summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbrian <brian@FreeBSD.org>2004-10-11 09:45:58 +0000
committerbrian <brian@FreeBSD.org>2004-10-11 09:45:58 +0000
commitfb00aab954e0483b6b03b584ff7e684cb31df938 (patch)
tree3639860937ba7fdc883bbc6b4968e1c1e97bbc2b
parent5d60192ca70f44f0e6653255811355c5ab39757a (diff)
downloadFreeBSD-src-fb00aab954e0483b6b03b584ff7e684cb31df938.zip
FreeBSD-src-fb00aab954e0483b6b03b584ff7e684cb31df938.tar.gz
Add a bunch of malloc() return checks
PR: 71592 Submitted by: Dan Lukes <dan@obluda.cz> with further changes
-rw-r--r--usr.sbin/ppp/ccp.c6
-rw-r--r--usr.sbin/ppp/chat.c7
-rw-r--r--usr.sbin/ppp/command.c2
-rw-r--r--usr.sbin/ppp/datalink.c20
-rw-r--r--usr.sbin/ppp/datalink.h1
-rw-r--r--usr.sbin/ppp/nat_cmd.c16
-rw-r--r--usr.sbin/ppp/physical.c7
-rw-r--r--usr.sbin/ppp/radius.c7
-rw-r--r--usr.sbin/ppp/route.c20
9 files changed, 61 insertions, 25 deletions
diff --git a/usr.sbin/ppp/ccp.c b/usr.sbin/ppp/ccp.c
index 2ec2ca2..f5bbf0c 100644
--- a/usr.sbin/ppp/ccp.c
+++ b/usr.sbin/ppp/ccp.c
@@ -366,7 +366,11 @@ CcpSendConfigReq(struct fsm *fp)
break;
if (alloc || *o == NULL) {
- *o = (struct ccp_opt *)malloc(sizeof(struct ccp_opt));
+ if ((*o = (struct ccp_opt *)malloc(sizeof(struct ccp_opt))) == NULL) {
+ log_Printf(LogERROR, "%s: Not enough memory for CCP REQ !\n",
+ fp->link->name);
+ break;
+ }
(*o)->val.hdr.id = algorithm[f]->id;
(*o)->val.hdr.len = 2;
(*o)->next = NULL;
diff --git a/usr.sbin/ppp/chat.c b/usr.sbin/ppp/chat.c
index 7e27487..04b2679 100644
--- a/usr.sbin/ppp/chat.c
+++ b/usr.sbin/ppp/chat.c
@@ -243,9 +243,10 @@ chat_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n)
break;
}
c->abort.string[i].len = len;
- c->abort.string[i].data = (char *)malloc(len+1);
- memcpy(c->abort.string[i].data, c->exp+2, len+1);
- c->abort.num++;
+ if ((c->abort.string[i].data = (char *)malloc(len+1)) != NULL) {
+ memcpy(c->abort.string[i].data, c->exp+2, len+1);
+ c->abort.num++;
+ }
} else
log_Printf(LogERROR, "chat_UpdateSet: too many abort strings\n");
gotabort = 0;
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c
index 3703958..7f30097 100644
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@@ -167,7 +167,7 @@
#define NEG_MPPE 54
#define NEG_CHAP81 55
-const char Version[] = "3.3";
+const char Version[] = "3.4";
static int ShowCommand(struct cmdargs const *);
static int TerminalCommand(struct cmdargs const *);
diff --git a/usr.sbin/ppp/datalink.c b/usr.sbin/ppp/datalink.c
index c554202..d47b11a 100644
--- a/usr.sbin/ppp/datalink.c
+++ b/usr.sbin/ppp/datalink.c
@@ -80,6 +80,7 @@
static void datalink_LoginDone(struct datalink *);
static void datalink_NewState(struct datalink *, unsigned);
+static char *datalink_NextName(struct datalink *);
static void
datalink_OpenTimeout(void *v)
@@ -1293,7 +1294,7 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov,
{
struct datalink *dl, *cdl;
struct fsm_retry copy;
- char *oname;
+ char *oname, *pname;
dl = (struct datalink *)iov[(*niov)++].iov_base;
dl->name = iov[*niov].iov_base;
@@ -1309,10 +1310,14 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov,
do {
for (cdl = bundle->links; cdl; cdl = cdl->next)
if (!strcasecmp(dl->name, cdl->name)) {
- if (oname)
- free(datalink_NextName(dl));
+ if ((pname = datalink_NextName(dl)) == NULL) {
+ for ((*niov)--; *niov < maxiov; (*niov)++)
+ free(iov[*niov].iov_base);
+ return NULL;
+ } else if (oname)
+ free(pname);
else
- oname = datalink_NextName(dl);
+ oname = pname;
break; /* Keep renaming 'till we have no conflicts */
}
} while (cdl);
@@ -1424,14 +1429,17 @@ datalink_Rename(struct datalink *dl, const char *name)
dl->physical->link.name = dl->name = strdup(name);
}
-char *
+static char *
datalink_NextName(struct datalink *dl)
{
int f, n;
char *name, *oname;
n = strlen(dl->name);
- name = (char *)malloc(n+3);
+ if ((name = (char *)malloc(n+3)) == NULL) {
+ log_Printf(LogERROR, "datalink_NextName: Out of memory !\n");
+ return NULL;
+ }
for (f = n - 1; f >= 0; f--)
if (!isdigit(dl->name[f]))
break;
diff --git a/usr.sbin/ppp/datalink.h b/usr.sbin/ppp/datalink.h
index 060063d..6fd7e9b 100644
--- a/usr.sbin/ppp/datalink.h
+++ b/usr.sbin/ppp/datalink.h
@@ -148,7 +148,6 @@ extern int datalink_SetRedial(struct cmdargs const *);
extern int datalink_SetReconnect(struct cmdargs const *);
extern const char *datalink_State(struct datalink *);
extern void datalink_Rename(struct datalink *, const char *);
-extern char *datalink_NextName(struct datalink *);
extern int datalink_RemoveFromSet(struct datalink *, fd_set *, fd_set *,
fd_set *);
extern int datalink_SetMode(struct datalink *, int);
diff --git a/usr.sbin/ppp/nat_cmd.c b/usr.sbin/ppp/nat_cmd.c
index 0388168..4e76464 100644
--- a/usr.sbin/ppp/nat_cmd.c
+++ b/usr.sbin/ppp/nat_cmd.c
@@ -543,11 +543,17 @@ nat_LayerPull(struct bundle *bundle, struct link *l __unused, struct mbuf *bp,
case PKT_ALIAS_UNRESOLVED_FRAGMENT:
/* Save the data for later */
- fptr = malloc(bp->m_len);
- bp = mbuf_Read(bp, fptr, bp->m_len);
- PacketAliasSaveFragment(fptr);
- log_Printf(LogDEBUG, "Store another frag (%lu) - now %d\n",
- (unsigned long)((struct ip *)fptr)->ip_id, ++gfrags);
+ if ((fptr = malloc(bp->m_len)) == NULL) {
+ log_Printf(LogWARN, "nat_LayerPull: Dropped unresolved fragment -"
+ " out of memory!\n");
+ m_freem(bp);
+ bp = NULL;
+ } else {
+ bp = mbuf_Read(bp, fptr, bp->m_len);
+ PacketAliasSaveFragment(fptr);
+ log_Printf(LogDEBUG, "Store another frag (%lu) - now %d\n",
+ (unsigned long)((struct ip *)fptr)->ip_id, ++gfrags);
+ }
break;
case PKT_ALIAS_FOUND_HEADER_FRAGMENT:
diff --git a/usr.sbin/ppp/physical.c b/usr.sbin/ppp/physical.c
index ffe7b2f..a96c1ba 100644
--- a/usr.sbin/ppp/physical.c
+++ b/usr.sbin/ppp/physical.c
@@ -39,6 +39,7 @@
#include <string.h>
#include <sys/tty.h> /* TIOCOUTQ */
#include <sys/uio.h>
+#include <sysexits.h>
#include <time.h>
#include <unistd.h>
#include <utmp.h>
@@ -88,6 +89,7 @@
#include "prompt.h"
#include "chat.h"
#include "auth.h"
+#include "main.h"
#include "chap.h"
#include "cbcp.h"
#include "datalink.h"
@@ -736,7 +738,10 @@ physical2iov(struct physical *p, struct iovec *iov, int *niov, int maxiov,
if (h && h->device2iov)
(*h->device2iov)(h, iov, niov, maxiov, auxfd, nauxfd);
else {
- iov[*niov].iov_base = malloc(sz);
+ if ((iov[*niov].iov_base = malloc(sz)) == NULL) {
+ log_Printf(LogALERT, "physical2iov: Out of memory (%d bytes)\n", sz);
+ AbortProgram(EX_OSERR);
+ }
if (h)
memcpy(iov[*niov].iov_base, h, sizeof *h);
iov[*niov].iov_len = sz;
diff --git a/usr.sbin/ppp/radius.c b/usr.sbin/ppp/radius.c
index 2c7f7fd..18ba57d 100644
--- a/usr.sbin/ppp/radius.c
+++ b/usr.sbin/ppp/radius.c
@@ -212,8 +212,11 @@ demangle(struct radius *r, const void *mangled, size_t mlen,
return;
}
- *buf = malloc(*len);
- memcpy(*buf, P + 1, *len);
+ if ((*buf = malloc(*len)) == NULL) {
+ log_Printf(LogWARN, "demangle: Out of memory (%lu bytes)\n", (u_long)*len);
+ *len = 0;
+ } else
+ memcpy(*buf, P + 1, *len);
}
#endif
diff --git a/usr.sbin/ppp/route.c b/usr.sbin/ppp/route.c
index 9186b34..375670e 100644
--- a/usr.sbin/ppp/route.c
+++ b/usr.sbin/ppp/route.c
@@ -278,10 +278,15 @@ Index2Nam(int idx)
}
if (ifs[ifm->ifm_index-1] == NULL) {
ifs[ifm->ifm_index-1] = (char *)malloc(dl->sdl_nlen+1);
- memcpy(ifs[ifm->ifm_index-1], dl->sdl_data, dl->sdl_nlen);
- ifs[ifm->ifm_index-1][dl->sdl_nlen] = '\0';
- if (route_nifs < ifm->ifm_index)
- route_nifs = ifm->ifm_index;
+ if (ifs[ifm->ifm_index-1] == NULL)
+ log_Printf(LogDEBUG, "Skipping interface %d: Out of memory\n",
+ ifm->ifm_index);
+ else {
+ memcpy(ifs[ifm->ifm_index-1], dl->sdl_data, dl->sdl_nlen);
+ ifs[ifm->ifm_index-1][dl->sdl_nlen] = '\0';
+ if (route_nifs < ifm->ifm_index)
+ route_nifs = ifm->ifm_index;
+ }
}
} else if (log_IsKept(LogDEBUG))
log_Printf(LogDEBUG, "Skipping out-of-range interface %d!\n",
@@ -612,8 +617,13 @@ route_Add(struct sticky_route **rp, int type, const struct ncprange *dst,
rp = &(*rp)->next;
}
- if (!r)
+ if (r == NULL) {
r = (struct sticky_route *)malloc(sizeof(struct sticky_route));
+ if (r == NULL) {
+ log_Printf(LogERROR, "route_Add: Out of memory!\n");
+ return;
+ }
+ }
r->type = type;
r->next = NULL;
ncprange_copy(&r->dst, dst);
OpenPOWER on IntegriCloud