Date: Fri, 18 May 2012 16:58:42 -0500 From: Guy Helmer <ghelmer@palisadesys.com> To: freebsd-hackers@freebsd.org Subject: Review of changes for getnetgrent.c Message-ID: <4EE466CC-5F93-485C-8E1F-907F8049FD61@palisadesys.com>
next in thread | raw e-mail | index | archive | help
To close PR bin/83340, I have this change worked up to resolve memory = allocation failure handling and avoid creating bad entries in the grp = list due to memory allocation failures while building a new entry. Before committing, I wanted to run it past others to see if there were = any problems with it. Thanks, Guy > svn diff lib/libc/gen Index: lib/libc/gen/getnetgrent.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- lib/libc/gen/getnetgrent.c (revision 235606) +++ lib/libc/gen/getnetgrent.c (working copy) @@ -203,9 +203,7 @@ if (parse_netgrp(group)) endnetgrent(); else { - grouphead.grname =3D (char *) - malloc(strlen(group) + 1); - strcpy(grouphead.grname, group); + grouphead.grname =3D strdup(group); } if (netf) fclose(netf); @@ -417,7 +415,7 @@ parse_netgrp(const char *group) { char *spos, *epos; - int len, strpos; + int len, strpos, freepos; #ifdef DEBUG int fields; #endif @@ -454,9 +452,9 @@ while (pos !=3D NULL && *pos !=3D '\0') { if (*pos =3D=3D '(') { grp =3D (struct netgrp *)malloc(sizeof (struct = netgrp)); + if (grp =3D=3D NULL) + return(1); bzero((char *)grp, sizeof (struct netgrp)); - grp->ng_next =3D grouphead.gr; - grouphead.gr =3D grp; pos++; gpos =3D strsep(&pos, ")"); #ifdef DEBUG @@ -477,6 +475,13 @@ if (len > 0) { grp->ng_str[strpos] =3D = (char *) malloc(len + 1); + if (grp->ng_str[strpos] = =3D=3D NULL) { + for (freepos =3D = 0; freepos < strpos; freepos++) + if = (grp->ng_str[freepos] !=3D NULL) + = free(grp->ng_str[freepos]); + free(grp); + return(1); + } bcopy(spos, = grp->ng_str[strpos], len + 1); } @@ -490,6 +495,8 @@ grp->ng_str[strpos] =3D NULL; } } + grp->ng_next =3D grouphead.gr; + grouphead.gr =3D grp; #ifdef DEBUG /* * Note: on other platforms, malformed netgroup @@ -526,7 +533,7 @@ static struct linelist * read_for_group(const char *group) { - char *pos, *spos, *linep, *olinep; + char *pos, *spos, *linep; int len, olen; int cont; struct linelist *lp; @@ -534,6 +541,7 @@ #ifdef YP char *result; int resultlen; + linep =3D NULL; =20 while (_netgr_yp_enabled || fgets(line, LINSIZ, netf) !=3D NULL) = { if (_netgr_yp_enabled) { @@ -554,6 +562,7 @@ free(result); } #else + linep =3D NULL; while (fgets(line, LINSIZ, netf) !=3D NULL) { #endif pos =3D (char *)&line; @@ -576,8 +585,14 @@ pos++; if (*pos !=3D '\n' && *pos !=3D '\0') { lp =3D (struct linelist *)malloc(sizeof (*lp)); + if (lp =3D=3D NULL)=20 + return(NULL); lp->l_parsed =3D 0; lp->l_groupname =3D (char *)malloc(len + 1); + if (lp->l_groupname =3D=3D NULL) { + free(lp); + return(NULL); + } bcopy(spos, lp->l_groupname, len); *(lp->l_groupname + len) =3D '\0'; len =3D strlen(pos); @@ -595,15 +610,15 @@ } else cont =3D 0; if (len > 0) { - linep =3D (char *)malloc(olen + = len + 1); - if (olen > 0) { - bcopy(olinep, linep, = olen); - free(olinep); + linep =3D (char = *)reallocf(linep, olen + len + 1); + if (linep =3D=3D NULL) { + free(lp->l_groupname); + free(lp); + return(NULL); } bcopy(pos, linep + olen, len); olen +=3D len; *(linep + olen) =3D '\0'; - olinep =3D linep; } if (cont) { if (fgets(line, LINSIZ, netf)) { @@ -634,5 +649,5 @@ */ rewind(netf); #endif - return ((struct linelist *)0); + return (NULL); } -------- This message has been scanned by ComplianceSafe, powered by Palisade's PacketSure.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EE466CC-5F93-485C-8E1F-907F8049FD61>