[commit] r1771 - trunk/util/ich_descriptors_tool - flashrom

26 Apr 2014

Author: stefanct
Date: Sat Apr 26 18:11:21 2014
New Revision: 1771
URL: http://flashrom.org/trac/flashrom/changeset/1771
Log:
CID1130011: Use after free in ich_descriptor_tool.
Signed-off-by: Stefan Reinauer stefan.reinauer@coreboot.org
Acked-by: Stefan Tauner stefan.tauner@alumni.tuwien.ac.at
Modified:
   trunk/util/ich_descriptors_tool/ich_descriptors_tool.c
Modified: trunk/util/ich_descriptors_tool/ich_descriptors_tool.c
==============================================================================

--- trunk/util/ich_descriptors_tool/ich_descriptors_tool.c	Sat Apr 26 18:11:07 2014	(r1770)
+++ trunk/util/ich_descriptors_tool/ich_descriptors_tool.c	Sat Apr 26 18:11:21 2014	(r1771)
@@ -77,12 +77,13 @@
    printf("Dumping %u bytes of the %s region from 0x%08x-0x%08x to %s... ",
           file_len, region_names[i], base, limit, fn);
    int fh = open(fn, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
-	free(fn);
    if (fh < 0) {
    	fprintf(stderr,
    		"ERROR: couldn't open(%s): %s\n", fn, strerror(errno));
+		free(fn);
    	exit(1);
    }
+	free(fn);
ret = write(fh, &dump[base >> 2], file_len);
    if (ret != file_len) {

    