From faecd86ee6649044c8ef14f2f7634fa8bc503114 Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Sat, 6 Feb 2016 22:26:29 +0100 Subject: factotum: fix nil pointer crash on p9skclosekey(), thanks k0ga oversight, closekey is called again even if addkey failed, which will have Key.priv nil. stack trace: memset(data=0x0,n=0x1f8)+0x58 /sys/src/libc/arm/memset.s:40 p9skclosekey(k=0x55358)+0x18 /sys/src/cmd/auth/factotum/p9sk1.c:493 closekey(k=0x55358)+0x7c /sys/src/cmd/auth/factotum/util.c:247 ctlwrite(a=0x552f8,atzero=0x0)+0x320 /sys/src/cmd/auth/factotum/rpc.c:503 fswrite(r=0x53b78)+0x1b0 /sys/src/cmd/auth/factotum/fs.c:574 swrite(r=0x53b78,srv=0x423e8)+0x134 /sys/src/lib9p/srv.c:559 srvwork()+0x2a4 /sys/src/lib9p/srv.c:746 srv(srv=0x423e8)+0xcc /sys/src/lib9p/srv.c:825 postproc()+0x3c /sys/src/lib9p/post.c:120 rforker(flag=0x1,fn=0x39f98,arg=0x423e8)+0x34 /sys/src/lib9p/rfork.c:16 _postmountsrv(s=0x423e8,name=0x0,mtpt=0x46f70,flag=0x1)+0xb8 /sys/src/lib9p/post.c:27 postmountsrv(name=0x0,mtpt=0x46f70,flag=0x1)+0x20 /sys/src/lib9p/rfork.c:32 main(argv=0x1fffff9c,argc=0x0)+0x23c /sys/src/cmd/auth/factotum/fs.c:157 _main+0x28 /sys/src/libc/arm/main9.s:19 acid: /sys/src/cmd/auth/factotum/p9sk1.c:493 --- sys/src/cmd/auth/factotum/p9sk1.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/src/cmd/auth/factotum/p9sk1.c b/sys/src/cmd/auth/factotum/p9sk1.c index 4dd8fad7d..b2f21558f 100644 --- a/sys/src/cmd/auth/factotum/p9sk1.c +++ b/sys/src/cmd/auth/factotum/p9sk1.c @@ -490,6 +490,8 @@ p9skaddkey(Key *k, int before) static void p9skclosekey(Key *k) { + if(k->priv == nil) + return; memset(k->priv, 0, sizeof(Authkey)); free(k->priv); } -- cgit v1.2.3