From: Amos Jeffries Date: Mon, 7 Sep 2015 17:44:33 +0000 (-0700) Subject: Bug 4284: missing sanity checks for malloc X-Git-Tag: SQUID_4_0_1~67 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c14fb37898dbb834833413e059f90e72fc8b502c;p=thirdparty%2Fsquid.git Bug 4284: missing sanity checks for malloc --- diff --git a/helpers/basic_auth/LDAP/basic_ldap_auth.cc b/helpers/basic_auth/LDAP/basic_ldap_auth.cc index e27ad5e2fc..a3d69a3691 100644 --- a/helpers/basic_auth/LDAP/basic_ldap_auth.cc +++ b/helpers/basic_auth/LDAP/basic_ldap_auth.cc @@ -392,7 +392,7 @@ main(int argc, char **argv) case 'h': if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = static_cast(malloc(len)); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; @@ -512,7 +512,7 @@ main(int argc, char **argv) char *value = argv[1]; if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = static_cast(malloc(len)); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; diff --git a/helpers/basic_auth/SMB/basic_smb_auth.cc b/helpers/basic_auth/SMB/basic_smb_auth.cc index 4f29137239..cf048919b1 100644 --- a/helpers/basic_auth/SMB/basic_smb_auth.cc +++ b/helpers/basic_auth/SMB/basic_smb_auth.cc @@ -111,8 +111,7 @@ main(int argc, char *argv[]) break; if (strcmp(argv[i], "-W") == 0) { - if ((dom = (struct SMBDOMAIN *) malloc(sizeof(struct SMBDOMAIN))) == NULL) - return 1; + dom = static_cast(xmalloc(sizeof(struct SMBDOMAIN))); dom->name = dom->sname = argv[++i]; dom->passthrough = ""; diff --git a/helpers/digest_auth/LDAP/ldap_backend.cc b/helpers/digest_auth/LDAP/ldap_backend.cc index 256083789d..407279df40 100644 --- a/helpers/digest_auth/LDAP/ldap_backend.cc +++ b/helpers/digest_auth/LDAP/ldap_backend.cc @@ -434,7 +434,7 @@ LDAPArguments(int argc, char **argv) case 'h': if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; @@ -560,7 +560,7 @@ LDAPArguments(int argc, char **argv) char *value = argv[1]; if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; diff --git a/helpers/digest_auth/eDirectory/ldap_backend.cc b/helpers/digest_auth/eDirectory/ldap_backend.cc index 35db675d1b..c0d23d9af5 100644 --- a/helpers/digest_auth/eDirectory/ldap_backend.cc +++ b/helpers/digest_auth/eDirectory/ldap_backend.cc @@ -461,7 +461,7 @@ LDAPArguments(int argc, char **argv) case 'h': if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; @@ -590,7 +590,7 @@ LDAPArguments(int argc, char **argv) char *value = argv[1]; if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; diff --git a/helpers/digest_auth/file/text_backend.cc b/helpers/digest_auth/file/text_backend.cc index b80d75afb4..b6bbd2b8de 100644 --- a/helpers/digest_auth/file/text_backend.cc +++ b/helpers/digest_auth/file/text_backend.cc @@ -118,7 +118,7 @@ read_passwd_file(const char *passwordFile, int isHa1Mode) u = static_cast(xcalloc(1, sizeof(*u))); if (realm) { int len = strlen(user) + strlen(realm) + 2; - u->hash.key = malloc(len); + u->hash.key = xmalloc(len); snprintf(static_cast(u->hash.key), len, "%s:%s", user, realm); } else { u->hash.key = xstrdup(user); diff --git a/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc b/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc index 78cce967d1..829691558f 100644 --- a/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc +++ b/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc @@ -261,7 +261,7 @@ main(int argc, char **argv) case 'h': if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; @@ -390,7 +390,7 @@ main(int argc, char **argv) char *value = argv[1]; if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; diff --git a/helpers/external_acl/file_userip/ext_file_userip_acl.cc b/helpers/external_acl/file_userip/ext_file_userip_acl.cc index 9bc2b73637..525e196456 100644 --- a/helpers/external_acl/file_userip/ext_file_userip_acl.cc +++ b/helpers/external_acl/file_userip/ext_file_userip_acl.cc @@ -80,7 +80,7 @@ load_dict(FILE * FH) { bitwise AND */ /* the pointer to the first entry in the linked list */ - first_entry = (struct ip_user_dict*)malloc(sizeof(struct ip_user_dict)); + first_entry = static_cast(xmalloc(sizeof(struct ip_user_dict))); current_entry = first_entry; unsigned int lineCount = 0; @@ -128,7 +128,7 @@ load_dict(FILE * FH) { /* get space and point current_entry to the new entry */ current_entry->next_entry = - (struct ip_user_dict*)malloc(sizeof(struct ip_user_dict)); + static_cast(xmalloc(sizeof(struct ip_user_dict))); current_entry = current_entry->next_entry; } diff --git a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc index d5a05855b9..cbcb288feb 100644 --- a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc +++ b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc @@ -405,7 +405,7 @@ process_options(int argc, char *argv[]) char *d, *c; /* d will not be freed in case of non-error. Since we don't reconfigure, * it's going to live as long as the process anyways */ - d = (char*)malloc(strlen(argv[j]) + 1); + d = static_cast(xmalloc(strlen(argv[j]) + 1)); strcpy(d, argv[j]); debug("Adding domain-controller %s\n", d); if (NULL == (c = strchr(d, '\\')) && NULL == (c = strchr(d, '/'))) { @@ -421,7 +421,7 @@ process_options(int argc, char *argv[]) } *c= '\0'; ++c; - new_dc = (dc *) malloc(sizeof(dc)); + new_dc = static_cast(xmalloc(sizeof(dc))); if (!new_dc) { fprintf(stderr, "Malloc error while parsing DC options\n"); free(d);