diff options
author | Daniel Stenberg <daniel@haxx.se> | 2015-03-06 23:14:25 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-03-06 23:14:25 +0100 |
commit | 3ac3331e140ba8833905bb9cdcd1e2a07fa36a0d (patch) | |
tree | a032b99edb58c8eec1bc6c824a5db1c8899d4aee /src/tool_metalink.c | |
parent | 163d29826d0bad44385a085d1a057469b8f27b78 (diff) | |
download | curl-3ac3331e140ba8833905bb9cdcd1e2a07fa36a0d.tar.gz |
metalink: add some error checks
malloc() and strdup() calls without checking return codes.
Reported-by: Markus Elfring
Bug: https://github.com/bagder/curl/issues/150
Diffstat (limited to 'src/tool_metalink.c')
-rw-r--r-- | src/tool_metalink.c | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/src/tool_metalink.c b/src/tool_metalink.c index 85d0ff4eb..7f46bb3d4 100644 --- a/src/tool_metalink.c +++ b/src/tool_metalink.c @@ -621,6 +621,8 @@ static int check_hash(const char *filename, } result = malloc(digest_def->dparams->digest_resultlen); + if(!result) + return -1; while(1) { unsigned char buf[4096]; ssize_t len = read(fd, buf, sizeof(buf)); @@ -676,12 +678,17 @@ static metalink_checksum *new_metalink_checksum_from_hex_digest size_t i; size_t len = strlen(hex_digest); digest = malloc(len/2); + if(!digest) + return 0; + for(i = 0; i < len; i += 2) { digest[i/2] = hex_to_uint(hex_digest+i); } chksum = malloc(sizeof(metalink_checksum)); - chksum->digest_def = digest_def; - chksum->digest = digest; + if(chksum) { + chksum->digest_def = digest_def; + chksum->digest = digest; + } return chksum; } @@ -689,8 +696,14 @@ static metalink_resource *new_metalink_resource(const char *url) { metalink_resource *res; res = malloc(sizeof(metalink_resource)); - res->next = NULL; - res->url = strdup(url); + if(res) { + res->next = NULL; + res->url = strdup(url); + if(!res->url) { + free(res); + return NULL; + } + } return res; } @@ -715,8 +728,15 @@ static metalinkfile *new_metalinkfile(metalink_file_t *fileinfo) { metalinkfile *f; f = (metalinkfile*)malloc(sizeof(metalinkfile)); + if(!f) + return NULL; + f->next = NULL; f->filename = strdup(fileinfo->name); + if(!f->filename) { + free(f); + return NULL; + } f->checksum = NULL; f->resource = NULL; if(fileinfo->checksums) { @@ -817,8 +837,10 @@ int parse_metalink(struct OperationConfig *config, struct OutStruct *outs, url = new_getout(config); if(url) { - metalinkfile *mlfile; - mlfile = new_metalinkfile(*files); + metalinkfile *mlfile = new_metalinkfile(*files); + if(!mlfile) + break; + if(!mlfile->checksum) { warnings = TRUE; fprintf(config->global->errors, |