From 9b58da986680a92b350f02cd31ff64f30fecd07c Mon Sep 17 00:00:00 2001 From: Bill Parker Date: Wed, 17 Jul 2013 15:30:35 -0700 Subject: Fix bug 10025 - Lack of Sanity Checking in calls to malloc()/calloc(). In reviewing various files in Samba-4.0.7, I found a number of instances where malloc()/calloc() were called without the checking the return value for a value of NULL, which would indicate failure. (NB. The changes needed to ccan, iniparser, popt and heimdal will be reported upstream, not patched inside Samba). Reviewed-by: Jeremy Allison Reviewed-by: Simo Source --- lib/replace/getifaddrs.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'lib/replace') diff --git a/lib/replace/getifaddrs.c b/lib/replace/getifaddrs.c index 8da022f270..f07d7005e4 100644 --- a/lib/replace/getifaddrs.c +++ b/lib/replace/getifaddrs.c @@ -113,11 +113,23 @@ int rep_getifaddrs(struct ifaddrs **ifap) for (i=n-1; i>=0; i--) { if (ioctl(fd, SIOCGIFFLAGS, &ifr[i]) == -1) { freeifaddrs(*ifap); + close(fd); return -1; } curif = calloc(1, sizeof(struct ifaddrs)); + if (curif == NULL) { + freeifaddrs(*ifap); + close(fd); + return -1; + } curif->ifa_name = strdup(ifr[i].ifr_name); + if (curif->ifa_name == NULL) { + free(curif); + freeifaddrs(*ifap); + close(fd); + return -1; + } curif->ifa_flags = ifr[i].ifr_flags; curif->ifa_dstaddr = NULL; curif->ifa_data = NULL; @@ -126,11 +138,28 @@ int rep_getifaddrs(struct ifaddrs **ifap) curif->ifa_addr = NULL; if (ioctl(fd, SIOCGIFADDR, &ifr[i]) != -1) { curif->ifa_addr = sockaddr_dup(&ifr[i].ifr_addr); + if (curif->ifa_addr == NULL) { + free(curif->ifa_name); + free(curif); + freeifaddrs(*ifap); + close(fd); + return -1; + } } curif->ifa_netmask = NULL; if (ioctl(fd, SIOCGIFNETMASK, &ifr[i]) != -1) { curif->ifa_netmask = sockaddr_dup(&ifr[i].ifr_addr); + if (curif->ifa_netmask == NULL) { + if (curif->ifa_addr != NULL) { + free(curif->ifa_addr); + } + free(curif->ifa_name); + free(curif); + freeifaddrs(*ifap); + close(fd); + return -1; + } } if (lastif == NULL) { -- cgit