瀏覽代碼

HPCC-16981 Ensure StringAttr::set is safe when called with *this

Signed-off-by: Gavin Halliday <gavin.halliday@lexisnexis.com>
Gavin Halliday 8 年之前
父節點
當前提交
eb2b883ebb
共有 2 個文件被更改,包括 13 次插入9 次删除
  1. 10 9
      system/jlib/jstring.cpp
  2. 3 0
      system/security/LdapSecurity/ldapsecurity.cpp

+ 10 - 9
system/jlib/jstring.cpp

@@ -1318,24 +1318,25 @@ StringAttr& StringAttr::operator = (StringAttr && from)
 
 void StringAttr::set(const char * _text)
 {
-    free(text);
+    char * oldtext = text;
     text = _text ? strdup(_text) : NULL;
+    free(oldtext);
 }
 
 void StringAttr::set(const char * _text, unsigned _len)
 {
-  if (text)
-    free(text);
-  text = (char *)malloc(_len+1);
-  memcpy(text, _text, _len);
-  text[_len] = 0;
+    char * oldtext = text;
+    text = (char *)malloc(_len+1);
+    memcpy(text, _text, _len);
+    text[_len] = 0;
+    free(oldtext);
 }
 
 void StringAttr::setown(const char * _text)
 {
-  if (text)
-    free(text);
-  text = (char *)_text;
+    char * oldtext = text;
+    text = (char *)_text;
+    free(oldtext);
 }
 
 void StringAttr::set(const StringBuffer & source)

+ 3 - 0
system/security/LdapSecurity/ldapsecurity.cpp

@@ -196,6 +196,9 @@ bool CLdapSecUser::addToken(unsigned type, void * data, unsigned length)
 
 void CLdapSecUser::copyTo(ISecUser& destination)
 {
+    if (this == &destination)
+        return;
+
     CLdapSecUser* dest = dynamic_cast<CLdapSecUser*>(&destination);
     if(!dest)
         return;