From owner-freebsd-bugs@FreeBSD.ORG Tue Jul 12 17:30:16 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C003716A41C for ; Tue, 12 Jul 2005 17:30:16 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F89B43D48 for ; Tue, 12 Jul 2005 17:30:16 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j6CHUGFf061767 for ; Tue, 12 Jul 2005 17:30:16 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j6CHUGPb061766; Tue, 12 Jul 2005 17:30:16 GMT (envelope-from gnats) Resent-Date: Tue, 12 Jul 2005 17:30:16 GMT Resent-Message-Id: <200507121730.j6CHUGPb061766@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dan Lukes Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4507E16A41C for ; Tue, 12 Jul 2005 17:24:21 +0000 (GMT) (envelope-from dan@kulesh.obluda.cz) Received: from kulesh.obluda.cz (kulesh.obluda.cz [193.179.22.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6BEB43D49 for ; Tue, 12 Jul 2005 17:23:59 +0000 (GMT) (envelope-from dan@kulesh.obluda.cz) Received: from kulesh.obluda.cz (localhost.eunet.cz [127.0.0.1]) by kulesh.obluda.cz (8.13.3/8.13.3) with ESMTP id j6CHNqpd016015 for ; Tue, 12 Jul 2005 19:23:52 +0200 (CEST) (envelope-from dan@kulesh.obluda.cz) Received: (from root@localhost) by kulesh.obluda.cz (8.13.3/8.13.1/Submit) id j6CHNq2D016014; Tue, 12 Jul 2005 19:23:52 +0200 (CEST) (envelope-from dan) Message-Id: <200507121723.j6CHNq2D016014@kulesh.obluda.cz> Date: Tue, 12 Jul 2005 19:23:52 +0200 (CEST) From: Dan Lukes To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: bin/83340: [ PATCH ] setnetgrent() and supporting functions don't check malloc for failures X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dan Lukes List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 17:30:17 -0000 >Number: 83340 >Category: bin >Synopsis: [ PATCH ] setnetgrent() and supporting functions don't check malloc for failures >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jul 12 17:30:15 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Dan Lukes >Release: FreeBSD 5.4-STABLE i386 >Organization: >Environment: System: FreeBSD 5.4-STABLE #8: Sat Jul 9 16:31:08 CEST 2005 i386 lib/libc/gen/getnetgrent.c,v 1.31.2.1 2004/11/28 14:10:16 bz >Description: setnetgrent(), parse_netgrp() called from it, read_for_group() called from parse_netgrp() don't check malloc for failures >How-To-Repeat: >Fix: --- patch begins here --- --- lib/libc/gen/getnetgrent.c.ORIG Tue Nov 30 14:52:11 2004 +++ lib/libc/gen/getnetgrent.c Tue Jul 12 19:12:22 2005 @@ -207,9 +207,7 @@ if (parse_netgrp(group)) endnetgrent(); else { - grouphead.grname = (char *) - malloc(strlen(group) + 1); - strcpy(grouphead.grname, group); + grouphead.grname = strdup(group); } if (netf) fclose(netf); @@ -448,6 +446,8 @@ while (pos != NULL && *pos != '\0') { if (*pos == '(') { grp = (struct netgrp *)malloc(sizeof (struct netgrp)); + if (grp == NULL) + return(1); bzero((char *)grp, sizeof (struct netgrp)); grp->ng_next = grouphead.gr; grouphead.gr = grp; @@ -471,6 +471,8 @@ if (len > 0) { grp->ng_str[strpos] = (char *) malloc(len + 1); + if (grp->ng_str[strpos] == NULL) + return(1); bcopy(spos, grp->ng_str[strpos], len + 1); } @@ -520,7 +522,7 @@ static struct linelist * read_for_group(const char *group) { - char *pos, *spos, *linep, *olinep; + char *pos, *spos, *linep; int len, olen; int cont; struct linelist *lp; @@ -570,8 +572,14 @@ pos++; if (*pos != '\n' && *pos != '\0') { lp = (struct linelist *)malloc(sizeof (*lp)); + if (lp == NULL) + return(NULL); lp->l_parsed = 0; lp->l_groupname = (char *)malloc(len + 1); + if (lp->l_groupname == NULL) { + free(lp); + return(NULL); + } bcopy(spos, lp->l_groupname, len); *(lp->l_groupname + len) = '\0'; len = strlen(pos); @@ -589,15 +597,15 @@ } else cont = 0; if (len > 0) { - linep = (char *)malloc(olen + len + 1); - if (olen > 0) { - bcopy(olinep, linep, olen); - free(olinep); + linep = (char *)reallocf(linep, olen + len + 1); + if (linep == NULL) { + free(lp->l_groupname); + free(lp); + return(NULL); } bcopy(pos, linep + olen, len); olen += len; *(linep + olen) = '\0'; - olinep = linep; } if (cont) { if (fgets(line, LINSIZ, netf)) { @@ -628,5 +636,5 @@ */ rewind(netf); #endif - return ((struct linelist *)0); + return (NULL); } --- patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: