pppd: Don't try to free(NULL - 1)
authorPaul Mackerras <paulus@ozlabs.org>
Sat, 23 Jun 2018 07:26:42 +0000 (17:26 +1000)
committerPaul Mackerras <paulus@ozlabs.org>
Sat, 23 Jun 2018 07:26:42 +0000 (17:26 +1000)
A logic bug in update_script_environment() means that it can call
remove_script_env() even when the variable being removed is not
present in the script_env array.  The result of that is that
remove_script_env() will call free() with argument NULL - 1.
To fix this, we avoid calling remove_script_env() in this case.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
pppd/main.c

index 76b67d2485b71ce4dc11c6a9cd7ecfd2293f21d9..e09b6ffcce32bd06389d91da6276f24c1e009007 100644 (file)
@@ -1751,7 +1751,7 @@ update_script_environment()
                script_env[i] = newstring;
            else
                add_script_env(i, newstring);
-       } else {
+       } else if (p != NULL) {
            remove_script_env(i);
        }
     }