Add some allocation checks on strdup (not over yet).

Youx · Feb 24, 2009 · 2a76a9b · 2a76a9b
1 parent 6cce817
commit 2a76a9b
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 2 deletions.
diff --git a/ban.c b/ban.c
@@ -30,6 +30,14 @@ struct ban *new_ban(uint16_t duration, struct in_addr ip, char *reason)
 	b->duration = duration;
 	b->ip = strdup(inet_ntoa(ip));
 	b->reason = strdup(reason);
+	if (b->ip == NULL || b->reason == NULL) {
+		if (b->ip != NULL)
+			free(b->ip);
+		if (b->reason != NULL)
+			free(b->reason);
+		free(b);
+		return NULL;
+	}
 
 	return b;
 }

diff --git a/channel.c b/channel.c
@@ -43,7 +43,6 @@ struct channel *new_channel(char *name, char *topic, char *desc, uint16_t flags,
 {
 	struct channel *chan;
 	chan = (struct channel *)calloc(1, sizeof(struct channel));
-
 	if (chan == NULL) {
 		printf("(EE) new_channel, calloc failed : %s.\n", strerror(errno));
 		return NULL;
@@ -52,14 +51,25 @@ struct channel *new_channel(char *name, char *topic, char *desc, uint16_t flags,
 	bzero(chan->password, 30);
 	chan->players = ar_new(4);
 	chan->players->max_slots = max_users;
-
+	/* strdup : input strings are secure */
 	chan->name = strdup(name);
 	chan->topic = strdup(topic);
 	chan->desc = strdup(desc);
 
 	chan->flags = flags;
 	chan->codec = codec;
 	chan->sort_order = sort_order;
+
+	if (chan->name == NULL || chan->topic == NULL || chan->desc == NULL) {
+		if (chan->name != NULL)
+			free(chan->name);
+		if (chan->topic != NULL)
+			free(chan->topic);
+		if (chan->desc != NULL)
+			free(chan->desc);
+		free(chan);
+		return NULL;
+	}
 
 	return chan;
 }
@@ -179,10 +189,21 @@ size_t channel_from_data(char *data, int len, struct channel **dst)
 	/* ignore 0xFFFFFFFF field */		ptr += 4;
 	sort_order = *(uint16_t *)ptr;		ptr += 2;
 	max_users = *(uint16_t *)ptr;		ptr += 2;
+	/* FIXME : possibility of buffer overflow in 3 strdup */
 	name = strdup(ptr);			ptr += strlen(name) + 1;
 	topic = strdup(ptr);			ptr += strlen(topic) + 1;
 	desc = strdup(ptr);			ptr += strlen(desc) + 1;
 
+	if (name == NULL || topic == NULL || desc == NULL) {
+		if (name != NULL)
+			free(name);
+		if (topic != NULL)
+			free(topic);
+		if (desc != NULL)
+			free(desc);
+		printf("(WW) channel_from_data, allocation failed : %s.\n", strerror(errno));
+		return 0;
+	}
 	*dst = new_channel(name, topic, desc, flags, codec, sort_order, max_users);
 	return ptr - data;
 }
diff --git a/control_packet.c b/control_packet.c
@@ -10,6 +10,7 @@
 #include <sys/time.h>
 #include <time.h>
 #include <stdio.h>
+#include <errno.h>
 
 #include "server.h"
 #include "channel.h"