[PATCH] do not free string returned by login_getcapstr

Thorsten Glaser t.glaser at tarent.de
Tue Feb 16 11:08:43 AEDT 2021

On Tue, 16 Feb 2021, Damien Miller wrote:
> On Mon, 15 Feb 2021, Ed Maste wrote:
> > From the login_getcapstr man page,
> > > Note that with all functions in this group, you should not call free(3)
> > > on any pointers returned.  Memory allocated during retrieval or
> > > processing of capability tags is automatically reused by subsequent calls
> > > to functions in this group, or deallocated on calling login_close().
> This seems to be a divergence between FreeBSD and OpenBSD. OpenBSD has
> >     The string returned by login_getcapstr() is allocated via
> >     malloc(3) when the specified capability is present and thus
> >     it is the responsibility of the caller to free() this space.
> >     However, if the capability was not found or an error
> >     occurred and def or err (whichever is relevant) are non-NULL
> >     the returned value is simply what was passed in to
> >     login_getcapstr().  Therefore it is not possible to blindly
> >     free() the return value without first checking it against
> >     def and err.
> NetBSD is idential to OpenBSD. I guess we'll need to special-case FreeBSD
> and anything else that derives from that codebase. Does anyone know what
> else does it the FreeBSD way? (I'm guessing Dragonfly...)

MidnightBSD, perhaps? laffer1, can you comment?

«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database”	(#nosec)    ‣‣‣ Please let MySQL and MariaDB finally die!

More information about the openssh-unix-dev mailing list