From: Paul Mackerras <paulus@ozlabs.org>
Date: Sat, 23 Jun 2018 07:26:42 +0000 (+1000)
Subject: pppd: Don't try to free(NULL - 1)
X-Git-Tag: ppp-2.4.8~34
X-Git-Url: https://git.ozlabs.org/?a=commitdiff_plain;h=b5a2fd5ca2cd00b564d829c352d825902fba13a0;hp=292c35d97edb6eca5f7af7aae31488cca2c2ca6f;p=ppp.git

pppd: Don't try to free(NULL - 1)

A logic bug in update_script_environment() means that it can call
remove_script_env() even when the variable being removed is not
present in the script_env array.  The result of that is that
remove_script_env() will call free() with argument NULL - 1.
To fix this, we avoid calling remove_script_env() in this case.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---

diff --git a/pppd/main.c b/pppd/main.c
index 76b67d2..e09b6ff 100644
--- a/pppd/main.c
+++ b/pppd/main.c
@@ -1751,7 +1751,7 @@ update_script_environment()
 		script_env[i] = newstring;
 	    else
 		add_script_env(i, newstring);
-	} else {
+	} else if (p != NULL) {
 	    remove_script_env(i);
 	}
     }