diff options
| author | Brad Smith <brad@cvs.openbsd.org> | 2005-07-06 13:56:01 +0000 |
|---|---|---|
| committer | Brad Smith <brad@cvs.openbsd.org> | 2005-07-06 13:56:01 +0000 |
| commit | 6f23ee77df223bf8150be11d42a0a4b0c3247eb5 (patch) | |
| tree | 52890575e68f7f9ce2774f5ddb938adcb86881a8 /usr.sbin | |
| parent | b8e3724e3de90df9bddce398162156b5ce7559a4 (diff) | |
Add a bunch of malloc() return checks
From brian FreeBSD
ok deraadt@ tdeval@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ppp/ppp/ccp.c | 8 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/chat.c | 9 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/datalink.c | 22 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/datalink.h | 3 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/nat_cmd.c | 18 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/physical.c | 9 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/radius.c | 9 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/route.c | 15 |
8 files changed, 62 insertions, 31 deletions
diff --git a/usr.sbin/ppp/ppp/ccp.c b/usr.sbin/ppp/ppp/ccp.c index 54616323b19..2265ecba5d2 100644 --- a/usr.sbin/ppp/ppp/ccp.c +++ b/usr.sbin/ppp/ppp/ccp.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: ccp.c,v 1.30 2002/07/02 00:13:19 brian Exp $ + * $OpenBSD: ccp.c,v 1.31 2005/07/06 13:56:00 brad Exp $ */ #include <sys/param.h> @@ -364,7 +364,11 @@ CcpSendConfigReq(struct fsm *fp) break; if (alloc || *o == NULL) { - *o = (struct ccp_opt *)malloc(sizeof(struct ccp_opt)); + if ((*o = (struct ccp_opt *)malloc(sizeof(struct ccp_opt))) == NULL) { + log_Printf(LogERROR, "%s: Not enough memory for CCP REQ !\n", + fp->link->name); + break; + } (*o)->val.hdr.id = algorithm[f]->id; (*o)->val.hdr.len = 2; (*o)->next = NULL; diff --git a/usr.sbin/ppp/ppp/chat.c b/usr.sbin/ppp/ppp/chat.c index 685b54e0dfd..52cf3e3f10b 100644 --- a/usr.sbin/ppp/ppp/chat.c +++ b/usr.sbin/ppp/ppp/chat.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: chat.c,v 1.20 2002/06/15 08:02:00 brian Exp $ + * $OpenBSD: chat.c,v 1.21 2005/07/06 13:56:00 brad Exp $ */ #include <sys/param.h> @@ -243,9 +243,10 @@ chat_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n) break; } c->abort.string[i].len = len; - c->abort.string[i].data = (char *)malloc(len+1); - memcpy(c->abort.string[i].data, c->exp+2, len+1); - c->abort.num++; + if ((c->abort.string[i].data = (char *)malloc(len+1)) != NULL) { + memcpy(c->abort.string[i].data, c->exp+2, len+1); + c->abort.num++; + } } else log_Printf(LogERROR, "chat_UpdateSet: too many abort strings\n"); gotabort = 0; diff --git a/usr.sbin/ppp/ppp/datalink.c b/usr.sbin/ppp/ppp/datalink.c index cd7031417a1..299fd5a6ffa 100644 --- a/usr.sbin/ppp/ppp/datalink.c +++ b/usr.sbin/ppp/ppp/datalink.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: datalink.c,v 1.43 2003/04/07 23:58:53 deraadt Exp $ + * $OpenBSD: datalink.c,v 1.44 2005/07/06 13:56:00 brad Exp $ */ #include <sys/param.h> @@ -79,6 +79,7 @@ static void datalink_LoginDone(struct datalink *); static void datalink_NewState(struct datalink *, int); +static char *datalink_NextName(struct datalink *); static void datalink_OpenTimeout(void *v) @@ -1291,7 +1292,7 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov, { struct datalink *dl, *cdl; struct fsm_retry copy; - char *oname; + char *oname, *pname; dl = (struct datalink *)iov[(*niov)++].iov_base; dl->name = iov[*niov].iov_base; @@ -1307,10 +1308,14 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov, do { for (cdl = bundle->links; cdl; cdl = cdl->next) if (!strcasecmp(dl->name, cdl->name)) { - if (oname) - free(datalink_NextName(dl)); + if ((pname = datalink_NextName(dl)) == NULL) { + for ((*niov)--; *niov < maxiov; (*niov)++) + free(iov[*niov].iov_base); + return NULL; + } else if (oname) + free(pname); else - oname = datalink_NextName(dl); + oname = pname; break; /* Keep renaming 'till we have no conflicts */ } } while (cdl); @@ -1422,7 +1427,7 @@ datalink_Rename(struct datalink *dl, const char *name) dl->physical->link.name = dl->name = strdup(name); } -char * +static char * datalink_NextName(struct datalink *dl) { int f, n; @@ -1430,7 +1435,10 @@ datalink_NextName(struct datalink *dl) size_t len; len = strlen(dl->name); - name = (char *)malloc(len+3); + if ((name = (char *)malloc(len+3)) == NULL) { + log_Printf(LogERROR, "datalink_NextName: Out of memory !\n"); + return NULL; + } for (f = len - 1; f >= 0; f--) if (!isdigit(dl->name[f])) break; diff --git a/usr.sbin/ppp/ppp/datalink.h b/usr.sbin/ppp/ppp/datalink.h index 4761c05c5af..2753b9a3ec9 100644 --- a/usr.sbin/ppp/ppp/datalink.h +++ b/usr.sbin/ppp/ppp/datalink.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: datalink.h,v 1.9 2002/03/31 02:38:49 brian Exp $ + * $OpenBSD: datalink.h,v 1.10 2005/07/06 13:56:00 brad Exp $ */ #define DATALINK_CLOSED (0) @@ -148,7 +148,6 @@ extern int datalink_SetRedial(struct cmdargs const *); extern int datalink_SetReconnect(struct cmdargs const *); extern const char *datalink_State(struct datalink *); extern void datalink_Rename(struct datalink *, const char *); -extern char *datalink_NextName(struct datalink *); extern int datalink_RemoveFromSet(struct datalink *, fd_set *, fd_set *, fd_set *); extern int datalink_SetMode(struct datalink *, int); diff --git a/usr.sbin/ppp/ppp/nat_cmd.c b/usr.sbin/ppp/ppp/nat_cmd.c index d61d9a6441d..cfcb2e23e64 100644 --- a/usr.sbin/ppp/ppp/nat_cmd.c +++ b/usr.sbin/ppp/ppp/nat_cmd.c @@ -24,7 +24,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: nat_cmd.c,v 1.23 2003/04/07 23:58:53 deraadt Exp $ + * $OpenBSD: nat_cmd.c,v 1.24 2005/07/06 13:56:00 brad Exp $ */ #include <sys/param.h> @@ -518,11 +518,17 @@ nat_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp, case PKT_ALIAS_UNRESOLVED_FRAGMENT: /* Save the data for later */ - fptr = malloc(bp->m_len); - bp = mbuf_Read(bp, fptr, bp->m_len); - PacketAliasSaveFragment(fptr); - log_Printf(LogDEBUG, "Store another frag (%lu) - now %d\n", - (unsigned long)((struct ip *)fptr)->ip_id, ++gfrags); + if ((fptr = malloc(bp->m_len)) == NULL) { + log_Printf(LogWARN, "nat_LayerPull: Dropped unresolved fragment -" + " out of memory!\n"); + m_freem(bp); + bp = NULL; + } else { + bp = mbuf_Read(bp, fptr, bp->m_len); + PacketAliasSaveFragment(fptr); + log_Printf(LogDEBUG, "Store another frag (%lu) - now %d\n", + (unsigned long)((struct ip *)fptr)->ip_id, ++gfrags); + } break; case PKT_ALIAS_FOUND_HEADER_FRAGMENT: diff --git a/usr.sbin/ppp/ppp/physical.c b/usr.sbin/ppp/ppp/physical.c index e5af91676d2..9b4d85eb149 100644 --- a/usr.sbin/ppp/ppp/physical.c +++ b/usr.sbin/ppp/ppp/physical.c @@ -16,7 +16,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $OpenBSD: physical.c,v 1.36 2002/06/15 08:02:01 brian Exp $ + * $OpenBSD: physical.c,v 1.37 2005/07/06 13:56:00 brad Exp $ * */ @@ -35,6 +35,7 @@ #include <string.h> #include <sys/tty.h> /* TIOCOUTQ */ #include <sys/uio.h> +#include <sysexits.h> #include <time.h> #include <unistd.h> #include <utmp.h> @@ -84,6 +85,7 @@ #include "prompt.h" #include "chat.h" #include "auth.h" +#include "main.h" #include "chap.h" #include "cbcp.h" #include "datalink.h" @@ -722,7 +724,10 @@ physical2iov(struct physical *p, struct iovec *iov, int *niov, int maxiov, if (h && h->device2iov) (*h->device2iov)(h, iov, niov, maxiov, auxfd, nauxfd); else { - iov[*niov].iov_base = malloc(sz); + if ((iov[*niov].iov_base = malloc(sz)) == NULL) { + log_Printf(LogALERT, "physical2iov: Out of memory (%d bytes)\n", sz); + AbortProgram(EX_OSERR); + } if (h) memcpy(iov[*niov].iov_base, h, sizeof *h); iov[*niov].iov_len = sz; diff --git a/usr.sbin/ppp/ppp/radius.c b/usr.sbin/ppp/ppp/radius.c index 31bf41ebb63..881011497ef 100644 --- a/usr.sbin/ppp/ppp/radius.c +++ b/usr.sbin/ppp/ppp/radius.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: radius.c,v 1.24 2003/08/06 21:08:08 millert Exp $ + * $OpenBSD: radius.c,v 1.25 2005/07/06 13:56:00 brad Exp $ * */ @@ -210,8 +210,11 @@ demangle(struct radius *r, const void *mangled, size_t mlen, return; } - *buf = malloc(*len); - memcpy(*buf, P + 1, *len); + if ((*buf = malloc(*len)) == NULL) { + log_Printf(LogWARN, "demangle: Out of memory (%lu bytes)\n", (u_long)*len); + *len = 0; + } else + memcpy(*buf, P + 1, *len); } #endif diff --git a/usr.sbin/ppp/ppp/route.c b/usr.sbin/ppp/ppp/route.c index 65fa4b995c5..51c88382c3f 100644 --- a/usr.sbin/ppp/ppp/route.c +++ b/usr.sbin/ppp/ppp/route.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: route.c,v 1.30 2005/01/20 14:58:14 markus Exp $ + * $OpenBSD: route.c,v 1.31 2005/07/06 13:56:00 brad Exp $ */ #include <sys/param.h> @@ -277,10 +277,15 @@ Index2Nam(int idx) } if (ifs[ifm->ifm_index-1] == NULL) { ifs[ifm->ifm_index-1] = (char *)malloc(dl->sdl_nlen+1); - memcpy(ifs[ifm->ifm_index-1], dl->sdl_data, dl->sdl_nlen); - ifs[ifm->ifm_index-1][dl->sdl_nlen] = '\0'; - if (route_nifs < ifm->ifm_index) - route_nifs = ifm->ifm_index; + if (ifs[ifm->ifm_index-1] == NULL) + log_Printf(LogDEBUG, "Skipping interface %d: Out of memory\n", + ifm->ifm_index); + else { + memcpy(ifs[ifm->ifm_index-1], dl->sdl_data, dl->sdl_nlen); + ifs[ifm->ifm_index-1][dl->sdl_nlen] = '\0'; + if (route_nifs < ifm->ifm_index) + route_nifs = ifm->ifm_index; + } } } else if (log_IsKept(LogDEBUG)) log_Printf(LogDEBUG, "Skipping out-of-range interface %d!\n", |