unmap(): Prevent use-after-free if the map only consists of one item
authorFabian Keil <fk@fabiankeil.de>
Fri, 14 Nov 2014 10:39:49 +0000 (10:39 +0000)
committerFabian Keil <fk@fabiankeil.de>
Fri, 14 Nov 2014 10:39:49 +0000 (10:39 +0000)
CID 66394.

list.c

diff --git a/list.c b/list.c
index c234414..d311cce 100644 (file)
--- a/list.c
+++ b/list.c
@@ -1,4 +1,4 @@
-const char list_rcs[] = "$Id: list.c,v 1.30 2014/10/18 11:31:52 fabiankeil Exp $";
+const char list_rcs[] = "$Id: list.c,v 1.31 2014/10/21 12:01:59 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/list.c,v $
@@ -1064,7 +1064,7 @@ jb_err unmap(struct map *the_map, const char *name)
    assert(the_map);
    assert(name);
 
-   last_entry = the_map->first;
+   last_entry = NULL;
 
    for (cur_entry = the_map->first; cur_entry != NULL; cur_entry = cur_entry->next)
    {
@@ -1096,7 +1096,11 @@ jb_err unmap(struct map *the_map, const char *name)
          freez(cur_entry->name);
          freez(cur_entry->value);
          freez(cur_entry);
-
+         if (last_entry == NULL)
+         {
+            /* The map only had a single entry which has just been removed. */
+            break;
+         }
          cur_entry = last_entry;
       }
       else