From: Willem Toorop Date: Wed, 11 Oct 2017 08:17:22 +0000 (+0200) Subject: bugfix 1566 NULL pointer dereference X-Git-Tag: release-1.7.1-rc1~64 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c1b881f107b9dbfa6f2b0a3807ea6823f0c23003;p=thirdparty%2Fldns.git bugfix 1566 NULL pointer dereference Thanks Bill Parker --- diff --git a/Changelog b/Changelog index 164d65b3..da0e9b82 100644 --- a/Changelog +++ b/Changelog @@ -1,4 +1,6 @@ 1.7.1 ????-??-?? + * bugfix #1566: Possible NULL Pointer Dereference + Thanks Bill Parker * bugfix #1260: Anticipate strchr returning NULL on unfound char Thanks Stephan Zeisberg * bugfix #1257: Free after reallocing to 0 size diff --git a/duration.c b/duration.c index 1abeb125..bc8a72cf 100644 --- a/duration.c +++ b/duration.c @@ -215,9 +215,10 @@ digits_in_number(time_t duration) char* ldns_duration2string(const ldns_duration_type* duration) { - char* str = NULL, *num = NULL; + char* str = NULL; size_t count = 2; int T = 0; + char num[80]; if (!duration) { return NULL; @@ -251,61 +252,55 @@ ldns_duration2string(const ldns_duration_type* duration) count++; } - str = (char*) calloc(count, sizeof(char)); + if (!(str = (char*) calloc(count, sizeof(char)))) + return NULL; str[0] = 'P'; str[1] = '\0'; if (duration->years > 0) { count = digits_in_number(duration->years); - num = (char*) calloc(count+2, sizeof(char)); + if (count > sizeof(num) - 2) return NULL; /* int's > 256 bits */ snprintf(num, count+2, "%uY", (unsigned int) duration->years); str = strncat(str, num, count+2); - free((void*) num); } if (duration->months > 0) { count = digits_in_number(duration->months); - num = (char*) calloc(count+2, sizeof(char)); + if (count > sizeof(num) - 2) return NULL; snprintf(num, count+2, "%uM", (unsigned int) duration->months); str = strncat(str, num, count+2); - free((void*) num); } if (duration->weeks > 0) { count = digits_in_number(duration->weeks); - num = (char*) calloc(count+2, sizeof(char)); + if (count > sizeof(num) - 2) return NULL; snprintf(num, count+2, "%uW", (unsigned int) duration->weeks); str = strncat(str, num, count+2); - free((void*) num); } if (duration->days > 0) { count = digits_in_number(duration->days); - num = (char*) calloc(count+2, sizeof(char)); + if (count > sizeof(num) - 2) return NULL; snprintf(num, count+2, "%uD", (unsigned int) duration->days); str = strncat(str, num, count+2); - free((void*) num); } if (T) { str = strncat(str, "T", 1); } if (duration->hours > 0) { count = digits_in_number(duration->hours); - num = (char*) calloc(count+2, sizeof(char)); + if (count > sizeof(num) - 2) return NULL; snprintf(num, count+2, "%uH", (unsigned int) duration->hours); str = strncat(str, num, count+2); - free((void*) num); } if (duration->minutes > 0) { count = digits_in_number(duration->minutes); - num = (char*) calloc(count+2, sizeof(char)); + if (count > sizeof(num) - 2) return NULL; snprintf(num, count+2, "%uM", (unsigned int) duration->minutes); str = strncat(str, num, count+2); - free((void*) num); } if (duration->seconds > 0) { count = digits_in_number(duration->seconds); - num = (char*) calloc(count+2, sizeof(char)); + if (count > sizeof(num) - 2) return NULL; snprintf(num, count+2, "%uS", (unsigned int) duration->seconds); str = strncat(str, num, count+2); - free((void*) num); } return str; }