From: Eric Leblond Date: Mon, 9 Dec 2013 17:58:32 +0000 (+0100) Subject: error checking: add missing alloc error treatment X-Git-Tag: suricata-2.0beta2~39 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=28c5c68192f1b08a20e8e9c0b5080ad888116ed8;p=thirdparty%2Fsuricata.git error checking: add missing alloc error treatment The return of some malloc like functions was not treated in some places of the code. --- diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c index 8f3beee9b2..6cf3114339 100644 --- a/src/alert-unified2-alert.c +++ b/src/alert-unified2-alert.c @@ -1332,6 +1332,10 @@ OutputCtx *Unified2AlertInitCtx(ConfNode *conf) if (filename == NULL) filename = DEFAULT_LOG_FILENAME; file_ctx->prefix = SCStrdup(filename); + if (unlikely(file_ctx->prefix == NULL)) { + SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate file prefix"); + exit(EXIT_FAILURE); + } const char *s_limit = NULL; file_ctx->size_limit = DEFAULT_LIMIT; @@ -1462,9 +1466,10 @@ int Unified2AlertOpenFileCtx(LogFileCtx *file_ctx, const char *prefix) if (file_ctx->filename != NULL) filename = file_ctx->filename; else { - filename = file_ctx->filename = SCMalloc(PATH_MAX); /* XXX some sane default? */ - if (filename == NULL) + filename = SCMalloc(PATH_MAX); /* XXX some sane default? */ + if (unlikely(filename == NULL)) return -1; + file_ctx->filename = filename; memset(filename, 0x00, PATH_MAX); } diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index 1cbcf73fcb..d79ed06269 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -2460,11 +2460,13 @@ void HTPConfigure(void) SCLogDebug("LIBHTP server %s", s->name); HTPCfgRec *nextrec = cfglist.next; - HTPCfgRec *htprec = cfglist.next = SCMalloc(sizeof(HTPCfgRec)); + HTPCfgRec *htprec = SCMalloc(sizeof(HTPCfgRec)); if (NULL == htprec) exit(EXIT_FAILURE); memset(htprec, 0x00, sizeof(*htprec)); + cfglist.next = htprec; + cfglist.next->next = nextrec; cfglist.next->cfg = htp_config_create(); if (NULL == cfglist.next->cfg) { diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 76e9e2e905..149550bb90 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -154,7 +154,7 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input, ssl_state->curr_connp->trec_len = ssl_state->curr_connp->trec_len + 2 * input_len + 1; ssl_state->curr_connp->trec = SCRealloc( ssl_state->curr_connp->trec, ssl_state->curr_connp->trec_len ); } - if (ssl_state->curr_connp->trec == NULL) { + if (unlikely(ssl_state->curr_connp->trec == NULL)) { ssl_state->curr_connp->trec_len = 0; /* error, skip packet */ parsed += input_len; diff --git a/src/conf-yaml-loader.c b/src/conf-yaml-loader.c index a5e0d27e66..dece14642f 100644 --- a/src/conf-yaml-loader.c +++ b/src/conf-yaml-loader.c @@ -211,6 +211,10 @@ ConfYamlParse(yaml_parser_t *parser, ConfNode *parent, int inseq) return -1; snprintf(seq_node->name, DEFAULT_NAME_LEN, "%d", seq_idx++); seq_node->val = SCStrdup(value); + if (unlikely(seq_node->val == NULL)) { + SCFree(seq_node->name); + return -1; + } TAILQ_INSERT_TAIL(&parent->head, seq_node, next); } else { diff --git a/src/conf.c b/src/conf.c index 6fd6805ea8..9f70d81161 100644 --- a/src/conf.c +++ b/src/conf.c @@ -89,6 +89,12 @@ ConfGetNodeOrCreate(char *name, int final) goto end; } node->name = SCStrdup(key); + if (unlikely(node->name == NULL)) { + ConfNodeFree(node); + SCLogWarning(SC_ERR_MEM_ALLOC, + "Failed to allocate memory for configuration."); + goto end; + } node->parent = parent; node->final = final; TAILQ_INSERT_TAIL(&parent->head, node, next); @@ -226,6 +232,9 @@ ConfSet(char *name, char *val) if (node->val != NULL) SCFree(node->val); node->val = SCStrdup(val); + if (unlikely(node->val == NULL)) { + return 0; + } return 1; } @@ -253,6 +262,9 @@ ConfSetFinal(char *name, char *val) if (node->val != NULL) SCFree(node->val); node->val = SCStrdup(val); + if (unlikely(node->val == NULL)) { + return 0; + } node->final = 1; return 1; } @@ -638,6 +650,9 @@ ConfNodeDump(ConfNode *node, const char *prefix) level++; TAILQ_FOREACH(child, &node->head, next) { name[level] = SCStrdup(child->name); + if (unlikely(name[level] == NULL)) { + continue; + } if (prefix == NULL) { printf("%s = %s\n", ConfPrintNameArray(name, level), child->val); diff --git a/src/counters.c b/src/counters.c index 5238058b5a..4b4f5369e4 100644 --- a/src/counters.c +++ b/src/counters.c @@ -1064,6 +1064,10 @@ int SCPerfAddToClubbedTMTable(char *tm_name, SCPerfContext *pctx) } temp->head[0] = pctx; temp->tm_name = SCStrdup(tm_name); + if (unlikely(temp->tm_name == NULL)) { + SCMutexUnlock(&sc_perf_op_ctx->pctmi_lock); + return 0; + } if (prev == NULL) sc_perf_op_ctx->pctmi = temp; diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c index aa630b61a1..13000503b4 100644 --- a/src/detect-flowvar.c +++ b/src/detect-flowvar.c @@ -184,6 +184,8 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws fd->flags = contentflags; fd->name = SCStrdup(varname); + if (unlikely(fd->name == NULL)) + goto error; fd->idx = VariableNameGetIdx(de_ctx, varname, DETECT_FLOWVAR); /* Okay so far so good, lets get this into a SigMatch diff --git a/src/detect-tls.c b/src/detect-tls.c index 929fc6558b..6b7fad46b7 100644 --- a/src/detect-tls.c +++ b/src/detect-tls.c @@ -258,7 +258,7 @@ static DetectTlsData *DetectTlsSubjectParse (char *str) int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; const char *str_ptr; - char *orig; + char *orig = NULL; char *tmp_str; uint32_t flag = 0; @@ -304,6 +304,9 @@ static DetectTlsData *DetectTlsSubjectParse (char *str) } tls->subject = SCStrdup(tmp_str); + if (unlikely(tls->subject == NULL)) { + goto error; + } SCFree(orig); @@ -312,6 +315,8 @@ static DetectTlsData *DetectTlsSubjectParse (char *str) return tls; error: + if (orig != NULL) + SCFree(orig); if (tls != NULL) DetectTlsSubjectFree(tls); return NULL; @@ -459,7 +464,7 @@ static DetectTlsData *DetectTlsIssuerDNParse(char *str) int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; const char *str_ptr; - char *orig; + char *orig = NULL; char *tmp_str; uint32_t flag = 0; @@ -506,6 +511,9 @@ static DetectTlsData *DetectTlsIssuerDNParse(char *str) } tls->issuerdn = SCStrdup(tmp_str); + if (unlikely(tls->issuerdn == NULL)) { + goto error; + } SCFree(orig); @@ -514,6 +522,8 @@ static DetectTlsData *DetectTlsIssuerDNParse(char *str) return tls; error: + if (orig != NULL) + SCFree(orig); if (tls != NULL) DetectTlsIssuerDNFree(tls); return NULL; diff --git a/src/log-pcap.c b/src/log-pcap.c index 652379e04c..d42df1ddac 100644 --- a/src/log-pcap.c +++ b/src/log-pcap.c @@ -592,10 +592,11 @@ int PcapLogOpenFileCtx(PcapLogData *pl) if (pl->filename != NULL) filename = pl->filename; else { - filename = pl->filename = SCMalloc(PATH_MAX); - if (filename == NULL) { + filename = SCMalloc(PATH_MAX); + if (unlikely(filename == NULL)) { return -1; } + pl->filename = filename; } /** get the time so we can have a filename with seconds since epoch */ diff --git a/src/output.c b/src/output.c index 33547c3000..5010672023 100644 --- a/src/output.c +++ b/src/output.c @@ -47,17 +47,25 @@ OutputRegisterModule(char *name, char *conf_name, OutputCtx *(*InitFunc)(ConfNode *)) { OutputModule *module = SCCalloc(1, sizeof(*module)); - if (unlikely(module == NULL)) { - SCLogError(SC_ERR_FATAL, "Fatal error encountered in OutputRegisterModule. Exiting..."); - exit(EXIT_FAILURE); - } + if (unlikely(module == NULL)) + goto error; module->name = SCStrdup(name); + if (unlikely(module->name == NULL)) + goto error; module->conf_name = SCStrdup(conf_name); + if (unlikely(module->conf_name == NULL)) + goto error; module->InitFunc = InitFunc; TAILQ_INSERT_TAIL(&output_modules, module, entries); SCLogDebug("Output module \"%s\" registered.", name); + + return; + +error: + SCLogError(SC_ERR_FATAL, "Fatal error encountered in OutputRegisterModule. Exiting..."); + exit(EXIT_FAILURE); } /** diff --git a/src/runmode-pfring.c b/src/runmode-pfring.c index 6acb24f840..1d7613b4d8 100644 --- a/src/runmode-pfring.c +++ b/src/runmode-pfring.c @@ -287,14 +287,25 @@ void *ParsePfringConfig(const char *iface) if (ConfGet("bpf-filter", &bpf_filter) == 1) { if (strlen(bpf_filter) > 0) { pfconf->bpf_filter = SCStrdup(bpf_filter); - SCLogDebug("Going to use command-line provided bpf filter %s", - pfconf->bpf_filter); + if (unlikely(pfconf->bpf_filter == NULL)) { + SCLogError(SC_ERR_MEM_ALLOC, + "Can't allocate BPF filter string"); + } else { + SCLogDebug("Going to use command-line provided bpf filter %s", + pfconf->bpf_filter); + } } } else { if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) { if (strlen(bpf_filter) > 0) { pfconf->bpf_filter = SCStrdup(bpf_filter); - SCLogDebug("Going to use bpf filter %s", pfconf->bpf_filter); + if (unlikely(pfconf->bpf_filter == NULL)) { + SCLogError(SC_ERR_MEM_ALLOC, + "Can't allocate BPF filter string"); + } else { + SCLogDebug("Going to use bpf filter %s", + pfconf->bpf_filter); + } } } } diff --git a/src/runmode-unix-socket.c b/src/runmode-unix-socket.c index fd198c84ff..8a3d017f43 100644 --- a/src/runmode-unix-socket.c +++ b/src/runmode-unix-socket.c @@ -320,6 +320,10 @@ TmEcode UnixSocketPcapFilesCheck(void *data) } } this->currentfile = SCStrdup(cfile->filename); + if (unlikely(this->currentfile == NULL)) { + SCLogError(SC_ERR_MEM_ALLOC, "Failed file name allocation"); + return TM_ECODE_FAILED; + } PcapFilesFree(cfile); SCPerfInitCounterApi(); DefragInit(); diff --git a/src/runmodes.c b/src/runmodes.c index 5f20ed974a..be6ce36ce0 100644 --- a/src/runmodes.c +++ b/src/runmodes.c @@ -374,7 +374,15 @@ void RunModeRegisterNewRunMode(int runmode, const char *name, mode->runmode = runmode; mode->name = SCStrdup(name); + if (unlikely(mode->name == NULL)) { + SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate string"); + exit(EXIT_FAILURE); + } mode->description = SCStrdup(description); + if (unlikely(mode->description == NULL)) { + SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate string"); + exit(EXIT_FAILURE); + } mode->RunModeFunc = RunModeFunc; return; diff --git a/src/source-mpipe.c b/src/source-mpipe.c index b8f835ec8d..7276c29971 100644 --- a/src/source-mpipe.c +++ b/src/source-mpipe.c @@ -1014,6 +1014,10 @@ int MpipeLiveRegisterDevice(char *dev) } nd->dev = SCStrdup(dev); + if (unlikely(nd->dev == NULL)) { + SCFree(nd); + return -1; + } TAILQ_INSERT_TAIL(&mpipe_devices, nd, next); SCLogDebug("Mpipe device \"%s\" registered.", dev); diff --git a/src/source-pfring.c b/src/source-pfring.c index f095603116..90e8ef8af2 100644 --- a/src/source-pfring.c +++ b/src/source-pfring.c @@ -377,6 +377,10 @@ TmEcode ReceivePfringThreadInit(ThreadVars *tv, void *initdata, void **data) { ptv->threads = 1; ptv->interface = SCStrdup(pfconf->iface); + if (unlikely(ptv->interface == NULL)) { + SCLogError(SC_ERR_MEM_ALLOC, "Unable to allocate device string"); + SCReturnInt(TM_ECODE_FAILED); + } ptv->livedev = LiveGetDevice(pfconf->iface); if (ptv->livedev == NULL) { @@ -452,13 +456,17 @@ TmEcode ReceivePfringThreadInit(ThreadVars *tv, void *initdata, void **data) { #ifdef HAVE_PFRING_SET_BPF_FILTER if (pfconf->bpf_filter) { ptv->bpf_filter = SCStrdup(pfconf->bpf_filter); + if (unlikely(ptv->bpf_filter == NULL)) { + SCLogError(SC_ERR_MEM_ALLOC, "Set PF_RING bpf filter failed."); + } else { + SCMutexLock(&pfring_bpf_set_filter_lock); + rc = pfring_set_bpf_filter(ptv->pd, ptv->bpf_filter); + SCMutexUnlock(&pfring_bpf_set_filter_lock); - SCMutexLock(&pfring_bpf_set_filter_lock); - rc = pfring_set_bpf_filter(ptv->pd, ptv->bpf_filter); - SCMutexUnlock(&pfring_bpf_set_filter_lock); - - if (rc < 0) { - SCLogInfo("Set PF_RING bpf filter \"%s\" failed.", ptv->bpf_filter); + if (rc < 0) { + SCLogInfo("Set PF_RING bpf filter \"%s\" failed.", + ptv->bpf_filter); + } } } #endif /* HAVE_PFRING_SET_BPF_FILTER */ diff --git a/src/util-debug.c b/src/util-debug.c index 4da2cc3d4c..f994aae076 100644 --- a/src/util-debug.c +++ b/src/util-debug.c @@ -895,8 +895,13 @@ static inline void SCLogSetOPFilter(SCLogInitData *sc_lid, SCLogConfig *sc_lc) if (filter != NULL && strcmp(filter, "") != 0) { sc_lc->op_filter = SCStrdup(filter); + if (sc_lc->op_filter == NULL) { + printf("pcre filter alloc failed\n"); + return; + } sc_lc->op_filter_regex = pcre_compile(filter, opts, &ep, &eo, NULL); if (sc_lc->op_filter_regex == NULL) { + SCFree(sc_lc->op_filter); printf("pcre compile of \"%s\" failed at offset %d : %s\n", filter, eo, ep); return; diff --git a/src/util-device.c b/src/util-device.c index 14459f0040..55e7286df4 100644 --- a/src/util-device.c +++ b/src/util-device.c @@ -48,6 +48,10 @@ int LiveRegisterDevice(char *dev) } pd->dev = SCStrdup(dev); + if (unlikely(pd->dev == NULL)) { + SCFree(pd); + return -1; + } SC_ATOMIC_INIT(pd->pkts); SC_ATOMIC_INIT(pd->drop); SC_ATOMIC_INIT(pd->invalid_checksums); diff --git a/src/util-proto-name.c b/src/util-proto-name.c index 810d494098..7131593cde 100644 --- a/src/util-proto-name.c +++ b/src/util-proto-name.c @@ -76,6 +76,10 @@ void SCProtoNameInit() } else { known_proto[proto] = SCStrdup(name); } + if (unlikely(known_proto[proto] == NULL)) { + SCLogError(SC_ERR_MEM_ALLOC, "Failed proto name allocation"); + continue; + } int proto_len = strlen(known_proto[proto]); if (proto_len > 0 && known_proto[proto][proto_len - 1] == '\n') known_proto[proto][proto_len - 1] = '\0';