In dirswitch(), don't free dir_name until right before allocating

it again. This removes a potential double-free problem, whereby this function could free dir_name and then immediately return due to invalid directory syntax (without ever reassigning dir_name), then re-enter and free dir_name again. Fix from Stefan Esser.
author: millert <millert@openbsd.org> 2003-01-20 02:52:50 +0000
committer: millert <millert@openbsd.org> 2003-01-20 02:52:50 +0000
commit: 58f68c37912e597c6e47d69daad60bfac3c659f6 (patch)
tree: 7a997766aec9d831ecf3ef3f775c28ed5946102e /gnu/usr.bin/cvs/src
parent: sync (diff)
download: wireguard-openbsd-58f68c37912e597c6e47d69daad60bfac3c659f6.tar.xz
wireguard-openbsd-58f68c37912e597c6e47d69daad60bfac3c659f6.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/gnu/usr.bin/cvs/src/server.c b/gnu/usr.bin/cvs/src/server.c
index 762a6d72438..4a61b1dbf14 100644
--- a/gnu/usr.bin/cvs/src/server.c
+++ b/gnu/usr.bin/cvs/src/server.c
@@ -977,9 +977,6 @@ dirswitch (dir, repos)
 	return;
     }
 
-    if (dir_name != NULL)
-	free (dir_name);
-
     dir_len = strlen (dir);
 
     /* Check for a trailing '/'.  This is not ISDIRSEP because \ in the
@@ -995,6 +992,9 @@ dirswitch (dir, repos)
 	return;
     }
 
+    if (dir_name != NULL)
+	free (dir_name);
+
     dir_name = malloc (strlen (server_temp_dir) + dir_len + 40);
     if (dir_name == NULL)
     {
author	millert <millert@openbsd.org>	2003-01-20 02:52:50 +0000
committer	millert <millert@openbsd.org>	2003-01-20 02:52:50 +0000
commit	58f68c37912e597c6e47d69daad60bfac3c659f6 (patch)
tree	7a997766aec9d831ecf3ef3f775c28ed5946102e /gnu/usr.bin/cvs/src
parent	sync (diff)
download	wireguard-openbsd-58f68c37912e597c6e47d69daad60bfac3c659f6.tar.xz wireguard-openbsd-58f68c37912e597c6e47d69daad60bfac3c659f6.zip