From: Ondřej Kuzník Date: Thu, 30 Jan 2020 09:02:25 +0000 (+0000) Subject: ITS#9160 OOM handling in libldap X-Git-Tag: OPENLDAP_REL_ENG_2_5_0ALPHA~55^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4bb239bd769df2cfc84f2ccc72732eae1393d826;p=thirdparty%2Fopenldap.git ITS#9160 OOM handling in libldap --- diff --git a/libraries/libldap/deref.c b/libraries/libldap/deref.c index 6da6f2711c..9b66f19d95 100644 --- a/libraries/libldap/deref.c +++ b/libraries/libldap/deref.c @@ -191,6 +191,12 @@ ldap_parse_derefresponse_control( char *last2; dr = LDAP_CALLOC( 1, sizeof(LDAPDerefRes) ); + if ( dr == NULL ) { + ldap_derefresponse_free( drhead ); + *drp2 = NULL; + ld->ld_errno = LDAP_NO_MEMORY; + return ld->ld_errno; + } dvp = &dr->attrVals; tag = ber_scanf( ber, "{ao", &dr->derefAttr, &dr->derefVal ); @@ -207,6 +213,13 @@ ldap_parse_derefresponse_control( LDAPDerefVal *dv; dv = LDAP_CALLOC( 1, sizeof(LDAPDerefVal) ); + if ( dv == NULL ) { + ldap_derefresponse_free( drhead ); + LDAP_FREE( dr ); + *drp2 = NULL; + ld->ld_errno = LDAP_NO_MEMORY; + return ld->ld_errno; + } tag = ber_scanf( ber, "{a[W]}", &dv->type, &dv->vals ); if ( tag == LBER_ERROR ) { diff --git a/libraries/libldap/getdn.c b/libraries/libldap/getdn.c index 45910aba52..1228d9c76e 100644 --- a/libraries/libldap/getdn.c +++ b/libraries/libldap/getdn.c @@ -258,6 +258,9 @@ ldap_explode_rdn( LDAP_CONST char *rdn, int notypes ) l = vl + ava->la_attr.bv_len + 1; str = LDAP_MALLOC( l + 1 ); + if ( str == NULL ) { + goto error_return; + } AC_MEMCPY( str, ava->la_attr.bv_val, ava->la_attr.bv_len ); str[ al++ ] = '='; @@ -265,6 +268,9 @@ ldap_explode_rdn( LDAP_CONST char *rdn, int notypes ) } else { l = vl; str = LDAP_MALLOC( l + 1 ); + if ( str == NULL ) { + goto error_return; + } } if ( ava->la_flags & LDAP_AVA_BINARY ) { @@ -1526,6 +1532,10 @@ str2strval( const char *str, ber_len_t stoplen, struct berval *val, const char * if ( escapes == 0 ) { if ( *retFlags & LDAP_AVA_NONPRINTABLE ) { val->bv_val = LDAP_MALLOCX( len + 1, ctx ); + if ( val->bv_val == NULL ) { + return( 1 ); + } + AC_MEMCPY( val->bv_val, startPos, len ); val->bv_val[ len ] = '\0'; } else { @@ -1536,6 +1546,10 @@ str2strval( const char *str, ber_len_t stoplen, struct berval *val, const char * ber_len_t s, d; val->bv_val = LDAP_MALLOCX( len + 1, ctx ); + if ( val->bv_val == NULL ) { + return( 1 ); + } + for ( s = 0, d = 0; d < len; ) { if ( LDAP_DN_ESCAPE( startPos[ s ] ) ) { s++; @@ -1633,6 +1647,10 @@ DCE2strval( const char *str, struct berval *val, const char **next, unsigned fla ber_len_t s, d; val->bv_val = LDAP_MALLOCX( len + 1, ctx ); + if ( val->bv_val == NULL ) { + return( 1 ); + } + for ( s = 0, d = 0; d < len; ) { /* * This point is reached only if escapes @@ -1714,6 +1732,10 @@ IA52strval( const char *str, struct berval *val, const char **next, unsigned fla ber_len_t s, d; val->bv_val = LDAP_MALLOCX( len + 1, ctx ); + if ( val->bv_val == NULL ) { + return( 1 ); + } + for ( s = 0, d = 0; d < len; ) { if ( LDAP_DN_ESCAPE( startPos[ s ] ) ) { s++; @@ -1804,6 +1826,10 @@ quotedIA52strval( const char *str, struct berval *val, const char **next, unsign ber_len_t s, d; val->bv_val = LDAP_MALLOCX( len + 1, ctx ); + if ( val->bv_val == NULL ) { + return( 1 ); + } + val->bv_len = len; for ( s = d = 0; d < len; ) { @@ -2897,6 +2923,9 @@ ldap_rdn2bv_x( LDAPRDN rdn, struct berval *bv, unsigned flags, void *ctx ) } bv->bv_val = LDAP_MALLOCX( l + 1, ctx ); + if ( bv->bv_val == NULL ) { + return LDAP_NO_MEMORY; + } switch ( LDAP_DN_FORMAT( flags ) ) { case LDAP_DN_FORMAT_LDAPV3: diff --git a/libraries/libldap/ldif.c b/libraries/libldap/ldif.c index 5414e59334..1c29619cf3 100644 --- a/libraries/libldap/ldif.c +++ b/libraries/libldap/ldif.c @@ -357,6 +357,9 @@ ldif_must_b64_encode_register( LDAP_CONST char *name, LDAP_CONST char *oid ) if ( must_b64_encode == default_must_b64_encode ) { must_b64_encode = ber_memalloc( sizeof( must_b64_encode_s ) * ( i + 2 ) ); + if ( must_b64_encode == NULL ) { + return 1; + } for ( i = 0; !BER_BVISNULL( &default_must_b64_encode[i].name ); i++ ) { ber_dupbv( &must_b64_encode[i].name, &default_must_b64_encode[i].name ); @@ -728,6 +731,9 @@ ldif_open( if ( fp ) { lfp = ber_memalloc( sizeof( LDIFFP )); + if ( lfp == NULL ) { + return NULL; + } lfp->fp = fp; lfp->prev = NULL; } diff --git a/libraries/libldap/ldifutil.c b/libraries/libldap/ldifutil.c index 436c6677d8..e398869139 100644 --- a/libraries/libldap/ldifutil.c +++ b/libraries/libldap/ldifutil.c @@ -396,6 +396,11 @@ short_input: lr->lr_lm = ber_memalloc_x( nmods * sizeof(LDAPMod) + (nmods+1) * sizeof(LDAPMod*) + (lr->lr_lines + nmods - idn) * sizeof(struct berval *), ctx ); + if ( lr->lr_lm == NULL ) { + rc = LDAP_NO_MEMORY; + goto leave; + } + pmods = (LDAPMod **)(lr->lr_lm+nmods); bvl = (struct berval **)(pmods+nmods+1); @@ -426,6 +431,11 @@ short_input: } lr->lr_mops = ber_memalloc_x( lr->lr_lines+1, ctx ); + if ( lr->lr_mops == NULL ) { + rc = LDAP_NO_MEMORY; + goto leave; + } + lr->lr_mops[lr->lr_lines] = M_SEP; if ( i > 0 ) lr->lr_mops[i-1] = M_SEP; @@ -511,6 +521,11 @@ short_input: lr->lr_lm = ber_memalloc_x( nmods * sizeof(LDAPMod) + (nmods+1) * sizeof(LDAPMod*) + (lr->lr_lines + nmods - idn) * sizeof(struct berval *), ctx ); + if ( lr->lr_lm == NULL ) { + rc = LDAP_NO_MEMORY; + goto leave; + } + pmods = (LDAPMod **)(lr->lr_lm+nmods); bvl = (struct berval **)(pmods+nmods+1); diff --git a/libraries/libldap/options.c b/libraries/libldap/options.c index d8dbfea880..bc421dc6ba 100644 --- a/libraries/libldap/options.c +++ b/libraries/libldap/options.c @@ -151,10 +151,21 @@ ldap_get_option( int i; info->ldapai_extensions = LDAP_MALLOC(sizeof(char *) * sizeof(features)/sizeof(LDAPAPIFeatureInfo)); + if ( info->ldapai_extensions == NULL ) { + rc = LDAP_NO_MEMORY; + break; + } for(i=0; features[i].ldapaif_name != NULL; i++) { info->ldapai_extensions[i] = LDAP_STRDUP(features[i].ldapaif_name); + if ( info->ldapai_extensions[i] == NULL ) { + rc = LDAP_NO_MEMORY; + break; + } + } + if ( features[i].ldapaif_name != NULL ) { + break; /* LDAP_NO_MEMORY */ } info->ldapai_extensions[i] = NULL; @@ -895,6 +906,11 @@ ldap_set_option( /* setting pushes the callback */ ldaplist *ll; ll = LDAP_MALLOC( sizeof( *ll )); + if ( ll == NULL ) { + rc = LDAP_NO_MEMORY; + break; + } + ll->ll_data = (void *)invalue; ll->ll_next = lo->ldo_conn_cbs; lo->ldo_conn_cbs = ll; diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c index b4e478aacb..04ee48ea18 100644 --- a/libraries/libldap/result.c +++ b/libraries/libldap/result.c @@ -1027,6 +1027,11 @@ nextresp2: * to parse. */ ber = ldap_alloc_ber_with_options( ld ); + if ( ber == NULL ) { + ld->ld_errno = LDAP_NO_MEMORY; + return -1; + } + if ( ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) ok = 1; } /* set up response chain */ diff --git a/libraries/libldap/schema.c b/libraries/libldap/schema.c index 5cb30e7bfb..ef99a17c97 100644 --- a/libraries/libldap/schema.c +++ b/libraries/libldap/schema.c @@ -2126,6 +2126,11 @@ ldap_str2attributetype( LDAP_CONST char * s, /* Non-numerical OID ... */ int len = ss-savepos; at->at_oid = LDAP_MALLOC(len+1); + if ( !at->at_oid ) { + ldap_attributetype_free(at); + return NULL; + } + strncpy(at->at_oid, savepos, len); at->at_oid[len] = 0; } @@ -2499,6 +2504,11 @@ ldap_str2objectclass( LDAP_CONST char * s, /* Non-numerical OID, ignore */ int len = ss-savepos; oc->oc_oid = LDAP_MALLOC(len+1); + if ( !oc->oc_oid ) { + ldap_objectclass_free(oc); + return NULL; + } + strncpy(oc->oc_oid, savepos, len); oc->oc_oid[len] = 0; } @@ -2780,6 +2790,11 @@ ldap_str2contentrule( LDAP_CONST char * s, /* Non-numerical OID, ignore */ int len = ss-savepos; cr->cr_oid = LDAP_MALLOC(len+1); + if ( !cr->cr_oid ) { + ldap_contentrule_free(cr); + return NULL; + } + strncpy(cr->cr_oid, savepos, len); cr->cr_oid[len] = 0; }