From: Cheyenne Wills <cwills@sinenomine.net>
Date: Tue, 25 Jun 2019 16:40:53 +0000 (-0600)
Subject: util: serverLog using memory after free
X-Git-Tag: debian/1.8.4_pre1-1~9^2^2~11
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=5d84f2a10f61e8b68b4bff18784efeb91845eef8;p=packages%2Fo%2Fopenafs.git

util: serverLog using memory after free

clang's scan-build detected a "use of memory after it is freed"
condition.

The function OpenLogFile frees the variable ourName before creating a
duplicate of the name passed to it.  However there is a call that uses
ourName as the parameter: OpenLogFile(ourName).  This results in freeing
ourName then doing a strdup of the same memory location.

Test the passed parameter and if it's the same as ourName already skip
the free and strdup.

This bug was introduced in commit
    340ec2f79208ee21c3130c4b1c13995947ce426c
    "util: allocate log filename buffers"

Reviewed-on: https://gerrit.openafs.org/13659
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f5f59cd8d336b153e2b762bb7afd16e6ab1b1ee2)

Change-Id: Ia1ae1144493fa682595b365324322d8d273c0cbb
Reviewed-on: https://gerrit.openafs.org/13675
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---

diff --git a/src/util/serverLog.c b/src/util/serverLog.c
index a250d6533..13dbed87c 100644
--- a/src/util/serverLog.c
+++ b/src/util/serverLog.c
@@ -575,9 +575,12 @@ OpenLogFile(const char *fileName)
     RedirectStdStreams(fileName);
 
     /* Save our name for reopening. */
-    free(ourName);
-    ourName = strdup(fileName);
-    opr_Assert(ourName != NULL);
+    if (ourName != fileName) {
+	/* Make a copy if needed */
+	free(ourName);
+	ourName = strdup(fileName);
+	opr_Assert(ourName != NULL);
+    }
 
     serverLogFD = tempfd;