summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrad Smith <brad@cvs.openbsd.org>2005-07-06 13:56:01 +0000
committerBrad Smith <brad@cvs.openbsd.org>2005-07-06 13:56:01 +0000
commit6f23ee77df223bf8150be11d42a0a4b0c3247eb5 (patch)
tree52890575e68f7f9ce2774f5ddb938adcb86881a8
parentb8e3724e3de90df9bddce398162156b5ce7559a4 (diff)
Add a bunch of malloc() return checks
From brian FreeBSD ok deraadt@ tdeval@
-rw-r--r--usr.sbin/ppp/ppp/ccp.c8
-rw-r--r--usr.sbin/ppp/ppp/chat.c9
-rw-r--r--usr.sbin/ppp/ppp/datalink.c22
-rw-r--r--usr.sbin/ppp/ppp/datalink.h3
-rw-r--r--usr.sbin/ppp/ppp/nat_cmd.c18
-rw-r--r--usr.sbin/ppp/ppp/physical.c9
-rw-r--r--usr.sbin/ppp/ppp/radius.c9
-rw-r--r--usr.sbin/ppp/ppp/route.c15
8 files changed, 62 insertions, 31 deletions
diff --git a/usr.sbin/ppp/ppp/ccp.c b/usr.sbin/ppp/ppp/ccp.c
index 54616323b19..2265ecba5d2 100644
--- a/usr.sbin/ppp/ppp/ccp.c
+++ b/usr.sbin/ppp/ppp/ccp.c
@@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: ccp.c,v 1.30 2002/07/02 00:13:19 brian Exp $
+ * $OpenBSD: ccp.c,v 1.31 2005/07/06 13:56:00 brad Exp $
*/
#include <sys/param.h>
@@ -364,7 +364,11 @@ CcpSendConfigReq(struct fsm *fp)
break;
if (alloc || *o == NULL) {
- *o = (struct ccp_opt *)malloc(sizeof(struct ccp_opt));
+ if ((*o = (struct ccp_opt *)malloc(sizeof(struct ccp_opt))) == NULL) {
+ log_Printf(LogERROR, "%s: Not enough memory for CCP REQ !\n",
+ fp->link->name);
+ break;
+ }
(*o)->val.hdr.id = algorithm[f]->id;
(*o)->val.hdr.len = 2;
(*o)->next = NULL;
diff --git a/usr.sbin/ppp/ppp/chat.c b/usr.sbin/ppp/ppp/chat.c
index 685b54e0dfd..52cf3e3f10b 100644
--- a/usr.sbin/ppp/ppp/chat.c
+++ b/usr.sbin/ppp/ppp/chat.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: chat.c,v 1.20 2002/06/15 08:02:00 brian Exp $
+ * $OpenBSD: chat.c,v 1.21 2005/07/06 13:56:00 brad Exp $
*/
#include <sys/param.h>
@@ -243,9 +243,10 @@ chat_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n)
break;
}
c->abort.string[i].len = len;
- c->abort.string[i].data = (char *)malloc(len+1);
- memcpy(c->abort.string[i].data, c->exp+2, len+1);
- c->abort.num++;
+ if ((c->abort.string[i].data = (char *)malloc(len+1)) != NULL) {
+ memcpy(c->abort.string[i].data, c->exp+2, len+1);
+ c->abort.num++;
+ }
} else
log_Printf(LogERROR, "chat_UpdateSet: too many abort strings\n");
gotabort = 0;
diff --git a/usr.sbin/ppp/ppp/datalink.c b/usr.sbin/ppp/ppp/datalink.c
index cd7031417a1..299fd5a6ffa 100644
--- a/usr.sbin/ppp/ppp/datalink.c
+++ b/usr.sbin/ppp/ppp/datalink.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: datalink.c,v 1.43 2003/04/07 23:58:53 deraadt Exp $
+ * $OpenBSD: datalink.c,v 1.44 2005/07/06 13:56:00 brad Exp $
*/
#include <sys/param.h>
@@ -79,6 +79,7 @@
static void datalink_LoginDone(struct datalink *);
static void datalink_NewState(struct datalink *, int);
+static char *datalink_NextName(struct datalink *);
static void
datalink_OpenTimeout(void *v)
@@ -1291,7 +1292,7 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov,
{
struct datalink *dl, *cdl;
struct fsm_retry copy;
- char *oname;
+ char *oname, *pname;
dl = (struct datalink *)iov[(*niov)++].iov_base;
dl->name = iov[*niov].iov_base;
@@ -1307,10 +1308,14 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov,
do {
for (cdl = bundle->links; cdl; cdl = cdl->next)
if (!strcasecmp(dl->name, cdl->name)) {
- if (oname)
- free(datalink_NextName(dl));
+ if ((pname = datalink_NextName(dl)) == NULL) {
+ for ((*niov)--; *niov < maxiov; (*niov)++)
+ free(iov[*niov].iov_base);
+ return NULL;
+ } else if (oname)
+ free(pname);
else
- oname = datalink_NextName(dl);
+ oname = pname;
break; /* Keep renaming 'till we have no conflicts */
}
} while (cdl);
@@ -1422,7 +1427,7 @@ datalink_Rename(struct datalink *dl, const char *name)
dl->physical->link.name = dl->name = strdup(name);
}
-char *
+static char *
datalink_NextName(struct datalink *dl)
{
int f, n;
@@ -1430,7 +1435,10 @@ datalink_NextName(struct datalink *dl)
size_t len;
len = strlen(dl->name);
- name = (char *)malloc(len+3);
+ if ((name = (char *)malloc(len+3)) == NULL) {
+ log_Printf(LogERROR, "datalink_NextName: Out of memory !\n");
+ return NULL;
+ }
for (f = len - 1; f >= 0; f--)
if (!isdigit(dl->name[f]))
break;
diff --git a/usr.sbin/ppp/ppp/datalink.h b/usr.sbin/ppp/ppp/datalink.h
index 4761c05c5af..2753b9a3ec9 100644
--- a/usr.sbin/ppp/ppp/datalink.h
+++ b/usr.sbin/ppp/ppp/datalink.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: datalink.h,v 1.9 2002/03/31 02:38:49 brian Exp $
+ * $OpenBSD: datalink.h,v 1.10 2005/07/06 13:56:00 brad Exp $
*/
#define DATALINK_CLOSED (0)
@@ -148,7 +148,6 @@ extern int datalink_SetRedial(struct cmdargs const *);
extern int datalink_SetReconnect(struct cmdargs const *);
extern const char *datalink_State(struct datalink *);
extern void datalink_Rename(struct datalink *, const char *);
-extern char *datalink_NextName(struct datalink *);
extern int datalink_RemoveFromSet(struct datalink *, fd_set *, fd_set *,
fd_set *);
extern int datalink_SetMode(struct datalink *, int);
diff --git a/usr.sbin/ppp/ppp/nat_cmd.c b/usr.sbin/ppp/ppp/nat_cmd.c
index d61d9a6441d..cfcb2e23e64 100644
--- a/usr.sbin/ppp/ppp/nat_cmd.c
+++ b/usr.sbin/ppp/ppp/nat_cmd.c
@@ -24,7 +24,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: nat_cmd.c,v 1.23 2003/04/07 23:58:53 deraadt Exp $
+ * $OpenBSD: nat_cmd.c,v 1.24 2005/07/06 13:56:00 brad Exp $
*/
#include <sys/param.h>
@@ -518,11 +518,17 @@ nat_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
case PKT_ALIAS_UNRESOLVED_FRAGMENT:
/* Save the data for later */
- fptr = malloc(bp->m_len);
- bp = mbuf_Read(bp, fptr, bp->m_len);
- PacketAliasSaveFragment(fptr);
- log_Printf(LogDEBUG, "Store another frag (%lu) - now %d\n",
- (unsigned long)((struct ip *)fptr)->ip_id, ++gfrags);
+ if ((fptr = malloc(bp->m_len)) == NULL) {
+ log_Printf(LogWARN, "nat_LayerPull: Dropped unresolved fragment -"
+ " out of memory!\n");
+ m_freem(bp);
+ bp = NULL;
+ } else {
+ bp = mbuf_Read(bp, fptr, bp->m_len);
+ PacketAliasSaveFragment(fptr);
+ log_Printf(LogDEBUG, "Store another frag (%lu) - now %d\n",
+ (unsigned long)((struct ip *)fptr)->ip_id, ++gfrags);
+ }
break;
case PKT_ALIAS_FOUND_HEADER_FRAGMENT:
diff --git a/usr.sbin/ppp/ppp/physical.c b/usr.sbin/ppp/ppp/physical.c
index e5af91676d2..9b4d85eb149 100644
--- a/usr.sbin/ppp/ppp/physical.c
+++ b/usr.sbin/ppp/ppp/physical.c
@@ -16,7 +16,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $OpenBSD: physical.c,v 1.36 2002/06/15 08:02:01 brian Exp $
+ * $OpenBSD: physical.c,v 1.37 2005/07/06 13:56:00 brad Exp $
*
*/
@@ -35,6 +35,7 @@
#include <string.h>
#include <sys/tty.h> /* TIOCOUTQ */
#include <sys/uio.h>
+#include <sysexits.h>
#include <time.h>
#include <unistd.h>
#include <utmp.h>
@@ -84,6 +85,7 @@
#include "prompt.h"
#include "chat.h"
#include "auth.h"
+#include "main.h"
#include "chap.h"
#include "cbcp.h"
#include "datalink.h"
@@ -722,7 +724,10 @@ physical2iov(struct physical *p, struct iovec *iov, int *niov, int maxiov,
if (h && h->device2iov)
(*h->device2iov)(h, iov, niov, maxiov, auxfd, nauxfd);
else {
- iov[*niov].iov_base = malloc(sz);
+ if ((iov[*niov].iov_base = malloc(sz)) == NULL) {
+ log_Printf(LogALERT, "physical2iov: Out of memory (%d bytes)\n", sz);
+ AbortProgram(EX_OSERR);
+ }
if (h)
memcpy(iov[*niov].iov_base, h, sizeof *h);
iov[*niov].iov_len = sz;
diff --git a/usr.sbin/ppp/ppp/radius.c b/usr.sbin/ppp/ppp/radius.c
index 31bf41ebb63..881011497ef 100644
--- a/usr.sbin/ppp/ppp/radius.c
+++ b/usr.sbin/ppp/ppp/radius.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: radius.c,v 1.24 2003/08/06 21:08:08 millert Exp $
+ * $OpenBSD: radius.c,v 1.25 2005/07/06 13:56:00 brad Exp $
*
*/
@@ -210,8 +210,11 @@ demangle(struct radius *r, const void *mangled, size_t mlen,
return;
}
- *buf = malloc(*len);
- memcpy(*buf, P + 1, *len);
+ if ((*buf = malloc(*len)) == NULL) {
+ log_Printf(LogWARN, "demangle: Out of memory (%lu bytes)\n", (u_long)*len);
+ *len = 0;
+ } else
+ memcpy(*buf, P + 1, *len);
}
#endif
diff --git a/usr.sbin/ppp/ppp/route.c b/usr.sbin/ppp/ppp/route.c
index 65fa4b995c5..51c88382c3f 100644
--- a/usr.sbin/ppp/ppp/route.c
+++ b/usr.sbin/ppp/ppp/route.c
@@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: route.c,v 1.30 2005/01/20 14:58:14 markus Exp $
+ * $OpenBSD: route.c,v 1.31 2005/07/06 13:56:00 brad Exp $
*/
#include <sys/param.h>
@@ -277,10 +277,15 @@ Index2Nam(int idx)
}
if (ifs[ifm->ifm_index-1] == NULL) {
ifs[ifm->ifm_index-1] = (char *)malloc(dl->sdl_nlen+1);
- memcpy(ifs[ifm->ifm_index-1], dl->sdl_data, dl->sdl_nlen);
- ifs[ifm->ifm_index-1][dl->sdl_nlen] = '\0';
- if (route_nifs < ifm->ifm_index)
- route_nifs = ifm->ifm_index;
+ if (ifs[ifm->ifm_index-1] == NULL)
+ log_Printf(LogDEBUG, "Skipping interface %d: Out of memory\n",
+ ifm->ifm_index);
+ else {
+ memcpy(ifs[ifm->ifm_index-1], dl->sdl_data, dl->sdl_nlen);
+ ifs[ifm->ifm_index-1][dl->sdl_nlen] = '\0';
+ if (route_nifs < ifm->ifm_index)
+ route_nifs = ifm->ifm_index;
+ }
}
} else if (log_IsKept(LogDEBUG))
log_Printf(LogDEBUG, "Skipping out-of-range interface %d!\n",