[BZ #199]

2004-06-08  Jakub Jelinek  <jakub@redhat.com>
	[BZ #199]
	* crypt/md5-crypt.c (__md5_crypt): Only update buflen if realloc
	succeeds.  Reported by Miles Ohlrich <miles@cray.com>.

	* elf/chroot_canon.c (chroot_canon): Avoid segfault if first malloc
	fails.  Avoid memory leak if realloc fails.

3 files changed, 19 insertions, 8 deletions

diff --git a/ChangeLog b/ChangeLog
index 46fcd8de87..13ee51fed7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2004-06-08  Jakub Jelinek  <jakub@redhat.com>
+
+	[BZ #199]
+	* crypt/md5-crypt.c (__md5_crypt): Only update buflen if realloc
+	succeeds.  Reported by Miles Ohlrich <miles@cray.com>.
+
+	* elf/chroot_canon.c (chroot_canon): Avoid segfault if first malloc
+	fails.  Avoid memory leak if realloc fails.
+
 2004-06-09  Jakub Jelinek  <jakub@redhat.com>
 
 	* sysdeps/generic/setenv.c (setenv): Return -1/EINVAL if name is
diff --git a/crypt/md5-crypt.c b/crypt/md5-crypt.c
index ededfaec71..7ba1491db6 100644
--- a/crypt/md5-crypt.c
+++ b/crypt/md5-crypt.c
@@ -1,6 +1,7 @@
 /* One way encryption based on MD5 sum.
    Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0.
-   Copyright (C) 1996,1997,1999,2000,2001,2002 Free Software Foundation, Inc.
+   Copyright (C) 1996, 1997, 1999, 2000, 2001, 2002, 2004
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
 
@@ -250,15 +251,12 @@ __md5_crypt (const char *key, const char *salt)
 
   if (buflen < needed)
     {
-      char *new_buffer;
-
-      buflen = needed;
-
-      new_buffer = (char *) realloc (buffer, buflen);
+      char *new_buffer = (char *) realloc (buffer, needed);
       if (new_buffer == NULL)
 	return NULL;
 
       buffer = new_buffer;
+      buflen = needed;
     }
 
   return __md5_crypt_r (key, salt, buffer, buflen);
diff --git a/elf/chroot_canon.c b/elf/chroot_canon.c
index 6b7e444800..d29a032163 100644
--- a/elf/chroot_canon.c
+++ b/elf/chroot_canon.c
@@ -1,5 +1,6 @@
 /* Return the canonical absolute name of a given file inside chroot.
-   Copyright (C) 1996,1997,1998,1999,2000,2001 Free Software Foundation, Inc.
+   Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2004
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -59,6 +60,9 @@ chroot_canon (const char *chroot, const char *name)
     }
 
   rpath = malloc (chroot_len + PATH_MAX);
+  if (rpath == NULL)
+    return NULL;
+
   rpath_limit = rpath + chroot_len + PATH_MAX;
 
   rpath_root = (char *) mempcpy (rpath, chroot, chroot_len) - 1;
@@ -108,7 +112,7 @@ chroot_canon (const char *chroot, const char *name)
 		new_size += PATH_MAX;
 	      new_rpath = (char *) realloc (rpath, new_size);
 	      if (new_rpath == NULL)
-		return NULL;
+		goto error;
 	      rpath = new_rpath;
 	      rpath_limit = rpath + new_size;