Fix use-after-free spotted by Ashwini Sharma's static analysis.

We xstrdup() an optargs string to avoid modifying our environment space (because it can change what "ps" shows to other processes), and then parse out colon delimited strings and save them in globals that can later be used in the -v codepath and so on. But those globals _aren't_ strdup (no point) which means we can't free the string while we're still using pointers into the middle of it. So move the free to the end. (I hardly ever test with CFG_TOYBOX_FREE switched on because even nommu doesn't need it.)
author: Rob Landley <rob@landley.net> 2014-10-09 12:17:36 -0500
committer: Rob Landley <rob@landley.net> 2014-10-09 12:17:36 -0500
commit: 7196d758a0728bd43451f869eb85528b6cd20bea (patch)
tree: e1e35e3ac05c1550564671ef9a20fae61b0c71ed
parent: 3087b50f123e310b55b74db765a87e121cbb11af (diff)
download: toybox-7196d758a0728bd43451f869eb85528b6cd20bea.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/toys/posix/chgrp.c b/toys/posix/chgrp.c
index 24af46ac..3aa25147 100644
--- a/toys/posix/chgrp.c
+++ b/toys/posix/chgrp.c
@@ -90,7 +90,6 @@ void chgrp_main(void)
       if (!p && isdigit(*own)) p=getpwuid(atoi(own));
       if (!p) error_exit("no user '%s'", own);
       TT.owner = p->pw_uid;
-      if (CFG_TOYBOX_FREE) free(own);
     }
   } else TT.group_name = *toys.optargs;
 
@@ -107,4 +106,6 @@ void chgrp_main(void)
     if (new) dirtree_handle_callback(new, do_chgrp);
     else toys.exitval = 1;
   }
+
+  if (CFG_TOYBOX_FREE && ischown) free(own);
 }
author	Rob Landley <rob@landley.net>	2014-10-09 12:17:36 -0500
committer	Rob Landley <rob@landley.net>	2014-10-09 12:17:36 -0500
commit	7196d758a0728bd43451f869eb85528b6cd20bea (patch)
tree	e1e35e3ac05c1550564671ef9a20fae61b0c71ed
parent	3087b50f123e310b55b74db765a87e121cbb11af (diff)
download	toybox-7196d758a0728bd43451f869eb85528b6cd20bea.tar.gz