From 330e445c29295f159007595e1106a7ec0d94b7bb Mon Sep 17 00:00:00 2001 From: Matteo Riondato Date: Thu, 20 Sep 2007 22:35:24 +0000 Subject: [PATCH] Fix some improper handling of malloc failures PR: bin/83344 , kern/81987 Reviewed by: alfred Approved by: re (kensmith) MFC after: 1 week --- lib/libc/rpc/auth_time.c | 27 ++++++++++++++++++--------- lib/libc/rpc/getnetconfig.c | 15 ++++++++++----- lib/libc/rpc/getnetpath.c | 13 ++++++++----- lib/libc/rpc/rpc_generic.c | 15 ++++++++------- lib/libc/rpc/rpcb_clnt.c | 13 +++++++++---- 5 files changed, 53 insertions(+), 30 deletions(-) diff --git a/lib/libc/rpc/auth_time.c b/lib/libc/rpc/auth_time.c index ae108c28ef9..7aea23268a5 100644 --- a/lib/libc/rpc/auth_time.c +++ b/lib/libc/rpc/auth_time.c @@ -156,6 +156,7 @@ get_server(sin, host, srv, eps, maxep) struct hostent *he; struct hostent dummy; char *ptr[2]; + endpoint *ep; if (host == NULL && sin == NULL) return (NULL); @@ -175,26 +176,34 @@ get_server(sin, host, srv, eps, maxep) * This is lame. We go around once for TCP, then again * for UDP. */ - for (i = 0; (he->h_addr_list[i] != NULL) && (num_ep < maxep); - i++, num_ep++) { + for (i = 0, ep = eps; (he->h_addr_list[i] != NULL) && (num_ep < maxep); + i++, ep++, num_ep++) { struct in_addr *a; a = (struct in_addr *)he->h_addr_list[i]; snprintf(hname, sizeof(hname), "%s.0.111", inet_ntoa(*a)); - eps[num_ep].uaddr = strdup(hname); - eps[num_ep].family = strdup("inet"); - eps[num_ep].proto = strdup("tcp"); + ep->uaddr = strdup(hname); + ep->family = strdup("inet"); + ep->proto = strdup("tcp"); + if (ep->uaddr == NULL || ep->family == NULL || ep->proto == NULL) { + free_eps(eps, num_ep + 1); + return (NULL); + } } for (i = 0; (he->h_addr_list[i] != NULL) && (num_ep < maxep); - i++, num_ep++) { + i++, ep++, num_ep++) { struct in_addr *a; a = (struct in_addr *)he->h_addr_list[i]; snprintf(hname, sizeof(hname), "%s.0.111", inet_ntoa(*a)); - eps[num_ep].uaddr = strdup(hname); - eps[num_ep].family = strdup("inet"); - eps[num_ep].proto = strdup("udp"); + ep->uaddr = strdup(hname); + ep->family = strdup("inet"); + ep->proto = strdup("udp"); + if (ep->uaddr == NULL || ep->family == NULL || ep->proto == NULL) { + free_eps(eps, num_ep + 1); + return (NULL); + } } srv->name = (nis_name) host; diff --git a/lib/libc/rpc/getnetconfig.c b/lib/libc/rpc/getnetconfig.c index 484df5cb95d..1bb3368ab35 100644 --- a/lib/libc/rpc/getnetconfig.c +++ b/lib/libc/rpc/getnetconfig.c @@ -534,6 +534,7 @@ struct netconfig *ncp; /* where to put results */ { char *tokenp; /* for processing tokens */ char *lasts; + char **nc_lookups; nc_error = NC_BADFILE; /* nearly anything that breaks is for this reason */ stringp[strlen(stringp)-1] = '\0'; /* get rid of newline */ @@ -599,14 +600,18 @@ struct netconfig *ncp; /* where to put results */ if (ncp->nc_lookups != NULL) /* from last visit */ free(ncp->nc_lookups); - /* preallocate one string pointer */ - ncp->nc_lookups = (char **)malloc(sizeof (char *)); + ncp->nc_lookups = NULL; ncp->nc_nlookups = 0; while ((cp = tokenp) != NULL) { + if ((nc_lookups = realloc(ncp->nc_lookups, + (ncp->nc_nlookups + 1) * sizeof *ncp->nc_lookups)) == NULL) { + free(ncp->nc_lookups); + ncp->nc_lookups = NULL; + return (-1); + } tokenp = _get_next_token(cp, ','); - ncp->nc_lookups[(size_t)ncp->nc_nlookups++] = cp; - ncp->nc_lookups = (char **)realloc(ncp->nc_lookups, - (size_t)(ncp->nc_nlookups+1) *sizeof(char *)); /* for next loop */ + ncp->nc_lookups = nc_lookups; + ncp->nc_lookups[ncp->nc_nlookups++] = cp; } } return (0); diff --git a/lib/libc/rpc/getnetpath.c b/lib/libc/rpc/getnetpath.c index a0a4bfd47a4..0563544df2a 100644 --- a/lib/libc/rpc/getnetpath.c +++ b/lib/libc/rpc/getnetpath.c @@ -101,7 +101,7 @@ setnetpath() if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) { free(np_sessionp); syslog (LOG_ERR, "rpc: failed to open " NETCONFIG); - return (NULL); + goto failed; } np_sessionp->valid = NP_VALID; np_sessionp->ncp_list = NULL; @@ -110,15 +110,18 @@ setnetpath() } else { (void) endnetconfig(np_sessionp->nc_handlep);/* won't need nc session*/ np_sessionp->nc_handlep = NULL; - if ((np_sessionp->netpath = malloc(strlen(npp)+1)) == NULL) { - free(np_sessionp); - return (NULL); - } else { + if ((np_sessionp->netpath = malloc(strlen(npp)+1)) == NULL) + goto failed; + else { (void) strcpy(np_sessionp->netpath, npp); } } np_sessionp->netpath_start = np_sessionp->netpath; return ((void *)np_sessionp); + +failed: + free(np_sessionp); + return (NULL); } /* diff --git a/lib/libc/rpc/rpc_generic.c b/lib/libc/rpc/rpc_generic.c index a5168c457fe..81bd92b1e13 100644 --- a/lib/libc/rpc/rpc_generic.c +++ b/lib/libc/rpc/rpc_generic.c @@ -319,10 +319,8 @@ __rpc_setconf(nettype) case _RPC_NETPATH: case _RPC_CIRCUIT_N: case _RPC_DATAGRAM_N: - if (!(handle->nhandle = setnetpath())) { - free(handle); - return (NULL); - } + if (!(handle->nhandle = setnetpath())) + goto failed; handle->nflag = TRUE; break; case _RPC_VISIBLE: @@ -332,16 +330,19 @@ __rpc_setconf(nettype) case _RPC_UDP: if (!(handle->nhandle = setnetconfig())) { syslog (LOG_ERR, "rpc: failed to open " NETCONFIG); - free(handle); - return (NULL); + goto failed; } handle->nflag = FALSE; break; default: - return (NULL); + goto failed; } return (handle); + +failed: + free(handle); + return (NULL); } /* diff --git a/lib/libc/rpc/rpcb_clnt.c b/lib/libc/rpc/rpcb_clnt.c index aa9d6ed7aef..afef8061c67 100644 --- a/lib/libc/rpc/rpcb_clnt.c +++ b/lib/libc/rpc/rpcb_clnt.c @@ -384,10 +384,15 @@ getclnthandle(host, nconf, targaddr) return (NULL); } else { struct sockaddr_un sun; - - *targaddr = malloc(sizeof(sun.sun_path)); - strncpy(*targaddr, _PATH_RPCBINDSOCK, - sizeof(sun.sun_path)); + if (targaddr) { + *targaddr = malloc(sizeof(sun.sun_path)); + if (*targaddr == NULL) { + CLNT_DESTROY(client); + return (NULL); + } + strncpy(*targaddr, _PATH_RPCBINDSOCK, + sizeof(sun.sun_path)); + } return (client); } } else {