Bug 4284: missing sanity checks for malloc

author Amos Jeffries <squid3@treenet.co.nz>

Mon, 7 Sep 2015 17:44:33 +0000 (10:44 -0700)

committer Amos Jeffries <squid3@treenet.co.nz>

Mon, 7 Sep 2015 17:44:33 +0000 (10:44 -0700)
author Amos Jeffries <squid3@treenet.co.nz>
Mon, 7 Sep 2015 17:44:33 +0000 (10:44 -0700)
committer Amos Jeffries <squid3@treenet.co.nz>
Mon, 7 Sep 2015 17:44:33 +0000 (10:44 -0700)
diff --git a/helpers/basic_auth/LDAP/basic_ldap_auth.cc b/helpers/basic_auth/LDAP/basic_ldap_auth.cc

index e27ad5e2fc04732d5731a9e64ec207fcc1206a66..a3d69a3691ecb7dfa72d5b1037a651ece209ee56 100644 (file)
--- a/helpers/basic_auth/LDAP/basic_ldap_auth.cc
+++ b/helpers/basic_auth/LDAP/basic_ldap_auth.cc
@@ -392,7 +392,7 @@ main(int argc, char **argv)
          case 'h':
              if (ldapServer) {
                  int len = strlen(ldapServer) + 1 + strlen(value) + 1;
-                char *newhost = static_cast<char*>(malloc(len));
+                char *newhost = static_cast<char*>(xmalloc(len));
                  snprintf(newhost, len, "%s %s", ldapServer, value);
                  free(ldapServer);
                  ldapServer = newhost;
@@ -512,7 +512,7 @@ main(int argc, char **argv)
          char *value = argv[1];
          if (ldapServer) {
              int len = strlen(ldapServer) + 1 + strlen(value) + 1;
-            char *newhost = static_cast<char*>(malloc(len));
+            char *newhost = static_cast<char*>(xmalloc(len));
              snprintf(newhost, len, "%s %s", ldapServer, value);
              free(ldapServer);
              ldapServer = newhost;
diff --git a/helpers/basic_auth/SMB/basic_smb_auth.cc b/helpers/basic_auth/SMB/basic_smb_auth.cc

index 4f29137239209bc91d099e87ac6884037502b0a3..cf048919b11918f1f2208a3d6df51bd356a59c57 100644 (file)
--- a/helpers/basic_auth/SMB/basic_smb_auth.cc
+++ b/helpers/basic_auth/SMB/basic_smb_auth.cc
@@ -111,8 +111,7 @@ main(int argc, char *argv[])
              break;
  
          if (strcmp(argv[i], "-W") == 0) {
-            if ((dom = (struct SMBDOMAIN *) malloc(sizeof(struct SMBDOMAIN))) == NULL)
-                return 1;
+            dom = static_cast<struct SMBDOMAIN *>(xmalloc(sizeof(struct SMBDOMAIN)));
  
              dom->name = dom->sname = argv[++i];
              dom->passthrough = "";
diff --git a/helpers/digest_auth/LDAP/ldap_backend.cc b/helpers/digest_auth/LDAP/ldap_backend.cc

index 256083789d7fffacf03f4d1952c75588c5cf9ff1..407279df406e3ed4c76832f651b16050d06648af 100644 (file)
--- a/helpers/digest_auth/LDAP/ldap_backend.cc
+++ b/helpers/digest_auth/LDAP/ldap_backend.cc
@@ -434,7 +434,7 @@ LDAPArguments(int argc, char **argv)
          case 'h':
              if (ldapServer) {
                  int len = strlen(ldapServer) + 1 + strlen(value) + 1;
-                char *newhost = (char*)malloc(len);
+                char *newhost = static_cast<char*>(xmalloc(len));
                  snprintf(newhost, len, "%s %s", ldapServer, value);
                  free(ldapServer);
                  ldapServer = newhost;
@@ -560,7 +560,7 @@ LDAPArguments(int argc, char **argv)
          char *value = argv[1];
          if (ldapServer) {
              int len = strlen(ldapServer) + 1 + strlen(value) + 1;
-            char *newhost = (char*)malloc(len);
+            char *newhost = static_cast<char*>(xmalloc(len));
              snprintf(newhost, len, "%s %s", ldapServer, value);
              free(ldapServer);
              ldapServer = newhost;
diff --git a/helpers/digest_auth/eDirectory/ldap_backend.cc b/helpers/digest_auth/eDirectory/ldap_backend.cc

index 35db675d1bc27d5d3eea6ca95fa333e23e31543d..c0d23d9af546af21c802abea73e5d53e88bfdcfb 100644 (file)
--- a/helpers/digest_auth/eDirectory/ldap_backend.cc
+++ b/helpers/digest_auth/eDirectory/ldap_backend.cc
@@ -461,7 +461,7 @@ LDAPArguments(int argc, char **argv)
          case 'h':
              if (ldapServer) {
                  int len = strlen(ldapServer) + 1 + strlen(value) + 1;
-                char *newhost = (char*)malloc(len);
+                char *newhost = static_cast<char*>(xmalloc(len));
                  snprintf(newhost, len, "%s %s", ldapServer, value);
                  free(ldapServer);
                  ldapServer = newhost;
@@ -590,7 +590,7 @@ LDAPArguments(int argc, char **argv)
          char *value = argv[1];
          if (ldapServer) {
              int len = strlen(ldapServer) + 1 + strlen(value) + 1;
-            char *newhost = (char*)malloc(len);
+            char *newhost = static_cast<char*>(xmalloc(len));
              snprintf(newhost, len, "%s %s", ldapServer, value);
              free(ldapServer);
              ldapServer = newhost;
diff --git a/helpers/digest_auth/file/text_backend.cc b/helpers/digest_auth/file/text_backend.cc

index b80d75afb451377c0192870b7fc5652162388053..b6bbd2b8de2534fe17e9176d0f7a8ecb4580f29a 100644 (file)
--- a/helpers/digest_auth/file/text_backend.cc
+++ b/helpers/digest_auth/file/text_backend.cc
@@ -118,7 +118,7 @@ read_passwd_file(const char *passwordFile, int isHa1Mode)
              u = static_cast<user_data*>(xcalloc(1, sizeof(*u)));
              if (realm) {
                  int len = strlen(user) + strlen(realm) + 2;
-                u->hash.key = malloc(len);
+                u->hash.key = xmalloc(len);
                  snprintf(static_cast<char*>(u->hash.key), len, "%s:%s", user, realm);
              } else {
                  u->hash.key = xstrdup(user);
diff --git a/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc b/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc

index 78cce967d15289e660e450d0b4dc3bec59949406..829691558fb5f09788ba3084f58d9dcd7df9660b 100644 (file)
--- a/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc
+++ b/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc
@@ -261,7 +261,7 @@ main(int argc, char **argv)
          case 'h':
              if (ldapServer) {
                  int len = strlen(ldapServer) + 1 + strlen(value) + 1;
-                char *newhost = (char*)malloc(len);
+                char *newhost = static_cast<char*>(xmalloc(len));
                  snprintf(newhost, len, "%s %s", ldapServer, value);
                  free(ldapServer);
                  ldapServer = newhost;
@@ -390,7 +390,7 @@ main(int argc, char **argv)
          char *value = argv[1];
          if (ldapServer) {
              int len = strlen(ldapServer) + 1 + strlen(value) + 1;
-            char *newhost = (char*)malloc(len);
+            char *newhost = static_cast<char*>(xmalloc(len));
              snprintf(newhost, len, "%s %s", ldapServer, value);
              free(ldapServer);
              ldapServer = newhost;
diff --git a/helpers/external_acl/file_userip/ext_file_userip_acl.cc b/helpers/external_acl/file_userip/ext_file_userip_acl.cc

index 9bc2b73637532d44d8925ad547271e59af70d414..525e196456be5bbfc12dcd3c37900014d9bbf847 100644 (file)
--- a/helpers/external_acl/file_userip/ext_file_userip_acl.cc
+++ b/helpers/external_acl/file_userip/ext_file_userip_acl.cc
@@ -80,7 +80,7 @@ load_dict(FILE * FH) {
                     bitwise AND */
  
      /* the pointer to the first entry in the linked list */
-    first_entry = (struct ip_user_dict*)malloc(sizeof(struct ip_user_dict));
+    first_entry = static_cast<struct ip_user_dict*>(xmalloc(sizeof(struct ip_user_dict)));
      current_entry = first_entry;
  
      unsigned int lineCount = 0;
@@ -128,7 +128,7 @@ load_dict(FILE * FH) {
  
              /* get space and point current_entry to the new entry */
              current_entry->next_entry =
-                (struct ip_user_dict*)malloc(sizeof(struct ip_user_dict));
+                static_cast<struct ip_user_dict*>(xmalloc(sizeof(struct ip_user_dict)));
              current_entry = current_entry->next_entry;
          }
  
diff --git a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc

index d5a05855b915e5a1513d2e2d10c4d5fa61f7e224..cbcb288feb8a1e95e33f11eb5a48528ba3e90185 100644 (file)
--- a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
+++ b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
@@ -405,7 +405,7 @@ process_options(int argc, char *argv[])
          char *d, *c;
          /* d will not be freed in case of non-error. Since we don't reconfigure,
           * it's going to live as long as the process anyways */
-        d = (char*)malloc(strlen(argv[j]) + 1);
+        d = static_cast<char*>(xmalloc(strlen(argv[j]) + 1));
          strcpy(d, argv[j]);
          debug("Adding domain-controller %s\n", d);
          if (NULL == (c = strchr(d, '\\')) && NULL == (c = strchr(d, '/'))) {
@@ -421,7 +421,7 @@ process_options(int argc, char *argv[])
          }
          *c= '\0';
          ++c;
-        new_dc = (dc *) malloc(sizeof(dc));
+        new_dc = static_cast<dc *>(xmalloc(sizeof(dc)));
          if (!new_dc) {
              fprintf(stderr, "Malloc error while parsing DC options\n");
              free(d);
author	Amos Jeffries <squid3@treenet.co.nz>
	Mon, 7 Sep 2015 17:44:33 +0000 (10:44 -0700)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Mon, 7 Sep 2015 17:44:33 +0000 (10:44 -0700)
helpers/basic_auth/LDAP/basic_ldap_auth.cc		patch \| blob \| blame \| history
helpers/basic_auth/SMB/basic_smb_auth.cc		patch \| blob \| blame \| history
helpers/digest_auth/LDAP/ldap_backend.cc		patch \| blob \| blame \| history
helpers/digest_auth/eDirectory/ldap_backend.cc		patch \| blob \| blame \| history
helpers/digest_auth/file/text_backend.cc		patch \| blob \| blame \| history
helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc		patch \| blob \| blame \| history
helpers/external_acl/file_userip/ext_file_userip_acl.cc		patch \| blob \| blame \| history
helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc		patch \| blob \| blame \| history