[stunnel-users] fix resource leaks and potential null dereferences in 4.54

• Previous message (by thread): [stunnel-users] fix resource leaks and potential null dereferences in 4.54
• Next message (by thread): [stunnel-users] X509 certificate info extract and use
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Many times these tools produce false positives. It takes a trained
developerto spot them.

On Saturday, February 2, 2013, Michal Trojnara wrote:

> On 2013-01-30 03:00, Arthur Mesh wrote:
> > I, the copyright holder of this work, hereby release it into the public
> > domain. This applies worldwide.
> >
> > In case this is not legally possible, I grant any entity the right to
> > use this work for any purpose, without any conditions, unless such
> > conditions are required by law.
> Thank you.
> > -    char line_text[CONFLINELEN], *errstr;
> > +    char line_text[CONFLINELEN], *errstr = NULL;
> Were you able to identify a case where it's used without
> initialization?  This is interesting.
> It would be a good idea to fix it there instead of implementing a
> workaround here.
> > -        s_log(LOG_ERR, "Service [%s]: %s", section->servname, errstr);
> > +        s_log(LOG_ERR, "Service [%s]: %s", section ? section->servname
> : "",
> > +              errstr);
> Again it would be useful to fix the root cause instead of implementing a
> workaround.
> > -        if(!strcasecmp(fl->name, string)) {
> > +        if(string && !strcasecmp(fl->name, string)) {
> Could you give an example parameter where "string" may be NULL here?
>
> Mike
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130203/dbe2dee2/attachment.html>

• Previous message (by thread): [stunnel-users] fix resource leaks and potential null dereferences in 4.54
• Next message (by thread): [stunnel-users] X509 certificate info extract and use
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]