summaryrefslogtreecommitdiff
path: root/src/tool_metalink.c
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2015-03-06 23:14:25 +0100
committerDaniel Stenberg <daniel@haxx.se>2015-03-06 23:14:25 +0100
commit3ac3331e140ba8833905bb9cdcd1e2a07fa36a0d (patch)
treea032b99edb58c8eec1bc6c824a5db1c8899d4aee /src/tool_metalink.c
parent163d29826d0bad44385a085d1a057469b8f27b78 (diff)
downloadcurl-3ac3331e140ba8833905bb9cdcd1e2a07fa36a0d.tar.gz
metalink: add some error checks
malloc() and strdup() calls without checking return codes. Reported-by: Markus Elfring Bug: https://github.com/bagder/curl/issues/150
Diffstat (limited to 'src/tool_metalink.c')
-rw-r--r--src/tool_metalink.c34
1 files changed, 28 insertions, 6 deletions
diff --git a/src/tool_metalink.c b/src/tool_metalink.c
index 85d0ff4eb..7f46bb3d4 100644
--- a/src/tool_metalink.c
+++ b/src/tool_metalink.c
@@ -621,6 +621,8 @@ static int check_hash(const char *filename,
}
result = malloc(digest_def->dparams->digest_resultlen);
+ if(!result)
+ return -1;
while(1) {
unsigned char buf[4096];
ssize_t len = read(fd, buf, sizeof(buf));
@@ -676,12 +678,17 @@ static metalink_checksum *new_metalink_checksum_from_hex_digest
size_t i;
size_t len = strlen(hex_digest);
digest = malloc(len/2);
+ if(!digest)
+ return 0;
+
for(i = 0; i < len; i += 2) {
digest[i/2] = hex_to_uint(hex_digest+i);
}
chksum = malloc(sizeof(metalink_checksum));
- chksum->digest_def = digest_def;
- chksum->digest = digest;
+ if(chksum) {
+ chksum->digest_def = digest_def;
+ chksum->digest = digest;
+ }
return chksum;
}
@@ -689,8 +696,14 @@ static metalink_resource *new_metalink_resource(const char *url)
{
metalink_resource *res;
res = malloc(sizeof(metalink_resource));
- res->next = NULL;
- res->url = strdup(url);
+ if(res) {
+ res->next = NULL;
+ res->url = strdup(url);
+ if(!res->url) {
+ free(res);
+ return NULL;
+ }
+ }
return res;
}
@@ -715,8 +728,15 @@ static metalinkfile *new_metalinkfile(metalink_file_t *fileinfo)
{
metalinkfile *f;
f = (metalinkfile*)malloc(sizeof(metalinkfile));
+ if(!f)
+ return NULL;
+
f->next = NULL;
f->filename = strdup(fileinfo->name);
+ if(!f->filename) {
+ free(f);
+ return NULL;
+ }
f->checksum = NULL;
f->resource = NULL;
if(fileinfo->checksums) {
@@ -817,8 +837,10 @@ int parse_metalink(struct OperationConfig *config, struct OutStruct *outs,
url = new_getout(config);
if(url) {
- metalinkfile *mlfile;
- mlfile = new_metalinkfile(*files);
+ metalinkfile *mlfile = new_metalinkfile(*files);
+ if(!mlfile)
+ break;
+
if(!mlfile->checksum) {
warnings = TRUE;
fprintf(config->global->errors,