffer = realpath(path, temporary); + + if (!buffer) { if (errno == EACCES) return F_status_set_error(F_access_denied); if (errno == EINVAL) return F_status_set_error(F_parameter); if (errno == EIO) return F_status_set_error(F_input_output);