From: Thomas Markwalder <tmark@isc.org>
Date: Wed, 23 Sep 2015 19:24:32 +0000 (-0400)
Subject: [master] Corrected several  potential null references identified by static analysis
X-Git-Tag: v4_3_4~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88c3ff5d09699150cc1ebae2fd861fbf2684d4a1;p=thirdparty%2Fdhcp.git

[master] Corrected several  potential null references identified by static analysis

    Merges branch rt40754
---

diff --git a/RELNOTES b/RELNOTES
index 39c4666dc..6e1a4cd75 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -54,6 +54,11 @@ by Eric Young (eay@cryptsoft.com).
 
 			Changes since 4.3.3
 
+- Fixed several potential null references.  Thanks to Bill Parker
+  (wp02855 at gmail dot com) who identified these issues and supplied
+  patches to address them.
+  [ISC-Bugs #40754]
+
 - The linux packet fitler code now correctly treats only least significant
   12 bits an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q).
   Prior to this it was using the entire 16 bit value as the VLAN id and
diff --git a/client/dhc6.c b/client/dhc6.c
index 093271f93..41c27f469 100644
--- a/client/dhc6.c
+++ b/client/dhc6.c
@@ -469,6 +469,10 @@ dhc6_dup_ia(struct dhc6_ia *ia, const char *file, int line)
 	struct dhc6_addr **insert_addr, *addr;
 
 	copy = dmalloc(sizeof(*ia), file, line);
+	if (copy == NULL) {
+		log_error("Out of memory for v6 duplicate IA structure.");
+		return NULL;
+	}
 
 	memcpy(copy->iaid, ia->iaid, sizeof(copy->iaid));
 
diff --git a/common/ctrace.c b/common/ctrace.c
index 578ea5e7b..635202426 100644
--- a/common/ctrace.c
+++ b/common/ctrace.c
@@ -84,6 +84,13 @@ void trace_interface_input (trace_type_t *ttype, unsigned len, char *buf)
 	 */
 	ip->address_count = ip->address_max = 1;
 	ip->addresses = dmalloc(sizeof(*ip->addresses), MDL);
+	if (!ip->addresses) {
+		dfree(ip->ifp, MDL); 
+		ip->ifp = NULL;
+		interface_dereference (&ip, MDL);
+		status = ISC_R_NOMEMORY;
+		goto foo;
+	}
 	memcpy(ip->addresses, &tipkt->primary_address, sizeof(*ip->addresses));
 	memcpy (ip -> name, tipkt -> name, sizeof ip -> name);
 	ip -> index = ntohl (tipkt -> index);
diff --git a/server/dhcpd.c b/server/dhcpd.c
index f61f12352..ab73443a7 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -1279,6 +1279,8 @@ int dhcpd_interface_setup_hook (struct interface_info *ip, struct iaddr *ia)
 			log_fatal ("No memory for shared subnet: %s",
 				   isc_result_totext (status));
 		ip -> shared_network -> name = dmalloc (strlen (fnn) + 1, MDL);
+		if (!ip -> shared_network -> name)
+			log_fatal("no memory for shared network");
 		strcpy (ip -> shared_network -> name, fnn);
 		return 1;
 	}
diff --git a/server/ldap.c b/server/ldap.c
index 2893b8235..a5f79eb31 100644
--- a/server/ldap.c
+++ b/server/ldap.c
@@ -1061,6 +1061,10 @@ add_to_config_stack (LDAPMessage * res, LDAPMessage * ent)
   struct ldap_config_stack *ns;
 
   ns = dmalloc (sizeof (*ns), MDL);
+  if (!ns) {
+    log_fatal ("no memory for add_to_config_stack()");
+  }
+
   ns->res = res;
   ns->ldent = ent;
   ns->close_brace = 0;
diff --git a/server/omapi.c b/server/omapi.c
index 962aef880..66f8f712e 100644
--- a/server/omapi.c
+++ b/server/omapi.c
@@ -2108,6 +2108,8 @@ static isc_result_t class_lookup (omapi_object_t **lp,
 	status = omapi_get_value_str(ref, id, "name", &nv);
 	if (status == ISC_R_SUCCESS) {
 		char *name = dmalloc(nv->value->u.buffer.len + 1, MDL);
+		if (name == NULL)
+			return (ISC_R_NOMEMORY);
 		memcpy (name,
 			nv->value->u.buffer.value,
 			nv->value->u.buffer.len);
diff --git a/server/salloc.c b/server/salloc.c
index 47ff7abf3..164b2e596 100644
--- a/server/salloc.c
+++ b/server/salloc.c
@@ -3,7 +3,7 @@
    Memory allocation for the DHCP server... */
 
 /*
- * Copyright (c) 2009,2012,2014 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2009,2012,2014-2015 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1996-2003 by Internet Software Consortium
  *
@@ -79,6 +79,7 @@ void relinquish_lease_hunks ()
 		dfree(c, MDL);
 	}
 }
+
 #endif
 
 struct lease *new_leases (n, file, line)
@@ -89,11 +90,13 @@ struct lease *new_leases (n, file, line)
 	struct lease *rval;
 #if defined (DEBUG_MEMORY_LEAKAGE_ON_EXIT)
 	rval = dmalloc ((n + 1) * sizeof (struct lease), file, line);
-	memset (rval, 0, sizeof (struct lease));
-	rval -> starts = n;
-	rval -> next = lease_hunks;
-	lease_hunks = rval;
-	rval++;
+	if (rval != NULL) {
+		memset (rval, 0, sizeof (struct lease));
+		rval -> starts = n;
+		rval -> next = lease_hunks;
+		lease_hunks = rval;
+		rval++;
+	}
 #else
 	rval = dmalloc (n * sizeof (struct lease), file, line);
 #endif