From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: skill: Fix getline() usage.
X-Git-Tag: v3.3.15~119
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=453e1df5d1d0fa94f238b266962bf60a1ccb9b38;p=procps-ng

skill: Fix getline() usage.

man getline: "If *lineptr is set to NULL and *n is set 0 before the
call, then getline() will allocate a buffer for storing the line. This
buffer should be freed by the user program even if getline() failed."
---

diff --git a/skill.c b/skill.c
index 1a5b3e03..40ec787d 100644
--- a/skill.c
+++ b/skill.c
@@ -131,13 +131,15 @@ static void hurt_proc(int tty, int uid, int pid, const char *restrict const cmd,
 	char dn_buf[1000];
 	dev_to_tty(dn_buf, 999, tty, pid, ABBREV_DEV);
 	if (run_time->interactive) {
-		char *buf;
+		char *buf = NULL;
 		size_t len = 0;
 		fprintf(stderr, "%-8s %-8s %5d %-16.16s   ? ",
 			(char *)dn_buf, pwcache_get_user(uid), pid, cmd);
 		fflush (stdout);
-		if (getline(&buf, &len, stdin) == -1)
+		if (getline(&buf, &len, stdin) == -1) {
+			free(buf);
 			return;
+		}
 		if (rpmatch(buf) < 1) {
 			free(buf);
 			return;