Closed jaguo closed 1 year ago
Describe the bug https://github.com/falcosecurity/libs/blob/master/userspace/libscap/linux/scap_userlist.c#L297 if grpidx is 0, then realloc size is 0. such as getgrent failed.
grpidx
https://linux.die.net/man/3/realloc If size was equal to 0, either NULL or a pointer suitable to be passed to free() is returned
https://github.com/falcosecurity/libs/blob/master/userspace/libscap/linux/scap_userlist.c#L302 then free(userlist->groups) will cause double free.
How to reproduce it
Expected behaviour
Screenshots
Environment
Additional context
Hi! Thanks for opening this issue! And great catch btw :) Would you mind opening a PR to fix this?
Describe the bug https://github.com/falcosecurity/libs/blob/master/userspace/libscap/linux/scap_userlist.c#L297 if
grpidx
is 0, then realloc size is 0. such as getgrent failed.https://linux.die.net/man/3/realloc If size was equal to 0, either NULL or a pointer suitable to be passed to free() is returned
https://github.com/falcosecurity/libs/blob/master/userspace/libscap/linux/scap_userlist.c#L302 then free(userlist->groups) will cause double free.
How to reproduce it
Expected behaviour
Screenshots
Environment
Additional context