From fb00aab954e0483b6b03b584ff7e684cb31df938 Mon Sep 17 00:00:00 2001 From: brian Date: Mon, 11 Oct 2004 09:45:58 +0000 Subject: [PATCH] Add a bunch of malloc() return checks PR: 71592 Submitted by: Dan Lukes with further changes --- usr.sbin/ppp/ccp.c | 6 +++++- usr.sbin/ppp/chat.c | 7 ++++--- usr.sbin/ppp/command.c | 2 +- usr.sbin/ppp/datalink.c | 20 ++++++++++++++------ usr.sbin/ppp/datalink.h | 1 - usr.sbin/ppp/nat_cmd.c | 16 +++++++++++----- usr.sbin/ppp/physical.c | 7 ++++++- usr.sbin/ppp/radius.c | 7 +++++-- usr.sbin/ppp/route.c | 20 +++++++++++++++----- 9 files changed, 61 insertions(+), 25 deletions(-) diff --git a/usr.sbin/ppp/ccp.c b/usr.sbin/ppp/ccp.c index 2ec2ca2e902b..f5bbf0c39c24 100644 --- a/usr.sbin/ppp/ccp.c +++ b/usr.sbin/ppp/ccp.c @@ -366,7 +366,11 @@ CcpSendConfigReq(struct fsm *fp) break; if (alloc || *o == NULL) { - *o = (struct ccp_opt *)malloc(sizeof(struct ccp_opt)); + if ((*o = (struct ccp_opt *)malloc(sizeof(struct ccp_opt))) == NULL) { + log_Printf(LogERROR, "%s: Not enough memory for CCP REQ !\n", + fp->link->name); + break; + } (*o)->val.hdr.id = algorithm[f]->id; (*o)->val.hdr.len = 2; (*o)->next = NULL; diff --git a/usr.sbin/ppp/chat.c b/usr.sbin/ppp/chat.c index 7e2748719274..04b267929780 100644 --- a/usr.sbin/ppp/chat.c +++ b/usr.sbin/ppp/chat.c @@ -243,9 +243,10 @@ chat_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n) break; } c->abort.string[i].len = len; - c->abort.string[i].data = (char *)malloc(len+1); - memcpy(c->abort.string[i].data, c->exp+2, len+1); - c->abort.num++; + if ((c->abort.string[i].data = (char *)malloc(len+1)) != NULL) { + memcpy(c->abort.string[i].data, c->exp+2, len+1); + c->abort.num++; + } } else log_Printf(LogERROR, "chat_UpdateSet: too many abort strings\n"); gotabort = 0; diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c index 3703958b8038..7f30097e7057 100644 --- a/usr.sbin/ppp/command.c +++ b/usr.sbin/ppp/command.c @@ -167,7 +167,7 @@ #define NEG_MPPE 54 #define NEG_CHAP81 55 -const char Version[] = "3.3"; +const char Version[] = "3.4"; static int ShowCommand(struct cmdargs const *); static int TerminalCommand(struct cmdargs const *); diff --git a/usr.sbin/ppp/datalink.c b/usr.sbin/ppp/datalink.c index c55420238e0b..d47b11aa2154 100644 --- a/usr.sbin/ppp/datalink.c +++ b/usr.sbin/ppp/datalink.c @@ -80,6 +80,7 @@ static void datalink_LoginDone(struct datalink *); static void datalink_NewState(struct datalink *, unsigned); +static char *datalink_NextName(struct datalink *); static void datalink_OpenTimeout(void *v) @@ -1293,7 +1294,7 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov, { struct datalink *dl, *cdl; struct fsm_retry copy; - char *oname; + char *oname, *pname; dl = (struct datalink *)iov[(*niov)++].iov_base; dl->name = iov[*niov].iov_base; @@ -1309,10 +1310,14 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov, do { for (cdl = bundle->links; cdl; cdl = cdl->next) if (!strcasecmp(dl->name, cdl->name)) { - if (oname) - free(datalink_NextName(dl)); + if ((pname = datalink_NextName(dl)) == NULL) { + for ((*niov)--; *niov < maxiov; (*niov)++) + free(iov[*niov].iov_base); + return NULL; + } else if (oname) + free(pname); else - oname = datalink_NextName(dl); + oname = pname; break; /* Keep renaming 'till we have no conflicts */ } } while (cdl); @@ -1424,14 +1429,17 @@ datalink_Rename(struct datalink *dl, const char *name) dl->physical->link.name = dl->name = strdup(name); } -char * +static char * datalink_NextName(struct datalink *dl) { int f, n; char *name, *oname; n = strlen(dl->name); - name = (char *)malloc(n+3); + if ((name = (char *)malloc(n+3)) == NULL) { + log_Printf(LogERROR, "datalink_NextName: Out of memory !\n"); + return NULL; + } for (f = n - 1; f >= 0; f--) if (!isdigit(dl->name[f])) break; diff --git a/usr.sbin/ppp/datalink.h b/usr.sbin/ppp/datalink.h index 060063d16ebb..6fd7e9b878fe 100644 --- a/usr.sbin/ppp/datalink.h +++ b/usr.sbin/ppp/datalink.h @@ -148,7 +148,6 @@ extern int datalink_SetRedial(struct cmdargs const *); extern int datalink_SetReconnect(struct cmdargs const *); extern const char *datalink_State(struct datalink *); extern void datalink_Rename(struct datalink *, const char *); -extern char *datalink_NextName(struct datalink *); extern int datalink_RemoveFromSet(struct datalink *, fd_set *, fd_set *, fd_set *); extern int datalink_SetMode(struct datalink *, int); diff --git a/usr.sbin/ppp/nat_cmd.c b/usr.sbin/ppp/nat_cmd.c index 03881684033d..4e764641e4cb 100644 --- a/usr.sbin/ppp/nat_cmd.c +++ b/usr.sbin/ppp/nat_cmd.c @@ -543,11 +543,17 @@ nat_LayerPull(struct bundle *bundle, struct link *l __unused, struct mbuf *bp, case PKT_ALIAS_UNRESOLVED_FRAGMENT: /* Save the data for later */ - fptr = malloc(bp->m_len); - bp = mbuf_Read(bp, fptr, bp->m_len); - PacketAliasSaveFragment(fptr); - log_Printf(LogDEBUG, "Store another frag (%lu) - now %d\n", - (unsigned long)((struct ip *)fptr)->ip_id, ++gfrags); + if ((fptr = malloc(bp->m_len)) == NULL) { + log_Printf(LogWARN, "nat_LayerPull: Dropped unresolved fragment -" + " out of memory!\n"); + m_freem(bp); + bp = NULL; + } else { + bp = mbuf_Read(bp, fptr, bp->m_len); + PacketAliasSaveFragment(fptr); + log_Printf(LogDEBUG, "Store another frag (%lu) - now %d\n", + (unsigned long)((struct ip *)fptr)->ip_id, ++gfrags); + } break; case PKT_ALIAS_FOUND_HEADER_FRAGMENT: diff --git a/usr.sbin/ppp/physical.c b/usr.sbin/ppp/physical.c index ffe7b2fb44bc..a96c1bace79a 100644 --- a/usr.sbin/ppp/physical.c +++ b/usr.sbin/ppp/physical.c @@ -39,6 +39,7 @@ #include #include /* TIOCOUTQ */ #include +#include #include #include #include @@ -88,6 +89,7 @@ #include "prompt.h" #include "chat.h" #include "auth.h" +#include "main.h" #include "chap.h" #include "cbcp.h" #include "datalink.h" @@ -736,7 +738,10 @@ physical2iov(struct physical *p, struct iovec *iov, int *niov, int maxiov, if (h && h->device2iov) (*h->device2iov)(h, iov, niov, maxiov, auxfd, nauxfd); else { - iov[*niov].iov_base = malloc(sz); + if ((iov[*niov].iov_base = malloc(sz)) == NULL) { + log_Printf(LogALERT, "physical2iov: Out of memory (%d bytes)\n", sz); + AbortProgram(EX_OSERR); + } if (h) memcpy(iov[*niov].iov_base, h, sizeof *h); iov[*niov].iov_len = sz; diff --git a/usr.sbin/ppp/radius.c b/usr.sbin/ppp/radius.c index 2c7f7fd0f9ca..18ba57dc7841 100644 --- a/usr.sbin/ppp/radius.c +++ b/usr.sbin/ppp/radius.c @@ -212,8 +212,11 @@ demangle(struct radius *r, const void *mangled, size_t mlen, return; } - *buf = malloc(*len); - memcpy(*buf, P + 1, *len); + if ((*buf = malloc(*len)) == NULL) { + log_Printf(LogWARN, "demangle: Out of memory (%lu bytes)\n", (u_long)*len); + *len = 0; + } else + memcpy(*buf, P + 1, *len); } #endif diff --git a/usr.sbin/ppp/route.c b/usr.sbin/ppp/route.c index 9186b34df2b2..375670ef709b 100644 --- a/usr.sbin/ppp/route.c +++ b/usr.sbin/ppp/route.c @@ -278,10 +278,15 @@ Index2Nam(int idx) } if (ifs[ifm->ifm_index-1] == NULL) { ifs[ifm->ifm_index-1] = (char *)malloc(dl->sdl_nlen+1); - memcpy(ifs[ifm->ifm_index-1], dl->sdl_data, dl->sdl_nlen); - ifs[ifm->ifm_index-1][dl->sdl_nlen] = '\0'; - if (route_nifs < ifm->ifm_index) - route_nifs = ifm->ifm_index; + if (ifs[ifm->ifm_index-1] == NULL) + log_Printf(LogDEBUG, "Skipping interface %d: Out of memory\n", + ifm->ifm_index); + else { + memcpy(ifs[ifm->ifm_index-1], dl->sdl_data, dl->sdl_nlen); + ifs[ifm->ifm_index-1][dl->sdl_nlen] = '\0'; + if (route_nifs < ifm->ifm_index) + route_nifs = ifm->ifm_index; + } } } else if (log_IsKept(LogDEBUG)) log_Printf(LogDEBUG, "Skipping out-of-range interface %d!\n", @@ -612,8 +617,13 @@ route_Add(struct sticky_route **rp, int type, const struct ncprange *dst, rp = &(*rp)->next; } - if (!r) + if (r == NULL) { r = (struct sticky_route *)malloc(sizeof(struct sticky_route)); + if (r == NULL) { + log_Printf(LogERROR, "route_Add: Out of memory!\n"); + return; + } + } r->type = type; r->next = NULL; ncprange_copy(&r->dst, dst);