From 9811e73aa9f67706e5d74ba811adeebadc195639 Mon Sep 17 00:00:00 2001 From: Thomas Adam Date: Sat, 30 Sep 2023 11:39:56 +0100 Subject: [PATCH] Infostore: guard against UAF Don't free the key without having copied it first, otherwise callers won't know if it's valid or not. Via Theo Buehler. --- fvwm/infostore.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fvwm/infostore.c b/fvwm/infostore.c index 3fbd2f77c..3695c4323 100644 --- a/fvwm/infostore.c +++ b/fvwm/infostore.c @@ -78,7 +78,7 @@ void insert_metainfo(char *key, char *value) /* It's a new item, add it to the list. */ mi_new = new_metainfo(); - mi_new->key = key; + mi_new->key = fxstrdup(key); CopyString(&mi_new->value, value); mi_new->next = mi_store; @@ -192,6 +192,7 @@ void CMD_InfoStoreAdd(F_CMD_ARGS) } insert_metainfo(key, value); + free(key); free(value); return;