[stunnel-users] fix resource leaks and potential null dereferences in 4.54

Michal Trojnara Michal.Trojnara at mirt.net
Sat Feb 2 18:30:16 CET 2013

On 2013-01-30 03:00, Arthur Mesh wrote:
> I, the copyright holder of this work, hereby release it into the public
> domain. This applies worldwide.
> In case this is not legally possible, I grant any entity the right to
> use this work for any purpose, without any conditions, unless such
> conditions are required by law.
Thank you.
> -    char line_text[CONFLINELEN], *errstr;
> +    char line_text[CONFLINELEN], *errstr = NULL;
Were you able to identify a case where it's used without
initialization?  This is interesting.
It would be a good idea to fix it there instead of implementing a
workaround here.
> -        s_log(LOG_ERR, "Service [%s]: %s", section->servname, errstr);
> +        s_log(LOG_ERR, "Service [%s]: %s", section ? section->servname : "",
> +              errstr);
Again it would be useful to fix the root cause instead of implementing a
> -        if(!strcasecmp(fl->name, string)) {
> +        if(string && !strcasecmp(fl->name, string)) {
Could you give an example parameter where "string" may be NULL here?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130202/a23881a2/attachment.sig>

More information about the stunnel-users mailing list