From 2a76a9bc0f5b7d9942cd71be4911963607e2952f Mon Sep 17 00:00:00 2001
From: Hugo Camboulive <hugo.camboulive@gmail.com>
Date: Tue, 24 Feb 2009 01:22:47 +0100
Subject: [PATCH] Add some allocation checks on strdup (not over yet).

---
 ban.c            |  8 ++++++++
 channel.c        | 25 +++++++++++++++++++++++--
 control_packet.c |  1 +
 3 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/ban.c b/ban.c
index d0a3a13..c3af752 100644
--- a/ban.c
+++ b/ban.c
@@ -30,6 +30,14 @@ struct ban *new_ban(uint16_t duration, struct in_addr ip, char *reason)
 	b->duration = duration;
 	b->ip = strdup(inet_ntoa(ip));
 	b->reason = strdup(reason);
+	if (b->ip == NULL || b->reason == NULL) {
+		if (b->ip != NULL)
+			free(b->ip);
+		if (b->reason != NULL)
+			free(b->reason);
+		free(b);
+		return NULL;
+	}
 
 	return b;
 }
diff --git a/channel.c b/channel.c
index 8eb443d..1cd4cdc 100644
--- a/channel.c
+++ b/channel.c
@@ -43,7 +43,6 @@ struct channel *new_channel(char *name, char *topic, char *desc, uint16_t flags,
 {
 	struct channel *chan;
 	chan = (struct channel *)calloc(1, sizeof(struct channel));
-
 	if (chan == NULL) {
 		printf("(EE) new_channel, calloc failed : %s.\n", strerror(errno));
 		return NULL;
@@ -52,7 +51,7 @@ struct channel *new_channel(char *name, char *topic, char *desc, uint16_t flags,
 	bzero(chan->password, 30);
 	chan->players = ar_new(4);
 	chan->players->max_slots = max_users;
-	
+	/* strdup : input strings are secure */
 	chan->name = strdup(name);
 	chan->topic = strdup(topic);
 	chan->desc = strdup(desc);
@@ -60,6 +59,17 @@ struct channel *new_channel(char *name, char *topic, char *desc, uint16_t flags,
 	chan->flags = flags;
 	chan->codec = codec;
 	chan->sort_order = sort_order;
+
+	if (chan->name == NULL || chan->topic == NULL || chan->desc == NULL) {
+		if (chan->name != NULL)
+			free(chan->name);
+		if (chan->topic != NULL)
+			free(chan->topic);
+		if (chan->desc != NULL)
+			free(chan->desc);
+		free(chan);
+		return NULL;
+	}
 	
 	return chan;
 }
@@ -179,10 +189,21 @@ size_t channel_from_data(char *data, int len, struct channel **dst)
 	/* ignore 0xFFFFFFFF field */		ptr += 4;
 	sort_order = *(uint16_t *)ptr;		ptr += 2;
 	max_users = *(uint16_t *)ptr;		ptr += 2;
+	/* FIXME : possibility of buffer overflow in 3 strdup */
 	name = strdup(ptr);			ptr += strlen(name) + 1;
 	topic = strdup(ptr);			ptr += strlen(topic) + 1;
 	desc = strdup(ptr);			ptr += strlen(desc) + 1;
 
+	if (name == NULL || topic == NULL || desc == NULL) {
+		if (name != NULL)
+			free(name);
+		if (topic != NULL)
+			free(topic);
+		if (desc != NULL)
+			free(desc);
+		printf("(WW) channel_from_data, allocation failed : %s.\n", strerror(errno));
+		return 0;
+	}
 	*dst = new_channel(name, topic, desc, flags, codec, sort_order, max_users);
 	return ptr - data;
 }
diff --git a/control_packet.c b/control_packet.c
index 7124b96..37f96ae 100644
--- a/control_packet.c
+++ b/control_packet.c
@@ -10,6 +10,7 @@
 #include <sys/time.h>
 #include <time.h>
 #include <stdio.h>
+#include <errno.h>
 
 #include "server.h"
 #include "channel.h"