[master] Corrected several potential null references identified by static analysis

    Merges branch rt40754

diff --git a/RELNOTES b/RELNOTES
index 39c4666dcdc09ab67a7e3bb3edb18490e8c98b6d..6e1a4cd7564f9b33655d6de248954ccfdb321ae8 100644 (file)
--- a/RELNOTES
+++ b/RELNOTES
@@ -54,6 +54,11 @@ by Eric Young (eay@cryptsoft.com).
 
                        Changes since 4.3.3
 
+- Fixed several potential null references.  Thanks to Bill Parker
+  (wp02855 at gmail dot com) who identified these issues and supplied
+  patches to address them.
+  [ISC-Bugs #40754]
+
 - The linux packet fitler code now correctly treats only least significant
   12 bits an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q).
   Prior to this it was using the entire 16 bit value as the VLAN id and

diff --git a/client/dhc6.c b/client/dhc6.c
index 093271f93308ed298ea636ba2d816cb0337a8e8b..41c27f469b565a10fa49ba910b50c5a448dc2b30 100644 (file)
--- a/client/dhc6.c
+++ b/client/dhc6.c
@@ -469,6 +469,10 @@ dhc6_dup_ia(struct dhc6_ia *ia, const char *file, int line)
        struct dhc6_addr **insert_addr, *addr;
 
        copy = dmalloc(sizeof(*ia), file, line);
+       if (copy == NULL) {
+               log_error("Out of memory for v6 duplicate IA structure.");
+               return NULL;
+       }
 
        memcpy(copy->iaid, ia->iaid, sizeof(copy->iaid));
 

diff --git a/common/ctrace.c b/common/ctrace.c
index 578ea5e7b97598450ea7eb20f526b5539836e979..6352024260f1c54ddf8b1db4ebd6a775722890e6 100644 (file)
--- a/common/ctrace.c
+++ b/common/ctrace.c
@@ -84,6 +84,13 @@ void trace_interface_input (trace_type_t *ttype, unsigned len, char *buf)
         */
        ip->address_count = ip->address_max = 1;
        ip->addresses = dmalloc(sizeof(*ip->addresses), MDL);
+       if (!ip->addresses) {
+               dfree(ip->ifp, MDL); 
+               ip->ifp = NULL;
+               interface_dereference (&ip, MDL);
+               status = ISC_R_NOMEMORY;
+               goto foo;
+       }
        memcpy(ip->addresses, &tipkt->primary_address, sizeof(*ip->addresses));
        memcpy (ip -> name, tipkt -> name, sizeof ip -> name);
        ip -> index = ntohl (tipkt -> index);

diff --git a/server/dhcpd.c b/server/dhcpd.c
index f61f1235272044950560b04761f0bdedea08fa3e..ab73443a7a2c537dddc6abe8494f1dbb5ef29816 100644 (file)
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -1279,6 +1279,8 @@ int dhcpd_interface_setup_hook (struct interface_info *ip, struct iaddr *ia)
                        log_fatal ("No memory for shared subnet: %s",
                                   isc_result_totext (status));
                ip -> shared_network -> name = dmalloc (strlen (fnn) + 1, MDL);
+               if (!ip -> shared_network -> name)
+                       log_fatal("no memory for shared network");
                strcpy (ip -> shared_network -> name, fnn);
                return 1;
        }

diff --git a/server/ldap.c b/server/ldap.c
index 2893b8235891a29915035c0a5ac6b813cb005598..a5f79eb31780ebd649ad7df1e2fdf1e39772fff9 100644 (file)
--- a/server/ldap.c
+++ b/server/ldap.c
@@ -1061,6 +1061,10 @@ add_to_config_stack (LDAPMessage * res, LDAPMessage * ent)
   struct ldap_config_stack *ns;
 
   ns = dmalloc (sizeof (*ns), MDL);
+  if (!ns) {
+    log_fatal ("no memory for add_to_config_stack()");
+  }
+
   ns->res = res;
   ns->ldent = ent;
   ns->close_brace = 0;

diff --git a/server/omapi.c b/server/omapi.c
index 962aef880073032d86ed9dd25a1f2cc4c06fad01..66f8f712e9203c17ddc09106ba9c806ca23dcf5a 100644 (file)
--- a/server/omapi.c
+++ b/server/omapi.c
@@ -2108,6 +2108,8 @@ static isc_result_t class_lookup (omapi_object_t **lp,
        status = omapi_get_value_str(ref, id, "name", &nv);
        if (status == ISC_R_SUCCESS) {
                char *name = dmalloc(nv->value->u.buffer.len + 1, MDL);
+               if (name == NULL)
+                       return (ISC_R_NOMEMORY);
                memcpy (name,
                        nv->value->u.buffer.value,
                        nv->value->u.buffer.len);

diff --git a/server/salloc.c b/server/salloc.c
index 47ff7abf3f8efb614db01171ffdef0e8029438b1..164b2e5960a8b30be48f127a1ed63dd58a8e4b13 100644 (file)
--- a/server/salloc.c
+++ b/server/salloc.c
@@ -3,7 +3,7 @@
    Memory allocation for the DHCP server... */
 
 /*
- * Copyright (c) 2009,2012,2014 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2009,2012,2014-2015 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1996-2003 by Internet Software Consortium
  *
@@ -79,6 +79,7 @@ void relinquish_lease_hunks ()
                dfree(c, MDL);
        }
 }
+
 #endif
 
 struct lease *new_leases (n, file, line)
@@ -89,11 +90,13 @@ struct lease *new_leases (n, file, line)
        struct lease *rval;
 #if defined (DEBUG_MEMORY_LEAKAGE_ON_EXIT)
        rval = dmalloc ((n + 1) * sizeof (struct lease), file, line);
-       memset (rval, 0, sizeof (struct lease));
-       rval -> starts = n;
-       rval -> next = lease_hunks;
-       lease_hunks = rval;
-       rval++;
+       if (rval != NULL) {
+               memset (rval, 0, sizeof (struct lease));
+               rval -> starts = n;
+               rval -> next = lease_hunks;
+               lease_hunks = rval;
+               rval++;
+       }
 #else
        rval = dmalloc (n * sizeof (struct lease), file, line);
 #endif