From 22bb049011bc6957244bc61a8334da2a5db86d04 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Fri, 12 Oct 2012 03:09:05 +0200 Subject: [PATCH] Fix a use-after-free problem in initialization (#1920) Don't store the result of c_str(). Luckily, this only affects logging, though it could crash or leak sensitive data to the log in rare cases. --- src/init.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/init.cpp b/src/init.cpp index bdddc631..8a928218 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -440,7 +440,7 @@ bool AppInit2() // ********************************************************* Step 4: application initialization: dir lock, daemonize, pidfile, debug log - const char* pszDataDir = GetDataDir().string().c_str(); + std::string strDataDir = GetDataDir().string(); // Make sure only a single Bitcoin process is using the data directory. boost::filesystem::path pathLockFile = GetDataDir() / ".lock"; @@ -448,7 +448,7 @@ bool AppInit2() if (file) fclose(file); static boost::interprocess::file_lock lock(pathLockFile.string().c_str()); if (!lock.try_lock()) - return InitError(strprintf(_("Cannot obtain a lock on data directory %s. Bitcoin is probably already running."), pszDataDir)); + return InitError(strprintf(_("Cannot obtain a lock on data directory %s. Bitcoin is probably already running."), strDataDir.c_str())); #if !defined(WIN32) && !defined(QT_GUI) if (fDaemon) @@ -480,7 +480,7 @@ bool AppInit2() if (!fLogTimestamps) printf("Startup time: %s\n", DateTimeStrFormat("%x %H:%M:%S", GetTime()).c_str()); printf("Default data directory %s\n", GetDefaultDataDir().string().c_str()); - printf("Used data directory %s\n", pszDataDir); + printf("Used data directory %s\n", strDataDir.c_str()); std::ostringstream strErrors; if (fDaemon) @@ -496,7 +496,7 @@ bool AppInit2() { string msg = strprintf(_("Error initializing database environment %s!" " To recover, BACKUP THAT DIRECTORY, then remove" - " everything from it except for wallet.dat."), pszDataDir); + " everything from it except for wallet.dat."), strDataDir.c_str()); return InitError(msg); } @@ -515,7 +515,7 @@ bool AppInit2() string msg = strprintf(_("Warning: wallet.dat corrupt, data salvaged!" " Original wallet.dat saved as wallet.{timestamp}.bak in %s; if" " your balance or transactions are incorrect you should" - " restore from a backup."), pszDataDir); + " restore from a backup."), strDataDir.c_str()); uiInterface.ThreadSafeMessageBox(msg, _("Bitcoin"), CClientUIInterface::OK | CClientUIInterface::ICON_EXCLAMATION | CClientUIInterface::MODAL); } if (r == CDBEnv::RECOVER_FAIL) @@ -634,7 +634,7 @@ bool AppInit2() { string msg = strprintf(_("Error initializing database environment %s!" " To recover, BACKUP THAT DIRECTORY, then remove" - " everything from it except for wallet.dat."), pszDataDir); + " everything from it except for wallet.dat."), strDataDir.c_str()); return InitError(msg); }