summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBill Parker <wp02855@gmail.com>2013-07-17 15:30:35 -0700
committerJeremy Allison <jra@samba.org>2013-07-17 16:12:19 -0700
commit9b58da986680a92b350f02cd31ff64f30fecd07c (patch)
tree3a9bd6255f1f1c06f8812fd68f1be984add69ea0
parent9b2aa351ceb756d6ea63f3158f0e983ae7262da8 (diff)
downloadsamba-9b58da986680a92b350f02cd31ff64f30fecd07c.tar.gz
samba-9b58da986680a92b350f02cd31ff64f30fecd07c.tar.bz2
samba-9b58da986680a92b350f02cd31ff64f30fecd07c.zip
Fix bug 10025 - Lack of Sanity Checking in calls to malloc()/calloc().
In reviewing various files in Samba-4.0.7, I found a number of instances where malloc()/calloc() were called without the checking the return value for a value of NULL, which would indicate failure. (NB. The changes needed to ccan, iniparser, popt and heimdal will be reported upstream, not patched inside Samba). Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Source <idra@samba.org>
-rw-r--r--lib/ntdb/tools/growtdb-bench.c16
-rw-r--r--lib/ntdb/tools/ntdbtorture.c4
-rw-r--r--lib/replace/getifaddrs.c29
-rw-r--r--lib/tdb/test/run-transaction-expand.c5
-rw-r--r--lib/tdb/tools/tdbtorture.c8
-rw-r--r--nsswitch/nsstest.c4
-rw-r--r--source4/librpc/rpc/pyrpc_util.c3
-rw-r--r--source4/torture/gentest.c8
8 files changed, 77 insertions, 0 deletions
diff --git a/lib/ntdb/tools/growtdb-bench.c b/lib/ntdb/tools/growtdb-bench.c
index 640f87af5a..aa5a406a54 100644
--- a/lib/ntdb/tools/growtdb-bench.c
+++ b/lib/ntdb/tools/growtdb-bench.c
@@ -48,12 +48,24 @@ int main(int argc, char *argv[])
idxkey.dsize = strlen("User index");
idxdata.dsize = 51;
idxdata.dptr = calloc(idxdata.dsize, 1);
+ if (idxdata.dptr == NULL) {
+ fprintf(stderr, "Unable to allocate memory for idxdata.dptr\n");
+ return -1;
+ }
/* Create users. */
k.dsize = 48;
k.dptr = calloc(k.dsize, 1);
+ if (k.dptr == NULL) {
+ fprintf(stderr, "Unable to allocate memory for k.dptr\n");
+ return -1;
+ }
d.dsize = 64;
d.dptr = calloc(d.dsize, 1);
+ if (d.dptr == NULL) {
+ fprintf(stderr, "Unable to allocate memory for d.dptr\n");
+ return -1;
+ }
ntdb_transaction_start(ntdb);
for (i = 0; i < users; i++) {
@@ -79,6 +91,10 @@ int main(int argc, char *argv[])
* a group. */
gk.dsize = 48;
gk.dptr = calloc(k.dsize, 1);
+ if (gk.dptr == NULL) {
+ fprintf(stderr, "Unable to allocate memory for gk.dptr\n");
+ return -1;
+ }
gk.dptr[gk.dsize-1] = 1;
d.dsize = 32;
diff --git a/lib/ntdb/tools/ntdbtorture.c b/lib/ntdb/tools/ntdbtorture.c
index 3bcf3200f2..7ddb5c3acb 100644
--- a/lib/ntdb/tools/ntdbtorture.c
+++ b/lib/ntdb/tools/ntdbtorture.c
@@ -96,6 +96,10 @@ static char *randbuf(int len)
char *buf;
int i;
buf = (char *)malloc(len+1);
+ if (buf == NULL) {
+ perror("randbuf: unable to allocate memory for buffer.\n");
+ exit(1);
+ }
for (i=0;i<len;i++) {
buf[i] = 'a' + (rand() % 26);
diff --git a/lib/replace/getifaddrs.c b/lib/replace/getifaddrs.c
index 8da022f270..f07d7005e4 100644
--- a/lib/replace/getifaddrs.c
+++ b/lib/replace/getifaddrs.c
@@ -113,11 +113,23 @@ int rep_getifaddrs(struct ifaddrs **ifap)
for (i=n-1; i>=0; i--) {
if (ioctl(fd, SIOCGIFFLAGS, &ifr[i]) == -1) {
freeifaddrs(*ifap);
+ close(fd);
return -1;
}
curif = calloc(1, sizeof(struct ifaddrs));
+ if (curif == NULL) {
+ freeifaddrs(*ifap);
+ close(fd);
+ return -1;
+ }
curif->ifa_name = strdup(ifr[i].ifr_name);
+ if (curif->ifa_name == NULL) {
+ free(curif);
+ freeifaddrs(*ifap);
+ close(fd);
+ return -1;
+ }
curif->ifa_flags = ifr[i].ifr_flags;
curif->ifa_dstaddr = NULL;
curif->ifa_data = NULL;
@@ -126,11 +138,28 @@ int rep_getifaddrs(struct ifaddrs **ifap)
curif->ifa_addr = NULL;
if (ioctl(fd, SIOCGIFADDR, &ifr[i]) != -1) {
curif->ifa_addr = sockaddr_dup(&ifr[i].ifr_addr);
+ if (curif->ifa_addr == NULL) {
+ free(curif->ifa_name);
+ free(curif);
+ freeifaddrs(*ifap);
+ close(fd);
+ return -1;
+ }
}
curif->ifa_netmask = NULL;
if (ioctl(fd, SIOCGIFNETMASK, &ifr[i]) != -1) {
curif->ifa_netmask = sockaddr_dup(&ifr[i].ifr_addr);
+ if (curif->ifa_netmask == NULL) {
+ if (curif->ifa_addr != NULL) {
+ free(curif->ifa_addr);
+ }
+ free(curif->ifa_name);
+ free(curif);
+ freeifaddrs(*ifap);
+ close(fd);
+ return -1;
+ }
}
if (lastif == NULL) {
diff --git a/lib/tdb/test/run-transaction-expand.c b/lib/tdb/test/run-transaction-expand.c
index 1271d92b33..d62c76a88c 100644
--- a/lib/tdb/test/run-transaction-expand.c
+++ b/lib/tdb/test/run-transaction-expand.c
@@ -73,6 +73,11 @@ int main(int argc, char *argv[])
data.dsize = 0;
data.dptr = calloc(1000, getpagesize());
+ if (data.dptr == NULL) {
+ diag("Unable to allocate memory for data.dptr");
+ tdb_close(tdb);
+ exit(1);
+ }
/* Simulate a slowly growing record. */
for (i = 0; i < 1000; i++)
diff --git a/lib/tdb/tools/tdbtorture.c b/lib/tdb/tools/tdbtorture.c
index a23d1543e5..5ae08f662a 100644
--- a/lib/tdb/tools/tdbtorture.c
+++ b/lib/tdb/tools/tdbtorture.c
@@ -342,7 +342,15 @@ int main(int argc, char * const *argv)
}
pids = (pid_t *)calloc(sizeof(pid_t), num_procs);
+ if (pids == NULL) {
+ perror("Unable to allocate memory for pids");
+ exit(1);
+ }
done = (int *)calloc(sizeof(int), num_procs);
+ if (done == NULL) {
+ perror("Unable to allocate memory for done");
+ exit(1);
+ }
if (pipe(pfds) != 0) {
perror("Creating pipe");
diff --git a/nsswitch/nsstest.c b/nsswitch/nsstest.c
index 39d03424fa..4b3d0a4301 100644
--- a/nsswitch/nsstest.c
+++ b/nsswitch/nsstest.c
@@ -371,6 +371,10 @@ static void nss_test_initgroups(char *name, gid_t gid)
NSS_STATUS status;
groups = (gid_t *)malloc(sizeof(gid_t) * size);
+ if (groups == NULL) {
+ printf("Unable to allocate memory for groups\n");
+ return;
+ }
groups[0] = gid;
status = nss_initgroups(name, gid, &groups, &start, &size);
diff --git a/source4/librpc/rpc/pyrpc_util.c b/source4/librpc/rpc/pyrpc_util.c
index a000c76907..ab6caac8ff 100644
--- a/source4/librpc/rpc/pyrpc_util.c
+++ b/source4/librpc/rpc/pyrpc_util.c
@@ -246,6 +246,9 @@ bool PyInterface_AddNdrRpcMethods(PyTypeObject *ifacetype, const struct PyNdrRpc
PyObject *ret;
struct wrapperbase *wb = (struct wrapperbase *)calloc(sizeof(struct wrapperbase), 1);
+ if (wb == NULL) {
+ return false;
+ }
wb->name = discard_const_p(char, mds[i].name);
wb->flags = PyWrapperFlag_KEYWORDS;
wb->wrapper = (wrapperfunc)py_dcerpc_call_wrapper;
diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c
index 91b60e2c4e..f3c4c20e53 100644
--- a/source4/torture/gentest.c
+++ b/source4/torture/gentest.c
@@ -3068,9 +3068,17 @@ static bool start_gentest(struct tevent_context *ev,
/* allocate the open_handles array */
open_handles = calloc(options.max_open_handles, sizeof(open_handles[0]));
+ if (open_handles == NULL) {
+ printf("Unable to allocate memory for open_handles array.\n");
+ exit(1);
+ }
srandom(options.seed);
op_parms = calloc(options.numops, sizeof(op_parms[0]));
+ if (op_parms == NULL) {
+ printf("Unable to allocate memory for op_parms.\n");
+ exit(1);
+ }
/* generate the seeds - after this everything is deterministic */
if (options.use_preset_seeds) {