all BUGFIX memory allocation error checks
diff --git a/src/io.c b/src/io.c
index 45eb3f0..33c2af7 100644
--- a/src/io.c
+++ b/src/io.c
@@ -155,7 +155,7 @@
return 0;
}
- *chunk = malloc ((len + 1) * sizeof **chunk);
+ *chunk = malloc((len + 1) * sizeof **chunk);
if (!*chunk) {
ERRMEM;
return -1;
@@ -187,7 +187,7 @@
} else {
size = BUFFERSIZE;
}
- chunk = malloc ((size + 1) * sizeof *chunk);
+ chunk = malloc((size + 1) * sizeof *chunk);
if (!chunk) {
ERRMEM;
return -1;
@@ -206,13 +206,11 @@
if (count == size) {
/* get more memory */
size = size + BUFFERSIZE;
- char *tmp = realloc (chunk, (size + 1) * sizeof *tmp);
- if (!tmp) {
+ chunk = realloc(chunk, (size + 1) * sizeof *chunk);
+ if (!chunk) {
ERRMEM;
- free(chunk);
return -1;
}
- chunk = tmp;
}
/* get another character */
@@ -249,7 +247,7 @@
nc_read_msg(struct nc_session *session, struct lyxml_elem **data)
{
int ret;
- char *msg = NULL, *chunk, *aux;
+ char *msg = NULL, *chunk;
uint64_t chunk_len, len = 0;
struct nc_server_reply *reply;
@@ -304,12 +302,11 @@
}
/* realloc message buffer, remember to count terminating null byte */
- aux = realloc(msg, len + chunk_len + 1);
- if (!aux) {
+ msg = realloc(msg, len + chunk_len + 1);
+ if (!msg) {
ERRMEM;
goto error;
}
- msg = aux;
memcpy(msg + len, chunk, chunk_len);
len += chunk_len;
msg[len] = '\0';
@@ -893,6 +890,10 @@
count = asprintf(&buf, "<rpc xmlns=\"%s\" message-id=\"%"PRIu64"\"%s>",
NC_NS_BASE, session->msgid + 1, attrs ? attrs : "");
+ if (count == -1) {
+ ERRMEM;
+ return -1;
+ }
nc_write_clb((void *)&arg, buf, count);
free(buf);
lyd_print_clb(nc_write_clb, (void *)&arg, content, LYD_XML, LYP_WITHSIBLINGS);
@@ -950,15 +951,30 @@
sid = va_arg(ap, uint32_t*);
count = asprintf(&buf, "<hello xmlns=\"%s\"><capabilities>", NC_NS_BASE);
+ if (count == -1) {
+ ERRMEM;
+ va_end(ap);
+ return -1;
+ }
nc_write_clb((void *)&arg, buf, count);
free(buf);
for (i = 0; capabilities[i]; i++) {
count = asprintf(&buf, "<capability>%s</capability>", capabilities[i]);
+ if (count == -1) {
+ ERRMEM;
+ va_end(ap);
+ return -1;
+ }
nc_write_clb((void *)&arg, buf, count);
free(buf);
}
if (sid) {
count = asprintf(&buf, "</capabilities><session-id>%u</session-id></hello>", *sid);
+ if (count == -1) {
+ ERRMEM;
+ va_end(ap);
+ return -1;
+ }
nc_write_clb((void *)&arg, buf, count);
free(buf);
} else {
@@ -982,3 +998,16 @@
return 0;
}
+
+void *
+nc_realloc(void *ptr, size_t size)
+{
+ void *ret;
+
+ ret = realloc(ptr, size);
+ if (!ret) {
+ free(ptr);
+ }
+
+ return ret;
+}
diff --git a/src/messages_server.c b/src/messages_server.c
index 744f59a..b549a02 100644
--- a/src/messages_server.c
+++ b/src/messages_server.c
@@ -87,6 +87,11 @@
ret->type = NC_RPL_ERROR;
ret->err = malloc(sizeof *ret->err);
+ if (!ret->err) {
+ ERRMEM;
+ free(ret);
+ return NULL;
+ }
ret->err[0] = err;
ret->count = 1;
return (struct nc_server_reply *)ret;
@@ -104,7 +109,11 @@
err_rpl = (struct nc_server_reply_error *)reply;
++err_rpl->count;
- err_rpl->err = realloc(err_rpl->err, err_rpl->count * sizeof *err_rpl->err);
+ err_rpl->err = nc_realloc(err_rpl->err, err_rpl->count * sizeof *err_rpl->err);
+ if (!err_rpl->err) {
+ ERRMEM;
+ return -1;
+ }
err_rpl->err[err_rpl->count - 1] = err;
return 0;
}
@@ -368,7 +377,11 @@
}
++err->attr_count;
- err->attr = realloc(err->attr, err->attr_count * sizeof *err->attr);
+ err->attr = nc_realloc(err->attr, err->attr_count * sizeof *err->attr);
+ if (!err->attr) {
+ ERRMEM;
+ return -1;
+ }
err->attr[err->attr_count - 1] = lydict_insert(server_opts.ctx, attr_name, 0);
return 0;
@@ -383,7 +396,11 @@
}
++err->elem_count;
- err->elem = realloc(err->elem, err->elem_count * sizeof *err->elem);
+ err->elem = nc_realloc(err->elem, err->elem_count * sizeof *err->elem);
+ if (!err->elem) {
+ ERRMEM;
+ return -1;
+ }
err->elem[err->elem_count - 1] = lydict_insert(server_opts.ctx, elem_name, 0);
return 0;
@@ -398,7 +415,11 @@
}
++err->ns_count;
- err->ns = realloc(err->ns, err->ns_count * sizeof *err->ns);
+ err->ns = nc_realloc(err->ns, err->ns_count * sizeof *err->ns);
+ if (!err->ns) {
+ ERRMEM;
+ return -1;
+ }
err->ns[err->ns_count - 1] = lydict_insert(server_opts.ctx, ns_name, 0);
return 0;
@@ -413,7 +434,11 @@
}
++err->other_count;
- err->other = realloc(err->other, err->other_count * sizeof *err->other);
+ err->other = nc_realloc(err->other, err->other_count * sizeof *err->other);
+ if (!err->other) {
+ ERRMEM;
+ return -1;
+ }
err->other[err->other_count - 1] = other;
return 0;
}
diff --git a/src/session.c b/src/session.c
index 8fa42cd..08315ec 100644
--- a/src/session.c
+++ b/src/session.c
@@ -474,7 +474,11 @@
{
if (*count == *size) {
*size += 5;
- *cpblts = realloc(*cpblts, *size * sizeof **cpblts);
+ *cpblts = nc_realloc(*cpblts, *size * sizeof **cpblts);
+ if (!(*cpblts)) {
+ ERRMEM;
+ return;
+ }
}
if (capab) {
@@ -501,6 +505,10 @@
}
cpblts = malloc(size * sizeof *cpblts);
+ if (!cpblts) {
+ ERRMEM;
+ return NULL;
+ }
cpblts[0] = lydict_insert(ctx, "urn:ietf:params:netconf:base:1.0", 0);
cpblts[1] = lydict_insert(ctx, "urn:ietf:params:netconf:base:1.1", 0);
count = 2;
@@ -596,7 +604,12 @@
} else if (!strcmp(child2->schema->name, "revision")) {
rev = (struct lyd_node_leaf_list *)child2;
} else if (!strcmp(child2->schema->name, "feature")) {
- features = realloc(features, ++feat_count * sizeof *features);
+ features = nc_realloc(features, ++feat_count * sizeof *features);
+ if (!features) {
+ ERRMEM;
+ free(cpblts);
+ return NULL;
+ }
features[feat_count - 1] = (struct lyd_node_leaf_list *)child2;
}
}
@@ -703,6 +716,10 @@
/* client side hello - send only NETCONF base capabilities */
cpblts = malloc(3 * sizeof *cpblts);
+ if (!cpblts) {
+ ERRMEM;
+ return NC_MSG_ERROR;
+ }
cpblts[0] = lydict_insert(session->ctx, "urn:ietf:params:netconf:base:1.0", 0);
cpblts[1] = lydict_insert(session->ctx, "urn:ietf:params:netconf:base:1.1", 0);
cpblts[2] = NULL;
@@ -994,6 +1011,10 @@
SSL_library_init();
tls_locks = malloc(CRYPTO_num_locks() * sizeof *tls_locks);
+ if (!tls_locks) {
+ ERRMEM;
+ return;
+ }
for (i = 0; i < CRYPTO_num_locks(); ++i) {
pthread_mutex_init(tls_locks + i, NULL);
}
diff --git a/src/session_client.c b/src/session_client.c
index 18c5bb4..fbb270b 100644
--- a/src/session_client.c
+++ b/src/session_client.c
@@ -507,6 +507,11 @@
cont_ptr = &((*cont_ptr)->next);
}
*cont_ptr = malloc(sizeof **cont_ptr);
+ if (!*cont_ptr) {
+ ERRMEM;
+ lyxml_free(session->ctx, xml);
+ return NC_MSG_ERROR;
+ }
(*cont_ptr)->msg = xml;
(*cont_ptr)->next = NULL;
}
@@ -526,6 +531,11 @@
cont_ptr = &((*cont_ptr)->next);
}
*cont_ptr = malloc(sizeof **cont_ptr);
+ if (!cont_ptr) {
+ ERRMEM;
+ lyxml_free(session->ctx, xml);
+ return NC_MSG_ERROR;
+ }
(*cont_ptr)->msg = xml;
(*cont_ptr)->next = NULL;
}
@@ -656,15 +666,27 @@
}
} else if (!strcmp(info->name, "bad-attr")) {
++err->attr_count;
- err->attr = realloc(err->attr, err->attr_count * sizeof *err->attr);
+ err->attr = nc_realloc(err->attr, err->attr_count * sizeof *err->attr);
+ if (!err->attr) {
+ ERRMEM;
+ return;
+ }
err->attr[err->attr_count - 1] = lydict_insert(ctx, (info->content ? info->content : ""), 0);
} else if (!strcmp(info->name, "bad-element")) {
++err->elem_count;
- err->elem = realloc(err->elem, err->elem_count * sizeof *err->elem);
+ err->elem = nc_realloc(err->elem, err->elem_count * sizeof *err->elem);
+ if (!err->elem) {
+ ERRMEM;
+ return;
+ }
err->elem[err->elem_count - 1] = lydict_insert(ctx, (info->content ? info->content : ""), 0);
} else if (!strcmp(info->name, "bad-namespace")) {
++err->ns_count;
- err->ns = realloc(err->ns, err->ns_count * sizeof *err->ns);
+ err->ns = nc_realloc(err->ns, err->ns_count * sizeof *err->ns);
+ if (!err->ns) {
+ ERRMEM;
+ return;
+ }
err->ns[err->ns_count - 1] = lydict_insert(ctx, (info->content ? info->content : ""), 0);
} else {
if (info->content) {
@@ -677,7 +699,11 @@
} else {
lyxml_unlink(ctx, info);
++err->other_count;
- err->other = realloc(err->other, err->other_count * sizeof *err->other);
+ err->other = nc_realloc(err->other, err->other_count * sizeof *err->other);
+ if (!err->other) {
+ ERRMEM;
+ return;
+ }
err->other[err->other_count - 1] = info;
}
}
@@ -727,8 +753,17 @@
}
error_rpl = malloc(sizeof *error_rpl);
+ if (!error_rpl) {
+ ERRMEM;
+ return NULL;
+ }
error_rpl->type = NC_RPL_ERROR;
error_rpl->err = calloc(i, sizeof *error_rpl->err);
+ if (!error_rpl->err) {
+ ERRMEM;
+ free(error_rpl);
+ return NULL;
+ }
error_rpl->count = i;
error_rpl->ctx = ctx;
reply = (struct nc_reply *)error_rpl;
@@ -746,6 +781,10 @@
return NULL;
}
reply = malloc(sizeof *reply);
+ if (!reply) {
+ ERRMEM;
+ return NULL;
+ }
reply->type = NC_RPL_OK;
/* some RPC output */
@@ -777,6 +816,10 @@
if (!xml->child->child) {
/* we did not receive any data */
data_rpl = malloc(sizeof *data_rpl);
+ if (!data_rpl) {
+ ERRMEM;
+ return NULL;
+ }
data_rpl->type = NC_RPL_DATA;
data_rpl->data = NULL;
return (struct nc_reply *)data_rpl;
@@ -819,6 +862,10 @@
}
data_rpl = malloc(sizeof *data_rpl);
+ if (!data_rpl) {
+ ERRMEM;
+ return NULL;
+ }
data_rpl->type = NC_RPL_DATA;
if (!data) {
data_rpl->data = lyd_parse_xml(ctx, &xml->child, LYD_OPT_DESTRUCT | LYD_OPT_RPCREPLY | parseroptions, schema);
@@ -855,9 +902,17 @@
}
++client_opts.ch_bind_count;
- client_opts.ch_binds = realloc(client_opts.ch_binds, client_opts.ch_bind_count * sizeof *client_opts.ch_binds);
+ client_opts.ch_binds = nc_realloc(client_opts.ch_binds, client_opts.ch_bind_count * sizeof *client_opts.ch_binds);
+ if (!client_opts.ch_binds) {
+ ERRMEM;
+ return -1;
+ }
client_opts.ch_binds[client_opts.ch_bind_count - 1].address = strdup(address);
+ if (!client_opts.ch_binds[client_opts.ch_bind_count - 1].address) {
+ ERRMEM;
+ return -1;
+ }
client_opts.ch_binds[client_opts.ch_bind_count - 1].port = port;
client_opts.ch_binds[client_opts.ch_bind_count - 1].sock = sock;
client_opts.ch_binds[client_opts.ch_bind_count - 1].ti = ti;
@@ -1014,6 +1069,11 @@
if (msgtype == NC_MSG_NOTIF) {
*notif = calloc(1, sizeof **notif);
+ if (!*notif) {
+ ERRMEM;
+ lyxml_free(session->ctx, xml);
+ return NC_MSG_ERROR;
+ }
/* eventTime */
LY_TREE_FOR(xml->child, ev_time) {
@@ -1101,11 +1161,20 @@
}
ntarg = malloc(sizeof *ntarg);
+ if (!ntarg) {
+ ERRMEM;
+ return -1;
+ }
ntarg->session = session;
ntarg->notif_clb = notif_clb;
/* just so that nc_recv_notif_thread() does not immediately exit, the value does not matter */
session->ntf_tid = malloc(sizeof *session->ntf_tid);
+ if (!session->ntf_tid) {
+ ERRMEM;
+ free(ntarg);
+ return -1;
+ }
ret = pthread_create((pthread_t *)session->ntf_tid, NULL, nc_recv_notif_thread, ntarg);
if (ret) {
diff --git a/src/session_client_ssh.c b/src/session_client_ssh.c
index 30dda6c..8ab6694 100644
--- a/src/session_client_ssh.c
+++ b/src/session_client_ssh.c
@@ -304,7 +304,7 @@
static char *
sshauth_password(const char *username, const char *hostname)
{
- char *buf, *newbuf;
+ char *buf;
int buflen = 1024, len = 0;
char c = 0;
struct termios newterm, oldterm;
@@ -345,22 +345,16 @@
while ((fread(&c, 1, 1, tty) == 1) && (c != '\n')) {
if (len >= buflen - 1) {
buflen *= 2;
- newbuf = realloc(buf, buflen * sizeof *newbuf);
- if (!newbuf) {
+ buf = nc_realloc(buf, buflen * sizeof *buf);
+ if (!buf) {
ERRMEM;
- /* remove content of the buffer */
- memset(buf, 0, len);
- free(buf);
-
/* restore terminal settings */
if (tcsetattr(fileno(tty), TCSANOW, &oldterm) != 0) {
ERR("Unable to restore terminal settings (%s).", strerror(errno));
}
fclose(tty);
return NULL;
- } else {
- buf = newbuf;
}
}
buf[len++] = c;
@@ -388,7 +382,7 @@
unsigned int buflen = 8, response_len;
char c = 0;
struct termios newterm, oldterm;
- char *newtext, *response;
+ char *response;
FILE *tty;
if (!(tty = fopen("/dev/tty", "r+"))) {
@@ -449,10 +443,9 @@
while ((fread(&c, 1, 1, tty) == 1) && (c != '\n')) {
if (response_len >= buflen - 1) {
buflen *= 2;
- newtext = realloc(response, buflen * sizeof *newtext);
- if (!newtext) {
+ response = nc_realloc(response, buflen * sizeof *response);
+ if (!response) {
ERRMEM;
- free(response);
/* restore terminal settings */
if (tcsetattr(fileno(tty), TCSANOW, &oldterm)) {
@@ -460,8 +453,6 @@
}
fclose(tty);
return NULL;
- } else {
- response = newtext;
}
}
response[response_len++] = c;
@@ -487,7 +478,7 @@
static char *
sshauth_privkey_passphrase(const char* privkey_path)
{
- char c, *buf, *newbuf;
+ char c, *buf;
int buflen = 1024, len = 0;
struct termios newterm, oldterm;
FILE *tty;
@@ -524,8 +515,8 @@
while ((fread(&c, 1, 1, tty) == 1) && (c != '\n')) {
if (len >= buflen - 1) {
buflen *= 2;
- newbuf = realloc(buf, buflen * sizeof *newbuf);
- if (!newbuf) {
+ buf = nc_realloc(buf, buflen * sizeof *buf);
+ if (!buf) {
ERRMEM;
/* restore terminal settings */
if (tcsetattr(fileno(tty), TCSANOW, &oldterm)) {
@@ -533,7 +524,6 @@
}
goto fail;
}
- buf = newbuf;
}
buf[len++] = (char)c;
}
@@ -688,11 +678,20 @@
/* add the keys */
++opts->key_count;
- opts->keys = realloc(opts->keys, opts->key_count * sizeof *opts->keys);
+ opts->keys = nc_realloc(opts->keys, opts->key_count * sizeof *opts->keys);
+ if (!opts->keys) {
+ ERRMEM;
+ return -1;
+ }
opts->keys[opts->key_count - 1].pubkey_path = strdup(pub_key);
opts->keys[opts->key_count - 1].privkey_path = strdup(priv_key);
opts->keys[opts->key_count - 1].privkey_crypt = 0;
+ if (!opts->keys[opts->key_count - 1].pubkey_path || !opts->keys[opts->key_count - 1].privkey_path) {
+ ERRMEM;
+ return -1;
+ }
+
/* check encryption */
if ((key = fopen(priv_key, "r"))) {
/* 1st line - key type */
@@ -744,7 +743,11 @@
memcpy(&opts->keys[idx], &opts->keys[opts->key_count], sizeof *opts->keys);
}
if (opts->key_count) {
- opts->keys = realloc(opts->keys, opts->key_count * sizeof *opts->keys);
+ opts->keys = nc_realloc(opts->keys, opts->key_count * sizeof *opts->keys);
+ if (!opts->keys) {
+ ERRMEM;
+ return -1;
+ }
} else {
free(opts->keys);
opts->keys = NULL;
@@ -1202,6 +1205,10 @@
/* remember host */
host = strdup("localhost");
+ if (!host) {
+ ERRMEM;
+ goto fail;
+ }
ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_HOST, host);
/* create and connect socket */
@@ -1232,6 +1239,10 @@
} else {
username = strdup(opts->username);
}
+ if (!username) {
+ ERRMEM;
+ goto fail;
+ }
ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_USER, username);
}
diff --git a/src/session_p.h b/src/session_p.h
index 1166b49..e786fef 100644
--- a/src/session_p.h
+++ b/src/session_p.h
@@ -283,6 +283,8 @@
void (*notif_clb)(struct nc_session *session, const struct nc_notif *notif);
};
+void *nc_realloc(void *ptr, size_t size);
+
NC_MSG_TYPE nc_send_msg(struct nc_session *session, struct lyd_node *op);
int nc_timedlock(pthread_mutex_t *lock, int timeout, int *elapsed);
diff --git a/src/session_server.c b/src/session_server.c
index 851bf80..a0b270f 100644
--- a/src/session_server.c
+++ b/src/session_server.c
@@ -176,6 +176,11 @@
int ret, sock = -1;
pfd = malloc(bind_count * sizeof *pfd);
+ if (!pfd) {
+ ERRMEM;
+ return -1;
+ }
+
for (i = 0; i < bind_count; ++i) {
pfd[i].fd = binds[i].sock;
pfd[i].events = POLLIN;
@@ -222,25 +227,33 @@
if (host) {
if (saddr.ss_family == AF_INET) {
*host = malloc(15);
- if (!inet_ntop(AF_INET, &((struct sockaddr_in *)&saddr)->sin_addr.s_addr, *host, 15)) {
- ERR("inet_ntop failed (%s).", strerror(errno));
- free(*host);
- *host = NULL;
- }
+ if (*host) {
+ if (!inet_ntop(AF_INET, &((struct sockaddr_in *)&saddr)->sin_addr.s_addr, *host, 15)) {
+ ERR("inet_ntop failed (%s).", strerror(errno));
+ free(*host);
+ *host = NULL;
+ }
- if (port) {
- *port = ntohs(((struct sockaddr_in *)&saddr)->sin_port);
+ if (port) {
+ *port = ntohs(((struct sockaddr_in *)&saddr)->sin_port);
+ }
+ } else {
+ ERRMEM;
}
} else if (saddr.ss_family == AF_INET6) {
*host = malloc(40);
- if (!inet_ntop(AF_INET6, ((struct sockaddr_in6 *)&saddr)->sin6_addr.s6_addr, *host, 40)) {
- ERR("inet_ntop failed (%s).", strerror(errno));
- free(*host);
- *host = NULL;
- }
+ if (*host) {
+ if (!inet_ntop(AF_INET6, ((struct sockaddr_in6 *)&saddr)->sin6_addr.s6_addr, *host, 40)) {
+ ERR("inet_ntop failed (%s).", strerror(errno));
+ free(*host);
+ *host = NULL;
+ }
- if (port) {
- *port = ntohs(((struct sockaddr_in6 *)&saddr)->sin6_port);
+ if (port) {
+ *port = ntohs(((struct sockaddr_in6 *)&saddr)->sin6_port);
+ }
+ } else {
+ ERRMEM;
}
} else {
ERR("Source host of an unknown protocol family.");
@@ -447,6 +460,10 @@
struct nc_pollsession *ps;
ps = calloc(1, sizeof(struct nc_pollsession));
+ if (!ps) {
+ ERRMEM;
+ return NULL;
+ }
pthread_mutex_init(&ps->lock, NULL);
return ps;
@@ -478,8 +495,14 @@
pthread_mutex_lock(&ps->lock);
++ps->session_count;
- ps->pfds = realloc(ps->pfds, ps->session_count * sizeof *ps->pfds);
- ps->sessions = realloc(ps->sessions, ps->session_count * sizeof *ps->sessions);
+ ps->pfds = nc_realloc(ps->pfds, ps->session_count * sizeof *ps->pfds);
+ ps->sessions = nc_realloc(ps->sessions, ps->session_count * sizeof *ps->sessions);
+ if (!ps->pfds || !ps->sessions) {
+ ERRMEM;
+ /* UNLOCK */
+ pthread_mutex_unlock(&ps->lock);
+ return -1;
+ }
switch (session->ti_type) {
case NC_TI_FD:
@@ -600,6 +623,10 @@
switch (msgtype) {
case NC_MSG_RPC:
*rpc = malloc(sizeof **rpc);
+ if (!*rpc) {
+ ERRMEM;
+ goto error;
+ }
(*rpc)->tree = lyd_parse_xml(server_opts.ctx, &xml->child, LYD_OPT_DESTRUCT | LYD_OPT_RPC);
if (!(*rpc)->tree) {
@@ -932,8 +959,14 @@
}
++server_opts.endpt_count;
- server_opts.binds = realloc(server_opts.binds, server_opts.endpt_count * sizeof *server_opts.binds);
- server_opts.endpts = realloc(server_opts.endpts, server_opts.endpt_count * sizeof *server_opts.endpts);
+ server_opts.binds = nc_realloc(server_opts.binds, server_opts.endpt_count * sizeof *server_opts.binds);
+ server_opts.endpts = nc_realloc(server_opts.endpts, server_opts.endpt_count * sizeof *server_opts.endpts);
+ if (!server_opts.binds || !server_opts.endpts) {
+ ERRMEM;
+ /* WRITE UNLOCK */
+ pthread_rwlock_unlock(&server_opts.endpt_array_lock);
+ return -1;
+ }
server_opts.endpts[server_opts.endpt_count - 1].name = lydict_insert(server_opts.ctx, name, 0);
server_opts.binds[server_opts.endpt_count - 1].address = lydict_insert(server_opts.ctx, address, 0);
@@ -944,6 +977,12 @@
#ifdef NC_ENABLED_SSH
case NC_TI_LIBSSH:
ssh_opts = calloc(1, sizeof *ssh_opts);
+ if (!ssh_opts) {
+ ERRMEM;
+ /* WRITE UNLOCK */
+ pthread_rwlock_unlock(&server_opts.endpt_array_lock);
+ return -1;
+ }
/* set default values */
ssh_opts->auth_methods = NC_SSH_AUTH_PUBLICKEY | NC_SSH_AUTH_PASSWORD | NC_SSH_AUTH_INTERACTIVE;
ssh_opts->auth_attempts = 3;
@@ -955,6 +994,12 @@
#ifdef NC_ENABLED_TLS
case NC_TI_OPENSSL:
server_opts.endpts[server_opts.endpt_count - 1].ti_opts = calloc(1, sizeof(struct nc_server_tls_opts));
+ if (!server_opts.endpts[server_opts.endpt_count - 1].ti_opts) {
+ ERRMEM;
+ /* WRITE UNLOCK */
+ pthread_rwlock_unlock(&server_opts.endpt_array_lock);
+ return -1;
+ }
break;
#endif
default:
diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c
index 668a581..58746ae 100644
--- a/src/session_server_ssh.c
+++ b/src/session_server_ssh.c
@@ -313,7 +313,11 @@
}
++opts->authkey_count;
- opts->authkeys = realloc(opts->authkeys, opts->authkey_count * sizeof *opts->authkeys);
+ opts->authkeys = nc_realloc(opts->authkeys, opts->authkey_count * sizeof *opts->authkeys);
+ if (!opts->authkeys) {
+ ERRMEM;
+ return -1;
+ }
opts->authkeys[opts->authkey_count - 1].path = lydict_insert(server_opts.ctx, pubkey_path, 0);
opts->authkeys[opts->authkey_count - 1].username = lydict_insert(server_opts.ctx, username, 0);
@@ -681,6 +685,10 @@
} else {
/* additional channel subsystem request, new session is ready as far as SSH is concerned */
new_session = calloc(1, sizeof *new_session);
+ if (!new_session) {
+ ERRMEM;
+ return -1;
+ }
/* insert the new session */
if (!session->ti.libssh.next) {
diff --git a/src/session_server_tls.c b/src/session_server_tls.c
index 62b789f..ac30210 100644
--- a/src/session_server_tls.c
+++ b/src/session_server_tls.c
@@ -51,6 +51,11 @@
ASN1_TIME_print(bio, t);
n = BIO_pending(bio);
cp = malloc(n + 1);
+ if (!cp) {
+ ERRMEM;
+ BIO_free(bio);
+ return NULL;
+ }
n = BIO_read(bio, cp, n);
if (n < 0) {
BIO_free(bio);
@@ -68,6 +73,10 @@
unsigned int i;
*str = malloc(dig_len * 3);
+ if (!*str) {
+ ERRMEM;
+ return;
+ }
for (i = 0; i < dig_len - 1; ++i) {
sprintf((*str) + (i * 3), "%02x:", digest[i]);
}
@@ -194,6 +203,10 @@
*strchr(common_name, '/') = '\0';
}
*username = strdup(common_name);
+ if (!*username) {
+ ERRMEM;
+ return 1;
+ }
free(subject);
} else {
/* retrieve subjectAltName's rfc822Name (email), dNSName and iPAddress values */
@@ -211,6 +224,10 @@
if ((map_type == NC_TLS_CTN_SAN_ANY || map_type == NC_TLS_CTN_SAN_RFC822_NAME) &&
san_name->type == GEN_EMAIL) {
*username = strdup((char *)ASN1_STRING_data(san_name->d.rfc822Name));
+ if (!*username) {
+ ERRMEM;
+ return 1;
+ }
break;
}
@@ -218,6 +235,10 @@
if ((map_type == NC_TLS_CTN_SAN_ANY || map_type == NC_TLS_CTN_SAN_DNS_NAME) &&
san_name->type == GEN_DNS) {
*username = strdup((char *)ASN1_STRING_data(san_name->d.dNSName));
+ if (!*username) {
+ ERRMEM;
+ return 1;
+ }
break;
}
@@ -284,6 +305,11 @@
int ret = 0;
struct nc_ctn *ctn;
+ if (!buf) {
+ ERRMEM;
+ return -1;
+ }
+
if (!ctn_first || !cert || !map_type || !name) {
free(buf);
return -1;
@@ -1316,6 +1342,10 @@
}
new = malloc(sizeof *new);
+ if (!new) {
+ ERRMEM;
+ return -1;
+ }
new->fingerprint = lydict_insert(server_opts.ctx, fingerprint, 0);
new->name = lydict_insert(server_opts.ctx, name, 0);
diff --git a/src/time.c b/src/time.c
index 9374f28..d7eac3e 100644
--- a/src/time.c
+++ b/src/time.c
@@ -36,6 +36,10 @@
}
dt = strdup(datetime);
+ if (!dt) {
+ ERRMEM;
+ return -1;
+ }
if (strlen(dt) < 20 || dt[4] != '-' || dt[7] != '-' || dt[13] != ':' || dt[16] != ':') {
ERR("Wrong date time format not compliant to RFC 3339.");
@@ -98,6 +102,10 @@
tz_origin = getenv("TZ");
if (tz_origin) {
tz_origin = strdup(tz_origin);
+ if (!tz_origin) {
+ ERRMEM;
+ return NULL;
+ }
}
setenv("TZ", tz, 1);
tm_ret = localtime_r(&time, &tm);