From: Eric Leblond Date: Thu, 12 Dec 2013 12:10:01 +0000 (+0100) Subject: Fix realloc error handling X-Git-Tag: suricata-2.0beta2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f07d1521ebf5ac0a46490c3c614e49546fc2d51;p=thirdparty%2Fsuricata.git Fix realloc error handling This patch is fixing realloc error handling. In case of a realloc failure, it free the initial memory and continue existing error handling. The patch has been obtained via the following semantic patch and a bit oh hand editing: @@ expression x, E; identifier f; @@ f(...) { + void *ptmp; <+... - x = SCRealloc(x, E); + ptmp = SCRealloc(x, E); ... when != x - if (x == NULL) + if (ptmp == NULL) { + SCFree(x); + x = NULL; ... - } + } else { + x = ptmp; + } ...+> } @@ expression x, E; identifier f; statement ES; @@ f(...) { + void *ptmp; <+... - x = SCRealloc(x, E); + ptmp = SCRealloc(x, E); ... when != x - if (x == NULL) ES + if (ptmp == NULL) { + SCFree(x); + x = NULL; + ES + } else { + x = ptmp; + } ...+> } @@ expression x, E; identifier f; @@ f(...) { + void *ptmp; <+... - x = SCRealloc(x, E); + ptmp = SCRealloc(x, E); ... when != x - if (unlikely(x == NULL)) + if (unlikely(ptmp == NULL)) { + SCFree(x); + x = NULL; ... - } + } else { + x = ptmp; + } ...+> } @@ expression x, E; identifier f; statement ES; @@ f(...) { + void *ptmp; <+... - x = SCRealloc(x, E); + ptmp = SCRealloc(x, E); ... when != x - if (unlikely(x == NULL)) ES + if (unlikely(ptmp == NULL)) { + SCFree(x); + x = NULL; + ES + } else { + x = ptmp; + } ...+> } --- diff --git a/src/app-layer-dcerpc-udp.c b/src/app-layer-dcerpc-udp.c index 3a75df8ce2..4d4eb36a5b 100644 --- a/src/app-layer-dcerpc-udp.c +++ b/src/app-layer-dcerpc-udp.c @@ -53,6 +53,7 @@ static uint32_t FragmentDataParser(Flow *f, void *dcerpcudp_state, uint32_t *stub_data_buffer_len = NULL; uint8_t *stub_data_fresh = NULL; uint16_t stub_len = 0; + void *ptmp; /* request PDU. Retrieve the request stub buffer */ if (sstate->dcerpc.dcerpchdrudp.type == REQUEST) { @@ -80,11 +81,15 @@ static uint32_t FragmentDataParser(Flow *f, void *dcerpcudp_state, *stub_data_buffer_len = 0; } - *stub_data_buffer = SCRealloc(*stub_data_buffer, *stub_data_buffer_len + stub_len); - if (*stub_data_buffer == NULL) { + ptmp = SCRealloc(*stub_data_buffer, *stub_data_buffer_len + stub_len); + if (ptmp == NULL) { + SCFree(*stub_data_buffer); + *stub_data_buffer = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); goto end; } + + *stub_data_buffer = ptmp; memcpy(*stub_data_buffer + *stub_data_buffer_len, input, stub_len); *stub_data_fresh = 1; diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index c70da62029..d799aa0352 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -1184,6 +1184,7 @@ static uint32_t StubDataParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_le uint32_t *stub_data_buffer_len = NULL; uint8_t *stub_data_fresh = NULL; uint16_t stub_len = 0; + void *ptmp; /* request PDU. Retrieve the request stub buffer */ if (dcerpc->dcerpchdr.type == REQUEST) { @@ -1230,11 +1231,15 @@ static uint32_t StubDataParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_le dcerpc->pdu_fragged = 1; } - *stub_data_buffer = SCRealloc(*stub_data_buffer, *stub_data_buffer_len + stub_len); - if (*stub_data_buffer == NULL) { + ptmp = SCRealloc(*stub_data_buffer, *stub_data_buffer_len + stub_len); + if (ptmp == NULL) { + SCFree(*stub_data_buffer); + *stub_data_buffer = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); goto end; } + *stub_data_buffer = ptmp; + memcpy(*stub_data_buffer + *stub_data_buffer_len, input, stub_len); *stub_data_fresh = 1; diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c index 7aac727370..2b203867e4 100644 --- a/src/app-layer-ftp.c +++ b/src/app-layer-ftp.c @@ -51,6 +51,7 @@ static int FTPGetLineForDirection(FtpState *state, FtpLineState *line_state) { + void *ptmp; if (line_state->current_line_lf_seen == 1) { /* we have seen the lf for the previous line. Clear the parser * details to parse new line */ @@ -83,12 +84,16 @@ static int FTPGetLineForDirection(FtpState *state, FtpLineState *line_state) memcpy(line_state->db, state->input, state->input_len); line_state->db_len = state->input_len; } else { - line_state->db = SCRealloc(line_state->db, - (line_state->db_len + - state->input_len)); - if (line_state->db == NULL) { + ptmp = SCRealloc(line_state->db, + (line_state->db_len + state->input_len)); + if (ptmp == NULL) { + SCFree(line_state->db); + line_state->db = NULL; + line_state->db_len = 0; return -1; } + line_state->db = ptmp; + memcpy(line_state->db + line_state->db_len, state->input, state->input_len); line_state->db_len += state->input_len; @@ -102,12 +107,16 @@ static int FTPGetLineForDirection(FtpState *state, FtpLineState *line_state) line_state->current_line_lf_seen = 1; if (line_state->current_line_db == 1) { - line_state->db = SCRealloc(line_state->db, - (line_state->db_len + - (lf_idx + 1 - state->input))); - if (line_state->db == NULL) { + ptmp = SCRealloc(line_state->db, + (line_state->db_len + (lf_idx + 1 - state->input))); + if (ptmp == NULL) { + SCFree(line_state->db); + line_state->db = NULL; + line_state->db_len = 0; return -1; } + line_state->db = ptmp; + memcpy(line_state->db + line_state->db_len, state->input, (lf_idx + 1 - state->input)); line_state->db_len += (lf_idx + 1 - state->input); @@ -206,6 +215,7 @@ static int FTPParseRequest(Flow *f, void *ftp_state, /* PrintRawDataFp(stdout, input,input_len); */ FtpState *state = (FtpState *)ftp_state; + void *ptmp; state->input = input; state->input_len = input_len; @@ -217,12 +227,15 @@ static int FTPParseRequest(Flow *f, void *ftp_state, state->current_line, state->current_line_len); if (state->command == FTP_COMMAND_PORT) { if (state->current_line_len > state->port_line_size) { - state->port_line = SCRealloc(state->port_line, - state->current_line_len); - if (state->port_line == NULL) { + ptmp = SCRealloc(state->port_line, state->current_line_len); + if (ptmp == NULL) { + SCFree(state->port_line); + state->port_line = NULL; state->port_line_size = 0; return 0; } + state->port_line = ptmp; + state->port_line_size = state->current_line_len; } memcpy(state->port_line, state->current_line, diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index d79ed06269..183ce48e90 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -1166,6 +1166,7 @@ static void HtpRequestBodyReassemble(HtpTxUserData *htud, uint8_t **chunks_buffer, uint32_t *chunks_buffer_len) { uint8_t *buf = NULL; + uint8_t *pbuf = NULL; uint32_t buf_len = 0; HtpBodyChunk *cur = htud->request_body.first; @@ -1187,22 +1188,29 @@ static void HtpRequestBodyReassemble(HtpTxUserData *htud, uint32_t toff = htud->request_body.body_parsed - cur->stream_offset; uint32_t tlen = (cur->stream_offset + cur->len) - htud->request_body.body_parsed; + uint8_t *pbuf = NULL; buf_len += tlen; - if ((buf = SCRealloc(buf, buf_len)) == NULL) { + if ((pbuf = SCRealloc(buf, buf_len)) == NULL) { + SCFree(buf); + buf = NULL; buf_len = 0; break; } + buf = pbuf; memcpy(buf + buf_len - tlen, cur->data + toff, tlen); } else { SCLogDebug("use entire chunk"); buf_len += cur->len; - if ((buf = SCRealloc(buf, buf_len)) == NULL) { + if ((pbuf = SCRealloc(buf, buf_len)) == NULL) { + SCFree(buf); + buf = NULL; buf_len = 0; break; } + buf = pbuf; memcpy(buf + buf_len - cur->len, cur->data, cur->len); } } @@ -2040,6 +2048,7 @@ static int HTPCallbackDoubleDecodePath(htp_tx_t *tx) static int HTPCallbackRequestHeaderData(htp_tx_data_t *tx_data) { + void *ptmp; if (tx_data->len == 0) return HTP_OK; @@ -2051,14 +2060,18 @@ static int HTPCallbackRequestHeaderData(htp_tx_data_t *tx_data) memset(tx_ud, 0, sizeof(*tx_ud)); htp_tx_set_user_data(tx_data->tx, tx_ud); } - tx_ud->request_headers_raw = SCRealloc(tx_ud->request_headers_raw, - tx_ud->request_headers_raw_len + tx_data->len); - if (tx_ud->request_headers_raw == NULL) { + ptmp = SCRealloc(tx_ud->request_headers_raw, + tx_ud->request_headers_raw_len + tx_data->len); + if (ptmp == NULL) { + SCFree(tx_ud->request_headers_raw); + tx_ud->request_headers_raw = NULL; tx_ud->request_headers_raw_len = 0; HtpTxUserDataFree(tx_ud); htp_tx_set_user_data(tx_data->tx, NULL); return HTP_OK; } + tx_ud->request_headers_raw = ptmp; + memcpy(tx_ud->request_headers_raw + tx_ud->request_headers_raw_len, tx_data->data, tx_data->len); tx_ud->request_headers_raw_len += tx_data->len; @@ -2072,6 +2085,7 @@ static int HTPCallbackRequestHeaderData(htp_tx_data_t *tx_data) static int HTPCallbackResponseHeaderData(htp_tx_data_t *tx_data) { + void *ptmp; if (tx_data->len == 0) return HTP_OK; @@ -2083,14 +2097,18 @@ static int HTPCallbackResponseHeaderData(htp_tx_data_t *tx_data) memset(tx_ud, 0, sizeof(*tx_ud)); htp_tx_set_user_data(tx_data->tx, tx_ud); } - tx_ud->response_headers_raw = SCRealloc(tx_ud->response_headers_raw, - tx_ud->response_headers_raw_len + tx_data->len); - if (tx_ud->response_headers_raw == NULL) { + ptmp = SCRealloc(tx_ud->response_headers_raw, + tx_ud->response_headers_raw_len + tx_data->len); + if (ptmp == NULL) { + SCFree(tx_ud->response_headers_raw); + tx_ud->response_headers_raw = NULL; tx_ud->response_headers_raw_len = 0; HtpTxUserDataFree(tx_ud); htp_tx_set_user_data(tx_data->tx, NULL); return HTP_OK; } + tx_ud->response_headers_raw = ptmp; + memcpy(tx_ud->response_headers_raw + tx_ud->response_headers_raw_len, tx_data->data, tx_data->len); tx_ud->response_headers_raw_len += tx_data->len; diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 4fb9bf3b37..78f0b6b7b0 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -325,6 +325,7 @@ int AlpParseFieldBySize(AppLayerParserResult *output, AppLayerParserState *pstat uint32_t input_len, uint32_t *offset) { SCEnter(); + void *ptmp; if ((pstate->store_len + input_len) < size) { if (pstate->store_len == 0) { @@ -335,9 +336,13 @@ int AlpParseFieldBySize(AppLayerParserResult *output, AppLayerParserState *pstat memcpy(pstate->store, input, input_len); pstate->store_len = input_len; } else { - pstate->store = SCRealloc(pstate->store, (input_len + pstate->store_len)); - if (pstate->store == NULL) + ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len)); + if (ptmp == NULL) { + SCFree(pstate->store); + pstate->store = NULL; SCReturnInt(-1); + } + pstate->store = ptmp; memcpy(pstate->store+pstate->store_len, input, input_len); pstate->store_len += input_len; @@ -355,9 +360,13 @@ int AlpParseFieldBySize(AppLayerParserResult *output, AppLayerParserState *pstat } else { uint32_t diff = size - pstate->store_len; - pstate->store = SCRealloc(pstate->store, (diff + pstate->store_len)); - if (pstate->store == NULL) + ptmp = SCRealloc(pstate->store, (diff + pstate->store_len)); + if (ptmp == NULL) { + SCFree(pstate->store); + pstate->store = NULL; SCReturnInt(-1); + } + pstate->store = ptmp; memcpy(pstate->store+pstate->store_len, input, diff); pstate->store_len += diff; @@ -391,6 +400,7 @@ int AlpParseFieldByEOF(AppLayerParserResult *output, AppLayerParserState *pstate uint16_t field_idx, uint8_t *input, uint32_t input_len) { SCEnter(); + void *ptmp; if (pstate->store_len == 0) { if (pstate->flags & APP_LAYER_PARSER_EOF) { @@ -418,9 +428,14 @@ int AlpParseFieldByEOF(AppLayerParserResult *output, AppLayerParserState *pstate if (pstate->flags & APP_LAYER_PARSER_EOF) { SCLogDebug("store_len %" PRIu32 " and EOF", pstate->store_len); - pstate->store = SCRealloc(pstate->store, (input_len + pstate->store_len)); - if (pstate->store == NULL) + ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len)); + if (ptmp == NULL) { + SCFree(pstate->store); + pstate->store = NULL; + pstate->store_len = 0; SCReturnInt(-1); + } + pstate->store = ptmp; memcpy(pstate->store+pstate->store_len, input, input_len); pstate->store_len += input_len; @@ -439,9 +454,13 @@ int AlpParseFieldByEOF(AppLayerParserResult *output, AppLayerParserState *pstate SCLogDebug("store_len %" PRIu32 " but no EOF", pstate->store_len); /* delimiter field not found, so store the result for the next run */ - pstate->store = SCRealloc(pstate->store, (input_len + pstate->store_len)); - if (pstate->store == NULL) + ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len)); + if (ptmp == NULL) { + SCFree(pstate->store); + pstate->store = NULL; SCReturnInt(-1); + } + pstate->store = ptmp; memcpy(pstate->store+pstate->store_len, input, input_len); pstate->store_len += input_len; @@ -463,6 +482,7 @@ int AlpParseFieldByDelimiter(AppLayerParserResult *output, AppLayerParserState * uint8_t *input, uint32_t input_len, uint32_t *offset) { SCEnter(); + void *ptmp; SCLogDebug("pstate->store_len %" PRIu32 ", delim_len %" PRIu32 "", pstate->store_len, delim_len); @@ -502,9 +522,13 @@ int AlpParseFieldByDelimiter(AppLayerParserResult *output, AppLayerParserState * SCLogDebug("len %" PRIu32 " + %" PRIu32 " = %" PRIu32 "", len, pstate->store_len, len + pstate->store_len); - pstate->store = SCRealloc(pstate->store, (len + pstate->store_len)); - if (pstate->store == NULL) + ptmp = SCRealloc(pstate->store, (len + pstate->store_len)); + if (ptmp == NULL) { + SCFree(pstate->store); + pstate->store = NULL; SCReturnInt(-1); + } + pstate->store = ptmp; memcpy(pstate->store+pstate->store_len, input, len); pstate->store_len += len; @@ -527,10 +551,14 @@ int AlpParseFieldByDelimiter(AppLayerParserResult *output, AppLayerParserState * if (delim_len > input_len) { /* delimiter field not found, so store the result for the * next run */ - pstate->store = SCRealloc(pstate->store, (input_len + - pstate->store_len)); - if (pstate->store == NULL) + ptmp = SCRealloc(pstate->store, + (input_len + pstate->store_len)); + if (ptmp == NULL) { + SCFree(pstate->store); + pstate->store = NULL; SCReturnInt(-1); + } + pstate->store = ptmp; memcpy(pstate->store+pstate->store_len, input, input_len); pstate->store_len += input_len; @@ -572,9 +600,13 @@ int AlpParseFieldByDelimiter(AppLayerParserResult *output, AppLayerParserState * } /* delimiter field not found, so store the result for the next run */ - pstate->store = SCRealloc(pstate->store, (input_len + pstate->store_len)); - if (pstate->store == NULL) + ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len)); + if (ptmp == NULL) { + SCFree(pstate->store); + pstate->store = NULL; SCReturnInt(-1); + } + pstate->store = ptmp; memcpy(pstate->store+pstate->store_len, input, input_len); pstate->store_len += input_len; diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index e0608a62b4..358ed8573a 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -199,6 +199,7 @@ SCEnumCharMap smtp_reply_map[ ] = { static int SMTPGetLine(SMTPState *state) { SCEnter(); + void *ptmp; /* we have run out of input */ if (state->input_len <= 0) @@ -238,11 +239,16 @@ static int SMTPGetLine(SMTPState *state) memcpy(state->ts_db, state->input, state->input_len); state->ts_db_len = state->input_len; } else { - state->ts_db = SCRealloc(state->ts_db, (state->ts_db_len + - state->input_len)); - if (state->ts_db == NULL) { + ptmp = SCRealloc(state->ts_db, + (state->ts_db_len + state->input_len)); + if (ptmp == NULL) { + SCFree(state->ts_db); + state->ts_db = NULL; + state->ts_db_len = 0; return -1; } + state->ts_db = ptmp; + memcpy(state->ts_db + state->ts_db_len, state->input, state->input_len); state->ts_db_len += state->input_len; @@ -256,12 +262,16 @@ static int SMTPGetLine(SMTPState *state) state->ts_current_line_lf_seen = 1; if (state->ts_current_line_db == 1) { - state->ts_db = SCRealloc(state->ts_db, - (state->ts_db_len + - (lf_idx + 1 - state->input))); - if (state->ts_db == NULL) { + ptmp = SCRealloc(state->ts_db, + (state->ts_db_len + (lf_idx + 1 - state->input))); + if (ptmp == NULL) { + SCFree(state->ts_db); + state->ts_db = NULL; + state->ts_db_len = 0; return -1; } + state->ts_db = ptmp; + memcpy(state->ts_db + state->ts_db_len, state->input, (lf_idx + 1 - state->input)); state->ts_db_len += (lf_idx + 1 - state->input); @@ -331,11 +341,16 @@ static int SMTPGetLine(SMTPState *state) memcpy(state->tc_db, state->input, state->input_len); state->tc_db_len = state->input_len; } else { - state->tc_db = SCRealloc(state->tc_db, (state->tc_db_len + - state->input_len)); - if (state->tc_db == NULL) { + ptmp = SCRealloc(state->tc_db, + (state->tc_db_len + state->input_len)); + if (ptmp == NULL) { + SCFree(state->tc_db); + state->tc_db = NULL; + state->tc_db_len = 0; return -1; } + state->tc_db = ptmp; + memcpy(state->tc_db + state->tc_db_len, state->input, state->input_len); state->tc_db_len += state->input_len; @@ -349,12 +364,16 @@ static int SMTPGetLine(SMTPState *state) state->tc_current_line_lf_seen = 1; if (state->tc_current_line_db == 1) { - state->tc_db = SCRealloc(state->tc_db, - (state->tc_db_len + - (lf_idx + 1 - state->input))); - if (state->tc_db == NULL) { + ptmp = SCRealloc(state->tc_db, + (state->tc_db_len + (lf_idx + 1 - state->input))); + if (ptmp == NULL) { + SCFree(state->tc_db); + state->tc_db = NULL; + state->tc_db_len = 0; return -1; } + state->tc_db = ptmp; + memcpy(state->tc_db + state->tc_db_len, state->input, (lf_idx + 1 - state->input)); state->tc_db_len += (lf_idx + 1 - state->input); @@ -396,6 +415,7 @@ static int SMTPGetLine(SMTPState *state) static int SMTPInsertCommandIntoCommandBuffer(uint8_t command, SMTPState *state, Flow *f) { SCEnter(); + void *ptmp; if (state->cmds_cnt >= state->cmds_buffer_len) { int increment = SMTP_COMMAND_BUFFER_STEPS; @@ -403,14 +423,16 @@ static int SMTPInsertCommandIntoCommandBuffer(uint8_t command, SMTPState *state, increment = USHRT_MAX - state->cmds_buffer_len; } - state->cmds = SCRealloc(state->cmds, - sizeof(uint8_t) * - (state->cmds_buffer_len + - increment)); - if (state->cmds == NULL) { - SCLogDebug("SCRalloc failure"); + ptmp = SCRealloc(state->cmds, + sizeof(uint8_t) * (state->cmds_buffer_len + increment)); + if (ptmp == NULL) { + SCFree(state->cmds); + state->cmds = NULL; + SCLogDebug("SCRealloc failure"); return -1; } + state->cmds = ptmp; + state->cmds_buffer_len += increment; } if (state->cmds_cnt >= 1 && diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 149550bb90..06d89874ba 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -119,6 +119,7 @@ static void SSLParserReset(SSLState *ssl_state) static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input, uint32_t input_len) { + void *ptmp; uint8_t *initial_input = input; uint32_t parsed = 0; int rc; @@ -152,7 +153,12 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input, } if (ssl_state->curr_connp->trec_pos + input_len >= ssl_state->curr_connp->trec_len) { ssl_state->curr_connp->trec_len = ssl_state->curr_connp->trec_len + 2 * input_len + 1; - ssl_state->curr_connp->trec = SCRealloc( ssl_state->curr_connp->trec, ssl_state->curr_connp->trec_len ); + ptmp = SCRealloc(ssl_state->curr_connp->trec, + ssl_state->curr_connp->trec_len); + if (unlikely(ptmp == NULL)) { + SCFree(ssl_state->curr_connp->trec); + } + ssl_state->curr_connp->trec = ptmp; } if (unlikely(ssl_state->curr_connp->trec == NULL)) { ssl_state->curr_connp->trec_len = 0; @@ -161,6 +167,7 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input, ssl_state->curr_connp->bytes_processed += input_len; return -1; } + uint32_t write_len = 0; if ((ssl_state->curr_connp->bytes_processed + input_len) > ssl_state->curr_connp->record_length + (SSLV3_RECORD_HDR_LEN)) { if ((ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) < ssl_state->curr_connp->bytes_processed) { diff --git a/src/counters.c b/src/counters.c index 4b4f5369e4..ce5a439da2 100644 --- a/src/counters.c +++ b/src/counters.c @@ -1017,6 +1017,7 @@ uint16_t SCPerfRegisterMaxCounter(char *cname, char *tm_name, int type, */ int SCPerfAddToClubbedTMTable(char *tm_name, SCPerfContext *pctx) { + void *ptmp; if (sc_perf_op_ctx == NULL) { SCLogDebug("Counter module has been disabled"); return 0; @@ -1088,12 +1089,16 @@ int SCPerfAddToClubbedTMTable(char *tm_name, SCPerfContext *pctx) return 1; } - pctmi->head = SCRealloc(pctmi->head, - (pctmi->size + 1) * sizeof(SCPerfContext **)); - if (pctmi->head == NULL) { + ptmp = SCRealloc(pctmi->head, + (pctmi->size + 1) * sizeof(SCPerfContext **)); + if (ptmp == NULL) { + SCFree(pctmi->head); + pctmi->head = NULL; SCMutexUnlock(&sc_perf_op_ctx->pctmi_lock); return 0; } + pctmi->head = ptmp; + hpctx = pctmi->head; hpctx[pctmi->size] = pctx; diff --git a/src/detect-engine-hcbd.c b/src/detect-engine-hcbd.c index 19d6652065..4f95f4b01c 100644 --- a/src/detect-engine-hcbd.c +++ b/src/detect-engine-hcbd.c @@ -62,13 +62,19 @@ static inline int HCBDCreateSpace(DetectEngineThreadCtx *det_ctx, uint16_t size) { + void *ptmp; if (size > det_ctx->hcbd_buffers_size) { - det_ctx->hcbd = SCRealloc(det_ctx->hcbd, (det_ctx->hcbd_buffers_size + BUFFER_STEP) * sizeof(HttpReassembledBody)); - if (det_ctx->hcbd == NULL) { + ptmp = SCRealloc(det_ctx->hcbd, + (det_ctx->hcbd_buffers_size + BUFFER_STEP) * sizeof(HttpReassembledBody)); + if (ptmp == NULL) { + SCFree(det_ctx->hcbd); + det_ctx->hcbd = NULL; det_ctx->hcbd_buffers_size = 0; det_ctx->hcbd_buffers_list_len = 0; return -1; } + det_ctx->hcbd = ptmp; + memset(det_ctx->hcbd + det_ctx->hcbd_buffers_size, 0, BUFFER_STEP * sizeof(HttpReassembledBody)); det_ctx->hcbd_buffers_size += BUFFER_STEP; @@ -178,13 +184,17 @@ static uint8_t *DetectEngineHCBDGetBufferForTX(htp_tx_t *tx, uint64_t tx_id, /* see if we need to grow the buffer */ if (det_ctx->hcbd[index].buffer == NULL || (det_ctx->hcbd[index].buffer_len + cur->len) > det_ctx->hcbd[index].buffer_size) { + void *ptmp; det_ctx->hcbd[index].buffer_size += cur->len * 2; - if ((det_ctx->hcbd[index].buffer = SCRealloc(det_ctx->hcbd[index].buffer, det_ctx->hcbd[index].buffer_size)) == NULL) { + if ((ptmp = SCRealloc(det_ctx->hcbd[index].buffer, det_ctx->hcbd[index].buffer_size)) == NULL) { + SCFree(det_ctx->hcbd[index].buffer); + det_ctx->hcbd[index].buffer = NULL; det_ctx->hcbd[index].buffer_size = 0; det_ctx->hcbd[index].buffer_len = 0; goto end; } + det_ctx->hcbd[index].buffer = ptmp; } memcpy(det_ctx->hcbd[index].buffer + det_ctx->hcbd[index].buffer_len, cur->data, cur->len); det_ctx->hcbd[index].buffer_len += cur->len; diff --git a/src/detect-engine-hhd.c b/src/detect-engine-hhd.c index 757da0b1bf..db0d937267 100644 --- a/src/detect-engine-hhd.c +++ b/src/detect-engine-hhd.c @@ -59,20 +59,31 @@ #define BUFFER_STEP 50 static inline int HHDCreateSpace(DetectEngineThreadCtx *det_ctx, uint16_t size) { + void *ptmp; if (size > det_ctx->hhd_buffers_size) { - det_ctx->hhd_buffers = SCRealloc(det_ctx->hhd_buffers, (det_ctx->hhd_buffers_size + BUFFER_STEP) * sizeof(uint8_t *)); - if (det_ctx->hhd_buffers == NULL) { + ptmp = SCRealloc(det_ctx->hhd_buffers, + (det_ctx->hhd_buffers_size + BUFFER_STEP) * sizeof(uint8_t *)); + if (ptmp == NULL) { + SCFree(det_ctx->hhd_buffers); + det_ctx->hhd_buffers = NULL; det_ctx->hhd_buffers_size = 0; det_ctx->hhd_buffers_list_len = 0; return -1; } + det_ctx->hhd_buffers = ptmp; + memset(det_ctx->hhd_buffers + det_ctx->hhd_buffers_size, 0, BUFFER_STEP * sizeof(uint8_t *)); - det_ctx->hhd_buffers_len = SCRealloc(det_ctx->hhd_buffers_len, (det_ctx->hhd_buffers_size + BUFFER_STEP) * sizeof(uint32_t)); - if (det_ctx->hhd_buffers_len == NULL) { + ptmp = SCRealloc(det_ctx->hhd_buffers_len, + (det_ctx->hhd_buffers_size + BUFFER_STEP) * sizeof(uint32_t)); + if (ptmp == NULL) { + SCFree(det_ctx->hhd_buffers_len); + det_ctx->hhd_buffers_len = NULL; det_ctx->hhd_buffers_size = 0; det_ctx->hhd_buffers_list_len = 0; return -1; } + det_ctx->hhd_buffers_len = ptmp; + memset(det_ctx->hhd_buffers_len + det_ctx->hhd_buffers_size, 0, BUFFER_STEP * sizeof(uint32_t)); det_ctx->hhd_buffers_size += BUFFER_STEP; } diff --git a/src/detect-engine-hsbd.c b/src/detect-engine-hsbd.c index 0a92848c38..8b6f62d284 100644 --- a/src/detect-engine-hsbd.c +++ b/src/detect-engine-hsbd.c @@ -63,13 +63,19 @@ static inline int HSBDCreateSpace(DetectEngineThreadCtx *det_ctx, uint16_t size) { + void *ptmp; if (size > det_ctx->hsbd_buffers_size) { - det_ctx->hsbd = SCRealloc(det_ctx->hsbd, (det_ctx->hsbd_buffers_size + BUFFER_STEP) * sizeof(HttpReassembledBody)); - if (det_ctx->hsbd == NULL) { + ptmp = SCRealloc(det_ctx->hsbd, + (det_ctx->hsbd_buffers_size + BUFFER_STEP) * sizeof(HttpReassembledBody)); + if (ptmp == NULL) { + SCFree(det_ctx->hsbd); + det_ctx->hsbd = NULL; det_ctx->hsbd_buffers_size = 0; det_ctx->hsbd_buffers_list_len = 0; return -1; } + det_ctx->hsbd = ptmp; + memset(det_ctx->hsbd + det_ctx->hsbd_buffers_size, 0, BUFFER_STEP * sizeof(HttpReassembledBody)); det_ctx->hsbd_buffers_size += BUFFER_STEP; } @@ -185,13 +191,17 @@ static uint8_t *DetectEngineHSBDGetBufferForTX(htp_tx_t *tx, uint64_t tx_id, /* see if we need to grow the buffer */ if (det_ctx->hsbd[index].buffer == NULL || (det_ctx->hsbd[index].buffer_len + cur->len) > det_ctx->hsbd[index].buffer_size) { + void *ptmp; det_ctx->hsbd[index].buffer_size += cur->len * 2; - if ((det_ctx->hsbd[index].buffer = SCRealloc(det_ctx->hsbd[index].buffer, det_ctx->hsbd[index].buffer_size)) == NULL) { + if ((ptmp = SCRealloc(det_ctx->hsbd[index].buffer, det_ctx->hsbd[index].buffer_size)) == NULL) { + SCFree(det_ctx->hsbd[index].buffer); + det_ctx->hsbd[index].buffer = NULL; det_ctx->hsbd[index].buffer_size = 0; det_ctx->hsbd[index].buffer_len = 0; goto end; } + det_ctx->hsbd[index].buffer = ptmp; } memcpy(det_ctx->hsbd[index].buffer + det_ctx->hsbd[index].buffer_len, cur->data, cur->len); det_ctx->hsbd[index].buffer_len += cur->len; diff --git a/src/detect-engine-siggroup.c b/src/detect-engine-siggroup.c index c300cd11c8..c0917789c3 100644 --- a/src/detect-engine-siggroup.c +++ b/src/detect-engine-siggroup.c @@ -117,13 +117,20 @@ error: } void SigGroupHeadStore(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { + void *ptmp; //printf("de_ctx->sgh_array_cnt %u, de_ctx->sgh_array_size %u, de_ctx->sgh_array %p\n", de_ctx->sgh_array_cnt, de_ctx->sgh_array_size, de_ctx->sgh_array); if (de_ctx->sgh_array_cnt < de_ctx->sgh_array_size) { de_ctx->sgh_array[de_ctx->sgh_array_cnt] = sgh; } else { - de_ctx->sgh_array = SCRealloc(de_ctx->sgh_array, sizeof(SigGroupHead *) * (16 + de_ctx->sgh_array_size)); - if (de_ctx->sgh_array == NULL) + ptmp = SCRealloc(de_ctx->sgh_array, + sizeof(SigGroupHead *) * (16 + de_ctx->sgh_array_size)); + if (ptmp == NULL) { + SCFree(de_ctx->sgh_array); + de_ctx->sgh_array = NULL; return; + } + de_ctx->sgh_array = ptmp; + de_ctx->sgh_array_size += 10; de_ctx->sgh_array[de_ctx->sgh_array_cnt] = sgh; } diff --git a/src/log-tlslog.c b/src/log-tlslog.c index 67876849cf..ab09fddec2 100644 --- a/src/log-tlslog.c +++ b/src/log-tlslog.c @@ -227,6 +227,7 @@ static void LogTlsLogPem(LogTlsLogThread *aft, Packet *p, SSLState *state, LogTl unsigned long pemlen; unsigned char* pembase64ptr = NULL; int ret; + uint8_t *ptmp; SSLCertsChain *cert; if ((state->server_connp.cert_input == NULL) || (state->server_connp.cert_input_len == 0)) @@ -247,11 +248,14 @@ static void LogTlsLogPem(LogTlsLogThread *aft, Packet *p, SSLState *state, LogTl TAILQ_FOREACH(cert, &state->server_connp.certs, next) { pemlen = (4 * (cert->cert_len + 2) / 3) +1; if (pemlen > aft->enc_buf_len) { - aft->enc_buf = (uint8_t*) SCRealloc(aft->enc_buf, sizeof(uint8_t) * pemlen); - if (aft->enc_buf == NULL) { + ptmp = (uint8_t*) SCRealloc(aft->enc_buf, sizeof(uint8_t) * pemlen); + if (ptmp == NULL) { + SCFree(aft->enc_buf); + aft->enc_buf = NULL; SCLogWarning(SC_ERR_MEM_ALLOC, "Can't allocate data for base64 encoding"); goto end_fp; } + aft->enc_buf = ptmp; aft->enc_buf_len = pemlen; } diff --git a/src/runmodes.c b/src/runmodes.c index be6ce36ce0..89ae0c7a8d 100644 --- a/src/runmodes.c +++ b/src/runmodes.c @@ -356,18 +356,21 @@ void RunModeRegisterNewRunMode(int runmode, const char *name, const char *description, int (*RunModeFunc)(DetectEngineCtx *)) { + void *ptmp; if (RunModeGetCustomMode(runmode, name) != NULL) { SCLogError(SC_ERR_RUNMODE, "A runmode by this custom name has already " "been registered. Please use an unique name"); return; } - runmodes[runmode].runmodes = - SCRealloc(runmodes[runmode].runmodes, - (runmodes[runmode].no_of_runmodes + 1) * sizeof(RunMode)); - if (runmodes[runmode].runmodes == NULL) { + ptmp = SCRealloc(runmodes[runmode].runmodes, + (runmodes[runmode].no_of_runmodes + 1) * sizeof(RunMode)); + if (ptmp == NULL) { + SCFree(runmodes[runmode].runmodes); + runmodes[runmode].runmodes = NULL; exit(EXIT_FAILURE); } + runmodes[runmode].runmodes = ptmp; RunMode *mode = &runmodes[runmode].runmodes[runmodes[runmode].no_of_runmodes]; runmodes[runmode].no_of_runmodes++; diff --git a/src/tmqh-flow.c b/src/tmqh-flow.c index f76a4a3cc8..cebd34429f 100644 --- a/src/tmqh-flow.c +++ b/src/tmqh-flow.c @@ -106,6 +106,7 @@ Packet *TmqhInputFlow(ThreadVars *tv) static int StoreQueueId(TmqhFlowCtx *ctx, char *name) { + void *ptmp; Tmq *tmq = TmqGetQueueByName(name); if (tmq == NULL) { tmq = TmqCreateQueue(SCStrdup(name)); @@ -125,10 +126,14 @@ static int StoreQueueId(TmqhFlowCtx *ctx, char *name) memset(ctx->queues, 0, ctx->size * sizeof(TmqhFlowMode)); } else { ctx->size++; - ctx->queues = SCRealloc(ctx->queues, ctx->size * sizeof(TmqhFlowMode)); - if (ctx->queues == NULL) { + ptmp = SCRealloc(ctx->queues, ctx->size * sizeof(TmqhFlowMode)); + if (ptmp == NULL) { + SCFree(ctx->queues); + ctx->queues = NULL; return -1; } + ctx->queues = ptmp; + memset(ctx->queues + (ctx->size - 1), 0, sizeof(TmqhFlowMode)); } ctx->queues[ctx->size - 1].q = &trans_q[id]; diff --git a/src/util-cuda-handlers.c b/src/util-cuda-handlers.c index 07d42f9719..a6cbeec9fb 100644 --- a/src/util-cuda-handlers.c +++ b/src/util-cuda-handlers.c @@ -171,6 +171,7 @@ static CudaHandlerModule *cudahl_modules = NULL; CUcontext CudaHandlerModuleGetContext(const char *name, int device_id) { + void *ptmp; SCMutexLock(&mutex); CudaHandlerModule *module = cudahl_modules; @@ -203,9 +204,14 @@ CUcontext CudaHandlerModuleGetContext(const char *name, int device_id) } if (no_of_cuda_contexts <= device_id) { - cuda_contexts = SCRealloc(cuda_contexts, sizeof(CUcontext) * (device_id + 1)); - if (unlikely(cuda_contexts == NULL)) + ptmp = SCRealloc(cuda_contexts, sizeof(CUcontext) * (device_id + 1)); + if (unlikely(ptmp == NULL)) { + SCFree(cuda_contexts); + cuda_contexts = NULL; exit(EXIT_FAILURE); + } + cuda_contexts = ptmp; + memset(cuda_contexts + no_of_cuda_contexts, 0, sizeof(CUcontext) * ((device_id + 1) - no_of_cuda_contexts)); no_of_cuda_contexts = device_id + 1; diff --git a/src/util-mpm-ac-bs.c b/src/util-mpm-ac-bs.c index 789fc6184a..759e22a6f0 100644 --- a/src/util-mpm-ac-bs.c +++ b/src/util-mpm-ac-bs.c @@ -433,17 +433,22 @@ error: */ static inline int SCACBSInitNewState(MpmCtx *mpm_ctx) { + void *ptmp; SCACBSCtx *ctx = (SCACBSCtx *)mpm_ctx->ctx; int ascii_code = 0; int size = 0; /* reallocate space in the goto table to include a new state */ size = (ctx->state_count + 1) * ctx->single_state_size; - ctx->goto_table = SCRealloc(ctx->goto_table, size); - if (ctx->goto_table == NULL) { + ptmp = SCRealloc(ctx->goto_table, size); + if (ptmp == NULL) { + SCFree(ctx->goto_table); + ctx->goto_table = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + ctx->goto_table = ptmp; + /* set all transitions for the newly assigned state as FAIL transitions */ for (ascii_code = 0; ascii_code < 256; ascii_code++) { ctx->goto_table[ctx->state_count][ascii_code] = SC_AC_BS_FAIL; @@ -451,11 +456,15 @@ static inline int SCACBSInitNewState(MpmCtx *mpm_ctx) /* reallocate space in the output table for the new state */ size = (ctx->state_count + 1) * sizeof(SCACBSOutputTable); - ctx->output_table = SCRealloc(ctx->output_table, size); - if (ctx->output_table == NULL) { + ptmp = SCRealloc(ctx->output_table, size); + if (ptmp == NULL) { + SCFree(ctx->output_table); + ctx->output_table = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + ctx->output_table = ptmp; + memset(ctx->output_table + ctx->state_count, 0, sizeof(SCACBSOutputTable)); /* \todo using it temporarily now during dev, since I have restricted @@ -478,6 +487,7 @@ static inline int SCACBSInitNewState(MpmCtx *mpm_ctx) */ static void SCACBSSetOutputState(int32_t state, uint32_t pid, MpmCtx *mpm_ctx) { + void *ptmp; SCACBSCtx *ctx = (SCACBSCtx *)mpm_ctx->ctx; SCACBSOutputTable *output_state = &ctx->output_table[state]; uint32_t i = 0; @@ -488,12 +498,16 @@ static void SCACBSSetOutputState(int32_t state, uint32_t pid, MpmCtx *mpm_ctx) } output_state->no_of_entries++; - output_state->pids = SCRealloc(output_state->pids, - output_state->no_of_entries * sizeof(uint32_t)); - if (output_state->pids == NULL) { + ptmp = SCRealloc(output_state->pids, + output_state->no_of_entries * sizeof(uint32_t)); + if (ptmp == NULL) { + SCFree(output_state->pids); + output_state->pids = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + output_state->pids = ptmp; + output_state->pids[output_state->no_of_entries - 1] = pid; return; @@ -660,6 +674,7 @@ static inline int32_t SCACBSDequeue(StateQueue *q) static inline void SCACBSClubOutputStates(int32_t dst_state, int32_t src_state, MpmCtx *mpm_ctx) { + void *ptmp; SCACBSCtx *ctx = (SCACBSCtx *)mpm_ctx->ctx; uint32_t i = 0; uint32_t j = 0; @@ -676,13 +691,17 @@ static inline void SCACBSClubOutputStates(int32_t dst_state, int32_t src_state, if (j == output_dst_state->no_of_entries) { output_dst_state->no_of_entries++; - output_dst_state->pids = SCRealloc(output_dst_state->pids, - (output_dst_state->no_of_entries * - sizeof(uint32_t)) ); - if (output_dst_state->pids == NULL) { + ptmp = SCRealloc(output_dst_state->pids, + (output_dst_state->no_of_entries * sizeof(uint32_t))); + if (ptmp == NULL) { + SCFree(output_dst_state->pids); + output_dst_state->pids = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + else { + output_dst_state->pids = ptmp; + } output_dst_state->pids[output_dst_state->no_of_entries - 1] = output_src_state->pids[i]; diff --git a/src/util-mpm-ac-gfbs.c b/src/util-mpm-ac-gfbs.c index a4f063759f..12982ffbb2 100644 --- a/src/util-mpm-ac-gfbs.c +++ b/src/util-mpm-ac-gfbs.c @@ -427,17 +427,22 @@ error: */ static inline int SCACGfbsInitNewState(MpmCtx *mpm_ctx) { + void *ptmp; SCACGfbsCtx *ctx = (SCACGfbsCtx *)mpm_ctx->ctx; int ascii_code = 0; int size = 0; /* reallocate space in the goto table to include a new state */ size = (ctx->state_count + 1) * 1024; - ctx->goto_table = SCRealloc(ctx->goto_table, size); - if (ctx->goto_table == NULL) { + ptmp = SCRealloc(ctx->goto_table, size); + if (ptmp == NULL) { + SCFree(ctx->goto_table); + ctx->goto_table = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + ctx->goto_table = ptmp; + /* set all transitions for the newly assigned state as FAIL transitions */ for (ascii_code = 0; ascii_code < 256; ascii_code++) { ctx->goto_table[ctx->state_count][ascii_code] = SC_AC_GFBS_FAIL; @@ -445,11 +450,15 @@ static inline int SCACGfbsInitNewState(MpmCtx *mpm_ctx) /* reallocate space in the output table for the new state */ size = (ctx->state_count + 1) * sizeof(SCACGfbsOutputTable); - ctx->output_table = SCRealloc(ctx->output_table, size); - if (ctx->output_table == NULL) { + ptmp = SCRealloc(ctx->output_table, size); + if (ptmp == NULL) { + SCFree(ctx->output_table); + ctx->output_table = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + ctx->output_table = ptmp; + memset(ctx->output_table + ctx->state_count, 0, sizeof(SCACGfbsOutputTable)); /* \todo using it temporarily now during dev, since I have restricted @@ -472,6 +481,7 @@ static inline int SCACGfbsInitNewState(MpmCtx *mpm_ctx) */ static void SCACGfbsSetOutputState(int32_t state, uint32_t pid, MpmCtx *mpm_ctx) { + void *ptmp; SCACGfbsCtx *ctx = (SCACGfbsCtx *)mpm_ctx->ctx; SCACGfbsOutputTable *output_state = &ctx->output_table[state]; uint32_t i = 0; @@ -482,12 +492,16 @@ static void SCACGfbsSetOutputState(int32_t state, uint32_t pid, MpmCtx *mpm_ctx) } output_state->no_of_entries++; - output_state->pids = SCRealloc(output_state->pids, - output_state->no_of_entries * sizeof(uint32_t)); - if (output_state->pids == NULL) { + ptmp = SCRealloc(output_state->pids, + output_state->no_of_entries * sizeof(uint32_t)); + if (ptmp == NULL) { + SCFree(output_state->pids); + output_state->pids = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + output_state->pids = ptmp; + output_state->pids[output_state->no_of_entries - 1] = pid; return; @@ -656,6 +670,7 @@ static inline int32_t SCACGfbsDequeue(StateQueue *q) static inline void SCACGfbsClubOutputStates(int32_t dst_state, int32_t src_state, MpmCtx *mpm_ctx) { + void *ptmp; SCACGfbsCtx *ctx = (SCACGfbsCtx *)mpm_ctx->ctx; uint32_t i = 0; uint32_t j = 0; @@ -672,13 +687,15 @@ static inline void SCACGfbsClubOutputStates(int32_t dst_state, int32_t src_state if (j == output_dst_state->no_of_entries) { output_dst_state->no_of_entries++; - output_dst_state->pids = SCRealloc(output_dst_state->pids, - (output_dst_state->no_of_entries * - sizeof(uint32_t)) ); - if (output_dst_state->pids == NULL) { + ptmp = SCRealloc(output_dst_state->pids, + (output_dst_state->no_of_entries * sizeof(uint32_t))); + if (ptmp == NULL) { + SCFree(output_dst_state->pids); + output_dst_state->pids = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + output_dst_state->pids = ptmp; output_dst_state->pids[output_dst_state->no_of_entries - 1] = output_src_state->pids[i]; diff --git a/src/util-mpm-ac-tile.c b/src/util-mpm-ac-tile.c index 85f96b2bb1..fc0a254974 100644 --- a/src/util-mpm-ac-tile.c +++ b/src/util-mpm-ac-tile.c @@ -513,6 +513,7 @@ error: */ static inline int SCACTileInitNewState(MpmCtx *mpm_ctx) { + void *ptmp; SCACTileSearchCtx *search_ctx = (SCACTileSearchCtx *)mpm_ctx->ctx; SCACTileCtx *ctx = search_ctx->init_ctx; int aa = 0; @@ -520,11 +521,15 @@ static inline int SCACTileInitNewState(MpmCtx *mpm_ctx) /* reallocate space in the goto table to include a new state */ size = (ctx->state_count + 1) * sizeof(int32_t) * 256; - ctx->goto_table = SCRealloc(ctx->goto_table, size); - if (ctx->goto_table == NULL) { + ptmp = SCRealloc(ctx->goto_table, size); + if (ptmp == NULL) { + SCFree(ctx->goto_table); + ctx->goto_table = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + ctx->goto_table = ptmp; + /* set all transitions for the newly assigned state as FAIL transitions */ for (aa = 0; aa < ctx->alphabet_size; aa++) { ctx->goto_table[ctx->state_count][aa] = SC_AC_TILE_FAIL; @@ -532,11 +537,15 @@ static inline int SCACTileInitNewState(MpmCtx *mpm_ctx) /* reallocate space in the output table for the new state */ size = (ctx->state_count + 1) * sizeof(SCACTileOutputTable); - ctx->output_table = SCRealloc(ctx->output_table, size); - if (ctx->output_table == NULL) { + ptmp = SCRealloc(ctx->output_table, size); + if (ptmp == NULL) { + SCFree(ctx->output_table); + ctx->output_table = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + ctx->output_table = ptmp; + memset(ctx->output_table + ctx->state_count, 0, sizeof(SCACTileOutputTable)); @@ -553,6 +562,7 @@ static inline int SCACTileInitNewState(MpmCtx *mpm_ctx) */ static void SCACTileSetOutputState(int32_t state, uint32_t pid, MpmCtx *mpm_ctx) { + void *ptmp; SCACTileSearchCtx *search_ctx = (SCACTileSearchCtx *)mpm_ctx->ctx; SCACTileCtx *ctx = search_ctx->init_ctx; @@ -565,12 +575,16 @@ static void SCACTileSetOutputState(int32_t state, uint32_t pid, MpmCtx *mpm_ctx) } output_state->no_of_entries++; - output_state->pids = SCRealloc(output_state->pids, - output_state->no_of_entries * sizeof(uint32_t)); - if (output_state->pids == NULL) { + ptmp = SCRealloc(output_state->pids, + output_state->no_of_entries * sizeof(uint32_t)); + if (ptmp == NULL) { + SCFree(output_state->pids); + output_state->pids = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + output_state->pids = ptmp; + output_state->pids[output_state->no_of_entries - 1] = pid; return; @@ -713,6 +727,7 @@ static inline void SCACTileClubOutputStates(int32_t dst_state, int32_t src_state, MpmCtx *mpm_ctx) { + void *ptmp; SCACTileSearchCtx *search_ctx = (SCACTileSearchCtx *)mpm_ctx->ctx; SCACTileCtx *ctx = search_ctx->init_ctx; @@ -731,13 +746,15 @@ static inline void SCACTileClubOutputStates(int32_t dst_state, if (j == output_dst_state->no_of_entries) { output_dst_state->no_of_entries++; - output_dst_state->pids = SCRealloc(output_dst_state->pids, - (output_dst_state->no_of_entries * - sizeof(uint32_t)) ); - if (output_dst_state->pids == NULL) { + ptmp = SCRealloc(output_dst_state->pids, + (output_dst_state->no_of_entries * sizeof(uint32_t))); + if (ptmp == NULL) { + SCFree(output_dst_state->pids); + output_dst_state->pids = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + output_dst_state->pids = ptmp; output_dst_state->pids[output_dst_state->no_of_entries - 1] = output_src_state->pids[i]; diff --git a/src/util-mpm-ac.c b/src/util-mpm-ac.c index 50d86444cc..5447aae62c 100644 --- a/src/util-mpm-ac.c +++ b/src/util-mpm-ac.c @@ -421,17 +421,22 @@ error: */ static inline int SCACInitNewState(MpmCtx *mpm_ctx) { + void *ptmp; SCACCtx *ctx = (SCACCtx *)mpm_ctx->ctx; int ascii_code = 0; int size = 0; /* reallocate space in the goto table to include a new state */ size = (ctx->state_count + 1) * ctx->single_state_size; - ctx->goto_table = SCRealloc(ctx->goto_table, size); - if (ctx->goto_table == NULL) { + ptmp = SCRealloc(ctx->goto_table, size); + if (ptmp == NULL) { + SCFree(ctx->goto_table); + ctx->goto_table = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + ctx->goto_table = ptmp; + /* set all transitions for the newly assigned state as FAIL transitions */ for (ascii_code = 0; ascii_code < 256; ascii_code++) { ctx->goto_table[ctx->state_count][ascii_code] = SC_AC_FAIL; @@ -439,11 +444,15 @@ static inline int SCACInitNewState(MpmCtx *mpm_ctx) /* reallocate space in the output table for the new state */ size = (ctx->state_count + 1) * sizeof(SCACOutputTable); - ctx->output_table = SCRealloc(ctx->output_table, size); - if (ctx->output_table == NULL) { + ptmp = SCRealloc(ctx->output_table, size); + if (ptmp == NULL) { + SCFree(ctx->output_table); + ctx->output_table = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + ctx->output_table = ptmp; + memset(ctx->output_table + ctx->state_count, 0, sizeof(SCACOutputTable)); /* \todo using it temporarily now during dev, since I have restricted @@ -466,6 +475,7 @@ static inline int SCACInitNewState(MpmCtx *mpm_ctx) */ static void SCACSetOutputState(int32_t state, uint32_t pid, MpmCtx *mpm_ctx) { + void *ptmp; SCACCtx *ctx = (SCACCtx *)mpm_ctx->ctx; SCACOutputTable *output_state = &ctx->output_table[state]; uint32_t i = 0; @@ -476,12 +486,16 @@ static void SCACSetOutputState(int32_t state, uint32_t pid, MpmCtx *mpm_ctx) } output_state->no_of_entries++; - output_state->pids = SCRealloc(output_state->pids, - output_state->no_of_entries * sizeof(uint32_t)); - if (output_state->pids == NULL) { + ptmp = SCRealloc(output_state->pids, + output_state->no_of_entries * sizeof(uint32_t)); + if (ptmp == NULL) { + SCFree(output_state->pids); + output_state->pids = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + output_state->pids = ptmp; + output_state->pids[output_state->no_of_entries - 1] = pid; return; @@ -669,6 +683,7 @@ static inline int32_t SCACDequeue(StateQueue *q) static inline void SCACClubOutputStates(int32_t dst_state, int32_t src_state, MpmCtx *mpm_ctx) { + void *ptmp; SCACCtx *ctx = (SCACCtx *)mpm_ctx->ctx; uint32_t i = 0; uint32_t j = 0; @@ -685,13 +700,15 @@ static inline void SCACClubOutputStates(int32_t dst_state, int32_t src_state, if (j == output_dst_state->no_of_entries) { output_dst_state->no_of_entries++; - output_dst_state->pids = SCRealloc(output_dst_state->pids, - (output_dst_state->no_of_entries * - sizeof(uint32_t)) ); - if (output_dst_state->pids == NULL) { + ptmp = SCRealloc(output_dst_state->pids, + (output_dst_state->no_of_entries * sizeof(uint32_t))); + if (ptmp == NULL) { + SCFree(output_dst_state->pids); + output_dst_state->pids = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + output_dst_state->pids = ptmp; output_dst_state->pids[output_dst_state->no_of_entries - 1] = output_src_state->pids[i]; diff --git a/src/util-mpm.c b/src/util-mpm.c index 7dde483d39..7b49a64f05 100644 --- a/src/util-mpm.c +++ b/src/util-mpm.c @@ -60,6 +60,7 @@ */ int32_t MpmFactoryRegisterMpmCtxProfile(DetectEngineCtx *de_ctx, const char *name, uint8_t flags) { + void *ptmp; /* the very first entry */ if (de_ctx->mpm_ctx_factory_container == NULL) { de_ctx->mpm_ctx_factory_container = SCMalloc(sizeof(MpmCtxFactoryContainer)); @@ -142,12 +143,17 @@ int32_t MpmFactoryRegisterMpmCtxProfile(DetectEngineCtx *de_ctx, const char *nam } /* let's make the new entry */ - items = SCRealloc(items, - (de_ctx->mpm_ctx_factory_container->no_of_items + 1) * sizeof(MpmCtxFactoryItem)); - if (unlikely(items == NULL)) { + ptmp = SCRealloc(items, + (de_ctx->mpm_ctx_factory_container->no_of_items + 1) * sizeof(MpmCtxFactoryItem)); + if (unlikely(ptmp == NULL)) { + SCFree(items); + items = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); exit(EXIT_FAILURE); } + else { + items = ptmp; + } de_ctx->mpm_ctx_factory_container->items = items; diff --git a/src/util-pool-thread.c b/src/util-pool-thread.c index 23607fd08b..d41f0173a9 100644 --- a/src/util-pool-thread.c +++ b/src/util-pool-thread.c @@ -86,6 +86,7 @@ error: * */ int PoolThreadGrow(PoolThread *pt, uint32_t size, uint32_t prealloc_size, uint32_t elt_size, void *(*Alloc)(), int (*Init)(void *, void *), void *InitData, void (*Cleanup)(void *), void (*Free)(void *)) { + void *ptmp; size_t newsize; PoolThreadElement *e = NULL; @@ -97,11 +98,15 @@ int PoolThreadGrow(PoolThread *pt, uint32_t size, uint32_t prealloc_size, uint32 newsize = pt->size + 1; SCLogDebug("newsize %lu", newsize); - pt->array = SCRealloc(pt->array, (newsize * sizeof(PoolThreadElement))); - if (pt->array == NULL) { + ptmp = SCRealloc(pt->array, (newsize * sizeof(PoolThreadElement))); + if (ptmp == NULL) { + SCFree(pt->array); + pt->array = NULL; SCLogError(SC_ERR_POOL_INIT, "pool grow failed"); return -1; } + pt->array = ptmp; + pt->size = newsize; e = &pt->array[newsize - 1]; diff --git a/src/util-radix-tree.c b/src/util-radix-tree.c index e82702a14a..a5c471aba3 100644 --- a/src/util-radix-tree.c +++ b/src/util-radix-tree.c @@ -494,6 +494,8 @@ static SCRadixNode *SCRadixAddKey(uint8_t *key_stream, uint16_t key_bitlen, SCRadixPrefix *prefix = NULL; + void *ptmp; + uint8_t *stream = NULL; uint8_t bitlen = 0; @@ -538,11 +540,14 @@ static SCRadixNode *SCRadixAddKey(uint8_t *key_stream, uint16_t key_bitlen, * chopping the incoming search ip key using the netmask values added * into the tree and then verify for a match */ node->netmask_cnt++; - if ( (node->netmasks = SCRealloc(node->netmasks, (node->netmask_cnt * + if ( (ptmp = SCRealloc(node->netmasks, (node->netmask_cnt * sizeof(uint8_t)))) == NULL) { + SCFree(node->netmasks); + node->netmasks = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Fatal error encountered in SCRadixAddKey. Mem not allocated"); return NULL; } + node->netmasks = ptmp; node->netmasks[0] = netmask; return node; } @@ -658,11 +663,14 @@ static SCRadixNode *SCRadixAddKey(uint8_t *key_stream, uint16_t key_bitlen, node->netmask_cnt++; new_node = node; - if ( (node->netmasks = SCRealloc(node->netmasks, (node->netmask_cnt * + if ( (ptmp = SCRealloc(node->netmasks, (node->netmask_cnt * sizeof(uint8_t)))) == NULL) { + SCFree(node->netmasks); + node->netmasks = NULL; SCLogError(SC_ERR_FATAL, "Fatal error encountered in SCRadixAddKey. Mem not allocated..."); return NULL; } + node->netmasks = ptmp; if (node->netmask_cnt == 1) { node->netmasks[0] = netmask; @@ -778,11 +786,14 @@ static SCRadixNode *SCRadixAddKey(uint8_t *key_stream, uint16_t key_bitlen, } node->netmask_cnt++; - if ( (node->netmasks = SCRealloc(node->netmasks, (node->netmask_cnt * + if ( (ptmp = SCRealloc(node->netmasks, (node->netmask_cnt * sizeof(uint8_t)))) == NULL) { + SCFree(node->netmasks); + node->netmasks = NULL; SCLogError(SC_ERR_FATAL, "Fatal error encountered in SCRadixAddKey. Exiting..."); exit(EXIT_FAILURE); } + node->netmasks = ptmp; if (node->netmask_cnt == 1) { node->netmasks[0] = netmask; @@ -1000,6 +1011,7 @@ SCRadixNode *SCRadixAddKeyIPV6String(const char *str, SCRadixTree *tree, void *u static void SCRadixTransferNetmasksBWNodes(SCRadixNode *dest, SCRadixNode *src) { int i = 0, j = 0; + void *ptmp = NULL; if (src == NULL || dest == NULL) { SCLogError(SC_ERR_INVALID_ARGUMENTS, "src or dest NULL"); @@ -1010,10 +1022,14 @@ static void SCRadixTransferNetmasksBWNodes(SCRadixNode *dest, SCRadixNode *src) if (src->netmasks == NULL) return; - if ( (dest->netmasks = SCRealloc(dest->netmasks, - (src->netmask_cnt + dest->netmask_cnt) * - sizeof(uint8_t))) == NULL) + if ( (ptmp = SCRealloc(dest->netmasks, + (src->netmask_cnt + dest->netmask_cnt) * + sizeof(uint8_t))) == NULL) { + SCFree(dest->netmasks); + dest->netmasks = NULL; return; + } + dest->netmasks = ptmp; for (i = dest->netmask_cnt, j = 0; j < src->netmask_cnt; i++, j++) dest->netmasks[i] = src->netmasks[j]; @@ -1032,6 +1048,7 @@ static void SCRadixTransferNetmasksBWNodes(SCRadixNode *dest, SCRadixNode *src) */ static void SCRadixRemoveNetblockEntry(SCRadixNode *node, uint8_t netmask) { + void *ptmp; SCRadixNode *parent = NULL; int i = 0; @@ -1071,9 +1088,13 @@ static void SCRadixRemoveNetblockEntry(SCRadixNode *node, uint8_t netmask) return; } - node->netmasks = SCRealloc(node->netmasks, node->netmask_cnt * sizeof(uint8_t)); - if (node->netmasks == NULL) + ptmp = SCRealloc(node->netmasks, node->netmask_cnt * sizeof(uint8_t)); + if (ptmp == NULL) { + SCFree(node->netmasks); + node->netmasks = NULL; return; + } + node->netmasks = ptmp; return; } diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c index b35208d7b7..b354e80aa8 100644 --- a/src/util-threshold-config.c +++ b/src/util-threshold-config.c @@ -447,6 +447,7 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid Signature *s = NULL; SigMatch *sm = NULL; DetectThresholdData *de = NULL; + void *ptmp; BUG_ON(parsed_type == TYPE_SUPPRESS); @@ -499,11 +500,14 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid sm->ctx = (void *)de; if (parsed_track == TRACK_RULE) { - de_ctx->ths_ctx.th_entry = SCRealloc(de_ctx->ths_ctx.th_entry, (de_ctx->ths_ctx.th_size + 1) * sizeof(DetectThresholdEntry *)); - if (de_ctx->ths_ctx.th_entry == NULL) { + ptmp = SCRealloc(de_ctx->ths_ctx.th_entry, (de_ctx->ths_ctx.th_size + 1) * sizeof(DetectThresholdEntry *)); + if (ptmp == NULL) { + SCFree(de_ctx->ths_ctx.th_entry); + de_ctx->ths_ctx.th_entry = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory for threshold config" " (tried to allocate %"PRIu32"th_entrys for rule tracking with rate_filter)", de_ctx->ths_ctx.th_size + 1); } else { + de_ctx->ths_ctx.th_entry = ptmp; de_ctx->ths_ctx.th_entry[de_ctx->ths_ctx.th_size] = NULL; de_ctx->ths_ctx.th_size++; } @@ -560,11 +564,14 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid sm->ctx = (void *)de; if (parsed_track == TRACK_RULE) { - de_ctx->ths_ctx.th_entry = SCRealloc(de_ctx->ths_ctx.th_entry, (de_ctx->ths_ctx.th_size + 1) * sizeof(DetectThresholdEntry *)); - if (de_ctx->ths_ctx.th_entry == NULL) { + ptmp = SCRealloc(de_ctx->ths_ctx.th_entry, (de_ctx->ths_ctx.th_size + 1) * sizeof(DetectThresholdEntry *)); + if (ptmp == NULL) { + SCFree(de_ctx->ths_ctx.th_entry); + de_ctx->ths_ctx.th_entry = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory for threshold config" " (tried to allocate %"PRIu32"th_entrys for rule tracking with rate_filter)", de_ctx->ths_ctx.th_size + 1); } else { + de_ctx->ths_ctx.th_entry = ptmp; de_ctx->ths_ctx.th_entry[de_ctx->ths_ctx.th_size] = NULL; de_ctx->ths_ctx.th_size++; } @@ -648,11 +655,14 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid sm->ctx = (void *)de; if (parsed_track == TRACK_RULE) { - de_ctx->ths_ctx.th_entry = SCRealloc(de_ctx->ths_ctx.th_entry, (de_ctx->ths_ctx.th_size + 1) * sizeof(DetectThresholdEntry *)); - if (de_ctx->ths_ctx.th_entry == NULL) { + ptmp = SCRealloc(de_ctx->ths_ctx.th_entry, (de_ctx->ths_ctx.th_size + 1) * sizeof(DetectThresholdEntry *)); + if (ptmp == NULL) { + SCFree(de_ctx->ths_ctx.th_entry); + de_ctx->ths_ctx.th_entry = NULL; SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory for threshold config" " (tried to allocate %"PRIu32"th_entrys for rule tracking with rate_filter)", de_ctx->ths_ctx.th_size + 1); } else { + de_ctx->ths_ctx.th_entry = ptmp; de_ctx->ths_ctx.th_entry[de_ctx->ths_ctx.th_size] = NULL; de_ctx->ths_ctx.th_size++; }