From 453e1df5d1d0fa94f238b266962bf60a1ccb9b38 Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] skill: Fix getline() usage. man getline: "If *lineptr is set to NULL and *n is set 0 before the call, then getline() will allocate a buffer for storing the line. This buffer should be freed by the user program even if getline() failed." --- skill.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/skill.c b/skill.c index 1a5b3e03..40ec787d 100644 --- a/skill.c +++ b/skill.c @@ -131,13 +131,15 @@ static void hurt_proc(int tty, int uid, int pid, const char *restrict const cmd, char dn_buf[1000]; dev_to_tty(dn_buf, 999, tty, pid, ABBREV_DEV); if (run_time->interactive) { - char *buf; + char *buf = NULL; size_t len = 0; fprintf(stderr, "%-8s %-8s %5d %-16.16s ? ", (char *)dn_buf, pwcache_get_user(uid), pid, cmd); fflush (stdout); - if (getline(&buf, &len, stdin) == -1) + if (getline(&buf, &len, stdin) == -1) { + free(buf); return; + } if (rpmatch(buf) < 1) { free(buf); return;