diff options
author | Bill Parker <wp02855@gmail.com> | 2013-07-17 15:30:35 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2013-07-17 16:12:19 -0700 |
commit | 9b58da986680a92b350f02cd31ff64f30fecd07c (patch) | |
tree | 3a9bd6255f1f1c06f8812fd68f1be984add69ea0 /lib | |
parent | 9b2aa351ceb756d6ea63f3158f0e983ae7262da8 (diff) | |
download | samba-9b58da986680a92b350f02cd31ff64f30fecd07c.tar.gz samba-9b58da986680a92b350f02cd31ff64f30fecd07c.tar.bz2 samba-9b58da986680a92b350f02cd31ff64f30fecd07c.zip |
Fix bug 10025 - Lack of Sanity Checking in calls to malloc()/calloc().
In reviewing various files in Samba-4.0.7, I found a number
of instances where malloc()/calloc() were called without the
checking the return value for a value of NULL, which would
indicate failure.
(NB. The changes needed to ccan, iniparser, popt and heimdal
will be reported upstream, not patched inside Samba).
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Source <idra@samba.org>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ntdb/tools/growtdb-bench.c | 16 | ||||
-rw-r--r-- | lib/ntdb/tools/ntdbtorture.c | 4 | ||||
-rw-r--r-- | lib/replace/getifaddrs.c | 29 | ||||
-rw-r--r-- | lib/tdb/test/run-transaction-expand.c | 5 | ||||
-rw-r--r-- | lib/tdb/tools/tdbtorture.c | 8 |
5 files changed, 62 insertions, 0 deletions
diff --git a/lib/ntdb/tools/growtdb-bench.c b/lib/ntdb/tools/growtdb-bench.c index 640f87af5a..aa5a406a54 100644 --- a/lib/ntdb/tools/growtdb-bench.c +++ b/lib/ntdb/tools/growtdb-bench.c @@ -48,12 +48,24 @@ int main(int argc, char *argv[]) idxkey.dsize = strlen("User index"); idxdata.dsize = 51; idxdata.dptr = calloc(idxdata.dsize, 1); + if (idxdata.dptr == NULL) { + fprintf(stderr, "Unable to allocate memory for idxdata.dptr\n"); + return -1; + } /* Create users. */ k.dsize = 48; k.dptr = calloc(k.dsize, 1); + if (k.dptr == NULL) { + fprintf(stderr, "Unable to allocate memory for k.dptr\n"); + return -1; + } d.dsize = 64; d.dptr = calloc(d.dsize, 1); + if (d.dptr == NULL) { + fprintf(stderr, "Unable to allocate memory for d.dptr\n"); + return -1; + } ntdb_transaction_start(ntdb); for (i = 0; i < users; i++) { @@ -79,6 +91,10 @@ int main(int argc, char *argv[]) * a group. */ gk.dsize = 48; gk.dptr = calloc(k.dsize, 1); + if (gk.dptr == NULL) { + fprintf(stderr, "Unable to allocate memory for gk.dptr\n"); + return -1; + } gk.dptr[gk.dsize-1] = 1; d.dsize = 32; diff --git a/lib/ntdb/tools/ntdbtorture.c b/lib/ntdb/tools/ntdbtorture.c index 3bcf3200f2..7ddb5c3acb 100644 --- a/lib/ntdb/tools/ntdbtorture.c +++ b/lib/ntdb/tools/ntdbtorture.c @@ -96,6 +96,10 @@ static char *randbuf(int len) char *buf; int i; buf = (char *)malloc(len+1); + if (buf == NULL) { + perror("randbuf: unable to allocate memory for buffer.\n"); + exit(1); + } for (i=0;i<len;i++) { buf[i] = 'a' + (rand() % 26); diff --git a/lib/replace/getifaddrs.c b/lib/replace/getifaddrs.c index 8da022f270..f07d7005e4 100644 --- a/lib/replace/getifaddrs.c +++ b/lib/replace/getifaddrs.c @@ -113,11 +113,23 @@ int rep_getifaddrs(struct ifaddrs **ifap) for (i=n-1; i>=0; i--) { if (ioctl(fd, SIOCGIFFLAGS, &ifr[i]) == -1) { freeifaddrs(*ifap); + close(fd); return -1; } curif = calloc(1, sizeof(struct ifaddrs)); + if (curif == NULL) { + freeifaddrs(*ifap); + close(fd); + return -1; + } curif->ifa_name = strdup(ifr[i].ifr_name); + if (curif->ifa_name == NULL) { + free(curif); + freeifaddrs(*ifap); + close(fd); + return -1; + } curif->ifa_flags = ifr[i].ifr_flags; curif->ifa_dstaddr = NULL; curif->ifa_data = NULL; @@ -126,11 +138,28 @@ int rep_getifaddrs(struct ifaddrs **ifap) curif->ifa_addr = NULL; if (ioctl(fd, SIOCGIFADDR, &ifr[i]) != -1) { curif->ifa_addr = sockaddr_dup(&ifr[i].ifr_addr); + if (curif->ifa_addr == NULL) { + free(curif->ifa_name); + free(curif); + freeifaddrs(*ifap); + close(fd); + return -1; + } } curif->ifa_netmask = NULL; if (ioctl(fd, SIOCGIFNETMASK, &ifr[i]) != -1) { curif->ifa_netmask = sockaddr_dup(&ifr[i].ifr_addr); + if (curif->ifa_netmask == NULL) { + if (curif->ifa_addr != NULL) { + free(curif->ifa_addr); + } + free(curif->ifa_name); + free(curif); + freeifaddrs(*ifap); + close(fd); + return -1; + } } if (lastif == NULL) { diff --git a/lib/tdb/test/run-transaction-expand.c b/lib/tdb/test/run-transaction-expand.c index 1271d92b33..d62c76a88c 100644 --- a/lib/tdb/test/run-transaction-expand.c +++ b/lib/tdb/test/run-transaction-expand.c @@ -73,6 +73,11 @@ int main(int argc, char *argv[]) data.dsize = 0; data.dptr = calloc(1000, getpagesize()); + if (data.dptr == NULL) { + diag("Unable to allocate memory for data.dptr"); + tdb_close(tdb); + exit(1); + } /* Simulate a slowly growing record. */ for (i = 0; i < 1000; i++) diff --git a/lib/tdb/tools/tdbtorture.c b/lib/tdb/tools/tdbtorture.c index a23d1543e5..5ae08f662a 100644 --- a/lib/tdb/tools/tdbtorture.c +++ b/lib/tdb/tools/tdbtorture.c @@ -342,7 +342,15 @@ int main(int argc, char * const *argv) } pids = (pid_t *)calloc(sizeof(pid_t), num_procs); + if (pids == NULL) { + perror("Unable to allocate memory for pids"); + exit(1); + } done = (int *)calloc(sizeof(int), num_procs); + if (done == NULL) { + perror("Unable to allocate memory for done"); + exit(1); + } if (pipe(pfds) != 0) { perror("Creating pipe"); |