diff options
| author | Bill Parker <wp02855@gmail.com> | 2013-07-17 15:30:35 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2013-07-17 16:12:19 -0700 |
| commit | 9b58da986680a92b350f02cd31ff64f30fecd07c (patch) | |
| tree | 3a9bd6255f1f1c06f8812fd68f1be984add69ea0 | |
| parent | 9b2aa351ceb756d6ea63f3158f0e983ae7262da8 (diff) | |
| download | samba-9b58da986680a92b350f02cd31ff64f30fecd07c.tar.gz | |
Fix bug 10025 - Lack of Sanity Checking in calls to malloc()/calloc().
In reviewing various files in Samba-4.0.7, I found a number
of instances where malloc()/calloc() were called without the
checking the return value for a value of NULL, which would
indicate failure.
(NB. The changes needed to ccan, iniparser, popt and heimdal
will be reported upstream, not patched inside Samba).
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Source <idra@samba.org>
| -rw-r--r-- | lib/ntdb/tools/growtdb-bench.c | 16 | ||||
| -rw-r--r-- | lib/ntdb/tools/ntdbtorture.c | 4 | ||||
| -rw-r--r-- | lib/replace/getifaddrs.c | 29 | ||||
| -rw-r--r-- | lib/tdb/test/run-transaction-expand.c | 5 | ||||
| -rw-r--r-- | lib/tdb/tools/tdbtorture.c | 8 | ||||
| -rw-r--r-- | nsswitch/nsstest.c | 4 | ||||
| -rw-r--r-- | source4/librpc/rpc/pyrpc_util.c | 3 | ||||
| -rw-r--r-- | source4/torture/gentest.c | 8 |
8 files changed, 77 insertions, 0 deletions
diff --git a/lib/ntdb/tools/growtdb-bench.c b/lib/ntdb/tools/growtdb-bench.c index 640f87af5a4..aa5a406a543 100644 --- a/lib/ntdb/tools/growtdb-bench.c +++ b/lib/ntdb/tools/growtdb-bench.c @@ -48,12 +48,24 @@ int main(int argc, char *argv[]) idxkey.dsize = strlen("User index"); idxdata.dsize = 51; idxdata.dptr = calloc(idxdata.dsize, 1); + if (idxdata.dptr == NULL) { + fprintf(stderr, "Unable to allocate memory for idxdata.dptr\n"); + return -1; + } /* Create users. */ k.dsize = 48; k.dptr = calloc(k.dsize, 1); + if (k.dptr == NULL) { + fprintf(stderr, "Unable to allocate memory for k.dptr\n"); + return -1; + } d.dsize = 64; d.dptr = calloc(d.dsize, 1); + if (d.dptr == NULL) { + fprintf(stderr, "Unable to allocate memory for d.dptr\n"); + return -1; + } ntdb_transaction_start(ntdb); for (i = 0; i < users; i++) { @@ -79,6 +91,10 @@ int main(int argc, char *argv[]) * a group. */ gk.dsize = 48; gk.dptr = calloc(k.dsize, 1); + if (gk.dptr == NULL) { + fprintf(stderr, "Unable to allocate memory for gk.dptr\n"); + return -1; + } gk.dptr[gk.dsize-1] = 1; d.dsize = 32; diff --git a/lib/ntdb/tools/ntdbtorture.c b/lib/ntdb/tools/ntdbtorture.c index 3bcf3200f2c..7ddb5c3acb6 100644 --- a/lib/ntdb/tools/ntdbtorture.c +++ b/lib/ntdb/tools/ntdbtorture.c @@ -96,6 +96,10 @@ static char *randbuf(int len) char *buf; int i; buf = (char *)malloc(len+1); + if (buf == NULL) { + perror("randbuf: unable to allocate memory for buffer.\n"); + exit(1); + } for (i=0;i<len;i++) { buf[i] = 'a' + (rand() % 26); diff --git a/lib/replace/getifaddrs.c b/lib/replace/getifaddrs.c index 8da022f270d..f07d7005e4b 100644 --- a/lib/replace/getifaddrs.c +++ b/lib/replace/getifaddrs.c @@ -113,11 +113,23 @@ int rep_getifaddrs(struct ifaddrs **ifap) for (i=n-1; i>=0; i--) { if (ioctl(fd, SIOCGIFFLAGS, &ifr[i]) == -1) { freeifaddrs(*ifap); + close(fd); return -1; } curif = calloc(1, sizeof(struct ifaddrs)); + if (curif == NULL) { + freeifaddrs(*ifap); + close(fd); + return -1; + } curif->ifa_name = strdup(ifr[i].ifr_name); + if (curif->ifa_name == NULL) { + free(curif); + freeifaddrs(*ifap); + close(fd); + return -1; + } curif->ifa_flags = ifr[i].ifr_flags; curif->ifa_dstaddr = NULL; curif->ifa_data = NULL; @@ -126,11 +138,28 @@ int rep_getifaddrs(struct ifaddrs **ifap) curif->ifa_addr = NULL; if (ioctl(fd, SIOCGIFADDR, &ifr[i]) != -1) { curif->ifa_addr = sockaddr_dup(&ifr[i].ifr_addr); + if (curif->ifa_addr == NULL) { + free(curif->ifa_name); + free(curif); + freeifaddrs(*ifap); + close(fd); + return -1; + } } curif->ifa_netmask = NULL; if (ioctl(fd, SIOCGIFNETMASK, &ifr[i]) != -1) { curif->ifa_netmask = sockaddr_dup(&ifr[i].ifr_addr); + if (curif->ifa_netmask == NULL) { + if (curif->ifa_addr != NULL) { + free(curif->ifa_addr); + } + free(curif->ifa_name); + free(curif); + freeifaddrs(*ifap); + close(fd); + return -1; + } } if (lastif == NULL) { diff --git a/lib/tdb/test/run-transaction-expand.c b/lib/tdb/test/run-transaction-expand.c index 1271d92b331..d62c76a88cf 100644 --- a/lib/tdb/test/run-transaction-expand.c +++ b/lib/tdb/test/run-transaction-expand.c @@ -73,6 +73,11 @@ int main(int argc, char *argv[]) data.dsize = 0; data.dptr = calloc(1000, getpagesize()); + if (data.dptr == NULL) { + diag("Unable to allocate memory for data.dptr"); + tdb_close(tdb); + exit(1); + } /* Simulate a slowly growing record. */ for (i = 0; i < 1000; i++) diff --git a/lib/tdb/tools/tdbtorture.c b/lib/tdb/tools/tdbtorture.c index a23d1543e57..5ae08f662a9 100644 --- a/lib/tdb/tools/tdbtorture.c +++ b/lib/tdb/tools/tdbtorture.c @@ -342,7 +342,15 @@ int main(int argc, char * const *argv) } pids = (pid_t *)calloc(sizeof(pid_t), num_procs); + if (pids == NULL) { + perror("Unable to allocate memory for pids"); + exit(1); + } done = (int *)calloc(sizeof(int), num_procs); + if (done == NULL) { + perror("Unable to allocate memory for done"); + exit(1); + } if (pipe(pfds) != 0) { perror("Creating pipe"); diff --git a/nsswitch/nsstest.c b/nsswitch/nsstest.c index 39d03424fab..4b3d0a4301c 100644 --- a/nsswitch/nsstest.c +++ b/nsswitch/nsstest.c @@ -371,6 +371,10 @@ static void nss_test_initgroups(char *name, gid_t gid) NSS_STATUS status; groups = (gid_t *)malloc(sizeof(gid_t) * size); + if (groups == NULL) { + printf("Unable to allocate memory for groups\n"); + return; + } groups[0] = gid; status = nss_initgroups(name, gid, &groups, &start, &size); diff --git a/source4/librpc/rpc/pyrpc_util.c b/source4/librpc/rpc/pyrpc_util.c index a000c76907d..ab6caac8ff2 100644 --- a/source4/librpc/rpc/pyrpc_util.c +++ b/source4/librpc/rpc/pyrpc_util.c @@ -246,6 +246,9 @@ bool PyInterface_AddNdrRpcMethods(PyTypeObject *ifacetype, const struct PyNdrRpc PyObject *ret; struct wrapperbase *wb = (struct wrapperbase *)calloc(sizeof(struct wrapperbase), 1); + if (wb == NULL) { + return false; + } wb->name = discard_const_p(char, mds[i].name); wb->flags = PyWrapperFlag_KEYWORDS; wb->wrapper = (wrapperfunc)py_dcerpc_call_wrapper; diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index 91b60e2c4e7..f3c4c20e531 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -3068,9 +3068,17 @@ static bool start_gentest(struct tevent_context *ev, /* allocate the open_handles array */ open_handles = calloc(options.max_open_handles, sizeof(open_handles[0])); + if (open_handles == NULL) { + printf("Unable to allocate memory for open_handles array.\n"); + exit(1); + } srandom(options.seed); op_parms = calloc(options.numops, sizeof(op_parms[0])); + if (op_parms == NULL) { + printf("Unable to allocate memory for op_parms.\n"); + exit(1); + } /* generate the seeds - after this everything is deterministic */ if (options.use_preset_seeds) { |