Date: Fri, 18 May 2012 16:58:42 -0500 From: Guy Helmer <ghelmer@palisadesys.com> To: freebsd-hackers@freebsd.org Subject: Review of changes for getnetgrent.c Message-ID: <4EE466CC-5F93-485C-8E1F-907F8049FD61@palisadesys.com>
next in thread | raw e-mail | index | archive | help
To close PR bin/83340, I have this change worked up to resolve memory =
allocation failure handling and avoid creating bad entries in the grp =
list due to memory allocation failures while building a new entry.
Before committing, I wanted to run it past others to see if there were =
any problems with it.
Thanks,
Guy
> svn diff lib/libc/gen
Index: lib/libc/gen/getnetgrent.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- lib/libc/gen/getnetgrent.c (revision 235606)
+++ lib/libc/gen/getnetgrent.c (working copy)
@@ -203,9 +203,7 @@
if (parse_netgrp(group))
endnetgrent();
else {
- grouphead.grname =3D (char *)
- malloc(strlen(group) + 1);
- strcpy(grouphead.grname, group);
+ grouphead.grname =3D strdup(group);
}
if (netf)
fclose(netf);
@@ -417,7 +415,7 @@
parse_netgrp(const char *group)
{
char *spos, *epos;
- int len, strpos;
+ int len, strpos, freepos;
#ifdef DEBUG
int fields;
#endif
@@ -454,9 +452,9 @@
while (pos !=3D NULL && *pos !=3D '\0') {
if (*pos =3D=3D '(') {
grp =3D (struct netgrp *)malloc(sizeof (struct =
netgrp));
+ if (grp =3D=3D NULL)
+ return(1);
bzero((char *)grp, sizeof (struct netgrp));
- grp->ng_next =3D grouphead.gr;
- grouphead.gr =3D grp;
pos++;
gpos =3D strsep(&pos, ")");
#ifdef DEBUG
@@ -477,6 +475,13 @@
if (len > 0) {
grp->ng_str[strpos] =3D =
(char *)
malloc(len + 1);
+ if (grp->ng_str[strpos] =
=3D=3D NULL) {
+ for (freepos =3D =
0; freepos < strpos; freepos++)
+ if =
(grp->ng_str[freepos] !=3D NULL)
+ =
free(grp->ng_str[freepos]);
+ free(grp);
+ return(1);
+ }
bcopy(spos, =
grp->ng_str[strpos],
len + 1);
}
@@ -490,6 +495,8 @@
grp->ng_str[strpos] =3D NULL;
}
}
+ grp->ng_next =3D grouphead.gr;
+ grouphead.gr =3D grp;
#ifdef DEBUG
/*
* Note: on other platforms, malformed netgroup
@@ -526,7 +533,7 @@
static struct linelist *
read_for_group(const char *group)
{
- char *pos, *spos, *linep, *olinep;
+ char *pos, *spos, *linep;
int len, olen;
int cont;
struct linelist *lp;
@@ -534,6 +541,7 @@
#ifdef YP
char *result;
int resultlen;
+ linep =3D NULL;
=20
while (_netgr_yp_enabled || fgets(line, LINSIZ, netf) !=3D NULL) =
{
if (_netgr_yp_enabled) {
@@ -554,6 +562,7 @@
free(result);
}
#else
+ linep =3D NULL;
while (fgets(line, LINSIZ, netf) !=3D NULL) {
#endif
pos =3D (char *)&line;
@@ -576,8 +585,14 @@
pos++;
if (*pos !=3D '\n' && *pos !=3D '\0') {
lp =3D (struct linelist *)malloc(sizeof (*lp));
+ if (lp =3D=3D NULL)=20
+ return(NULL);
lp->l_parsed =3D 0;
lp->l_groupname =3D (char *)malloc(len + 1);
+ if (lp->l_groupname =3D=3D NULL) {
+ free(lp);
+ return(NULL);
+ }
bcopy(spos, lp->l_groupname, len);
*(lp->l_groupname + len) =3D '\0';
len =3D strlen(pos);
@@ -595,15 +610,15 @@
} else
cont =3D 0;
if (len > 0) {
- linep =3D (char *)malloc(olen + =
len + 1);
- if (olen > 0) {
- bcopy(olinep, linep, =
olen);
- free(olinep);
+ linep =3D (char =
*)reallocf(linep, olen + len + 1);
+ if (linep =3D=3D NULL) {
+ free(lp->l_groupname);
+ free(lp);
+ return(NULL);
}
bcopy(pos, linep + olen, len);
olen +=3D len;
*(linep + olen) =3D '\0';
- olinep =3D linep;
}
if (cont) {
if (fgets(line, LINSIZ, netf)) {
@@ -634,5 +649,5 @@
*/
rewind(netf);
#endif
- return ((struct linelist *)0);
+ return (NULL);
}
--------
This message has been scanned by ComplianceSafe, powered by Palisade's PacketSure.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EE466CC-5F93-485C-8E1F-907F8049FD61>