aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog14
-rw-r--r--libidn/ChangeLog5
-rw-r--r--libidn/idna.c69
-rw-r--r--libidn/stringprep.c10
-rw-r--r--nis/nis_removemember.c7
-rw-r--r--nis/nis_subr.c41
-rw-r--r--nis/nis_table.c25
-rw-r--r--nss/nss_files/files-netgrp.c4
-rw-r--r--resolv/res_hconf.c4
-rw-r--r--sysdeps/generic/ifreq.c10
-rw-r--r--sysdeps/unix/sysv/linux/ifreq.c10
11 files changed, 145 insertions, 54 deletions
diff --git a/ChangeLog b/ChangeLog
index f73e9ab6bc..07d8e0439f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,19 @@
2004-05-06 Ulrich Drepper <drepper@redhat.com>
+ * sysdeps/unix/sysv/linux/ifreq.c (__ifreq): Fix memory handling.
+ * sysdeps/generic/ifreq.c (__ifreq): Fix memory handling.
+
+ * resolv/res_hconf.c (_res_hconf_reorder_addrs): Make clear that
+ realloc cannot fail.
+
+ * nss/nss_files/files-netgrp.c (EXPAND): Free buffer which cannot
+ be expanded.
+
+ * nis/nis_table.c: Clean up memory handling.
+ * nis/nis_subr.c (nis_getnames): Clean up memory handling.
+ * nis/nis_removemember.c (nis_removemember): Add comment
+ explaining use of realloc.
+
* math/tgmath.h (fabs): Use __TGMATH_UNARY_REAL_IMAG_RET_REAL.
(carg): Likewise.
Patch by Lev S Bishop <lev.bishop@yale.edu>.
diff --git a/libidn/ChangeLog b/libidn/ChangeLog
index 045a1e604c..f5bc21b28a 100644
--- a/libidn/ChangeLog
+++ b/libidn/ChangeLog
@@ -1,3 +1,8 @@
+2004-05-06 Ulrich Drepper <drepper@redhat.com>
+
+ * stringprep.c (stringprep): Free memory if allocation failed.
+ * idna.c: Fix memory handling in several places.
+
2004-04-22 Simon Josefsson <jas@extundo.com>
* stringprep.h: Update to latest libidn version.
diff --git a/libidn/idna.c b/libidn/idna.c
index bf692c029b..81e92f7d06 100644
--- a/libidn/idna.c
+++ b/libidn/idna.c
@@ -116,9 +116,13 @@ idna_to_ascii_4i (const uint32_t * in, size_t inlen, char *out, int flags)
do
{
len = 2 * len + 10; /* XXX better guess? */
- p = realloc (p, len);
+ char *newp = realloc (p, len);
if (p == NULL)
- return IDNA_MALLOC_ERROR;
+ {
+ free (p);
+ return IDNA_MALLOC_ERROR;
+ }
+ p = newp;
if (flags & IDNA_ALLOW_UNASSIGNED)
rc = stringprep_nameprep (p, len);
@@ -288,9 +292,13 @@ idna_to_unicode_internal (char *utf8in,
*/
do
{
- utf8in = realloc (utf8in, utf8len + addlen);
- if (!utf8in)
- return IDNA_MALLOC_ERROR;
+ char *newp = realloc (utf8in, utf8len + addlen);
+ if (newp == NULL)
+ {
+ free (utf8in);
+ return IDNA_MALLOC_ERROR;
+ }
+ utf8in = newp;
if (flags & IDNA_ALLOW_UNASSIGNED)
rc = stringprep_nameprep (utf8in, utf8len + addlen);
else
@@ -300,7 +308,10 @@ idna_to_unicode_internal (char *utf8in,
while (rc == STRINGPREP_TOO_SMALL_BUFFER);
if (rc != STRINGPREP_OK)
- return IDNA_STRINGPREP_ERROR;
+ {
+ free (utf8in);
+ return IDNA_STRINGPREP_ERROR;
+ }
/* 3. Verify that the sequence begins with the ACE prefix, and save a
* copy of the sequence.
@@ -308,7 +319,10 @@ idna_to_unicode_internal (char *utf8in,
step3:
if (memcmp (IDNA_ACE_PREFIX, utf8in, strlen (IDNA_ACE_PREFIX)) != 0)
- return IDNA_NO_ACE_PREFIX;
+ {
+ free (utf8in);
+ return IDNA_NO_ACE_PREFIX;
+ }
/* 4. Remove the ACE prefix.
*/
@@ -325,7 +339,10 @@ step3:
rc = punycode_decode (strlen (utf8in), utf8in, outlen, out, NULL);
if (rc != PUNYCODE_SUCCESS)
- return IDNA_PUNYCODE_ERROR;
+ {
+ free (utf8in);
+ return IDNA_PUNYCODE_ERROR;
+ }
out[*outlen] = 0; /* add zero */
@@ -334,18 +351,25 @@ step3:
rc = idna_to_ascii_4i (out, *outlen, tmpout, flags);
if (rc != IDNA_SUCCESS)
- return rc;
+ {
+ free (utf8in);
+ return rc;
+ }
/* 7. Verify that the result of step 6 matches the saved copy from
* step 3, using a case-insensitive ASCII comparison.
*/
if (strcasecmp (utf8in, tmpout + strlen (IDNA_ACE_PREFIX)) != 0)
- return IDNA_ROUNDTRIP_VERIFY_ERROR;
+ {
+ free (utf8in);
+ return IDNA_ROUNDTRIP_VERIFY_ERROR;
+ }
/* 8. Return the saved copy from step 5.
*/
+ free (utf8in);
return IDNA_SUCCESS;
}
@@ -404,7 +428,7 @@ idna_to_unicode_44i (const uint32_t * in, size_t inlen,
*outlen = inlen;
}
- free (p);
+ /* p is freed in idna_to_unicode_internal. */
return rc;
}
@@ -479,9 +503,13 @@ idna_to_ascii_4z (const uint32_t * input, char **output, int flags)
if (out)
{
- out = realloc (out, strlen (out) + 1 + strlen (buf) + 1);
- if (!out)
- return IDNA_MALLOC_ERROR;
+ char *newp = realloc (out, strlen (out) + 1 + strlen (buf) + 1);
+ if (!newp)
+ {
+ free (out);
+ return IDNA_MALLOC_ERROR;
+ }
+ out = newp;
strcat (out, ".");
strcat (out, buf);
}
@@ -605,9 +633,16 @@ idna_to_unicode_4z4z (const uint32_t * input, uint32_t ** output, int flags)
if (out)
{
- out = realloc (out, sizeof (out[0]) * (outlen + 1 + buflen + 1));
- if (!out)
- return IDNA_MALLOC_ERROR;
+ uint32_t *newp = realloc (out,
+ sizeof (out[0])
+ * (outlen + 1 + buflen + 1));
+ if (!newp)
+ {
+ free (buf);
+ free (out);
+ return IDNA_MALLOC_ERROR;
+ }
+ out = newp;
out[outlen++] = 0x002E; /* '.' (full stop) */
memcpy (out + outlen, buf, sizeof (buf[0]) * buflen);
outlen += buflen;
diff --git a/libidn/stringprep.c b/libidn/stringprep.c
index 1841b36178..6041e3937a 100644
--- a/libidn/stringprep.c
+++ b/libidn/stringprep.c
@@ -370,9 +370,13 @@ stringprep (char *in,
free (ucs4);
ucs4 = stringprep_utf8_to_ucs4 (in, -1, &ucs4len);
maxucs4len = ucs4len + adducs4len;
- ucs4 = realloc (ucs4, maxucs4len * sizeof (uint32_t));
- if (!ucs4)
- return STRINGPREP_MALLOC_ERROR;
+ uint32_t *newp = realloc (ucs4, maxucs4len * sizeof (uint32_t));
+ if (!newp)
+ {
+ free (ucs4);
+ return STRINGPREP_MALLOC_ERROR;
+ }
+ ucs4 = newp;
rc = stringprep_4i (ucs4, &ucs4len, maxucs4len, flags, profile);
adducs4len += 50;
diff --git a/nis/nis_removemember.c b/nis/nis_removemember.c
index 930ca4311f..b9e27ab48c 100644
--- a/nis/nis_removemember.c
+++ b/nis/nis_removemember.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1997, 1998, 1999 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 1998, 1999, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
@@ -17,6 +17,7 @@
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
+#include <assert.h>
#include <string.h>
#include <rpcsvc/nis.h>
@@ -87,6 +88,10 @@ nis_removemember (const_nis_name member, const_nis_name group)
}
}
free (NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val);
+ assert (k <= NIS_RES_OBJECT(res)->GR_data.gr_members.gr_members_len);
+ /* This realloc() call always decreases the size. This cannot
+ fail. We still have the test but do not recover memory
+ (i.e., we overwrite the input pointer). */
newmem = realloc (newmem, k * sizeof (char*));
if (newmem == NULL)
return NIS_NOMEMORY;
diff --git a/nis/nis_subr.c b/nis/nis_subr.c
index 47a22e38c1..78e58aeba9 100644
--- a/nis/nis_subr.c
+++ b/nis/nis_subr.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1997, 1999, 2000 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 1999, 2000, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
@@ -117,8 +117,11 @@ nis_getnames (const_nis_name name)
{
nis_name *getnames = NULL;
char local_domain[NIS_MAXNAMELEN + 1];
- char *path, *cp;
- int count, pos, have_point;
+ char *path;
+ char *cp;
+ int count;
+ int pos = 0;
+ int have_point;
char *saveptr;
strncpy (local_domain, nis_local_directory (), NIS_MAXNAMELEN);
@@ -133,7 +136,13 @@ nis_getnames (const_nis_name name)
if (name[strlen (name) - 1] == '.')
{
if ((getnames[0] = strdup (name)) == NULL)
- return NULL;
+ {
+ free_null:
+ while (pos-- > 0)
+ free (getnames[pos]);
+ free (getnames);
+ return NULL;
+ }
getnames[1] = NULL;
@@ -149,8 +158,6 @@ nis_getnames (const_nis_name name)
have_point = (strchr (name, '.') != NULL);
- pos = 0;
-
cp = __strtok_r (path, ":", &saveptr);
while (cp)
{
@@ -164,14 +171,16 @@ nis_getnames (const_nis_name name)
if (pos >= count)
{
count += 5;
- getnames = realloc (getnames, (count + 1) * sizeof (char *));
- if (__builtin_expect (getnames == NULL, 0))
- return NULL;
+ nis_name *newp = realloc (getnames,
+ (count + 1) * sizeof (char *));
+ if (__builtin_expect (newp == NULL, 0))
+ goto free_null;
+ getnames = newp;
}
tmp = malloc (strlen (cptr) + strlen (local_domain) +
strlen (name) + 2);
if (__builtin_expect (tmp == NULL, 0))
- return NULL;
+ goto free_null;
getnames[pos] = tmp;
tmp = stpcpy (tmp, name);
@@ -201,7 +210,7 @@ nis_getnames (const_nis_name name)
tmp = malloc (cplen + strlen (local_domain) + strlen (name) + 2);
if (__builtin_expect (tmp == NULL, 0))
- return NULL;
+ goto free_null;
p = __stpcpy (tmp, name);
*p++ = '.';
@@ -217,7 +226,7 @@ nis_getnames (const_nis_name name)
tmp = malloc (cplen + strlen (name) + 2);
if (__builtin_expect (tmp == NULL, 0))
- return NULL;
+ goto free_null;
p = __stpcpy (tmp, name);
*p++ = '.';
@@ -227,9 +236,11 @@ nis_getnames (const_nis_name name)
if (pos >= count)
{
count += 5;
- getnames = realloc (getnames, (count + 1) * sizeof (char *));
- if (__builtin_expect (getnames == NULL, 0))
- return NULL;
+ nis_name *newp = realloc (getnames,
+ (count + 1) * sizeof (char *));
+ if (__builtin_expect (newp == NULL, 0))
+ goto free_null;
+ getnames = newp;
}
getnames[pos] = tmp;
++pos;
diff --git a/nis/nis_table.c b/nis/nis_table.c
index 6c4fb839fc..746444c311 100644
--- a/nis/nis_table.c
+++ b/nis/nis_table.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1997, 1998, 1999, 2003 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 1998, 1999, 2003, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@suse.de>, 1997.
@@ -54,7 +54,7 @@ __create_ib_request (const_nis_name name, unsigned int flags)
return NULL;
}
- /* Check if we have an entry of "[key=value,],bar". If, remove the "," */
+ /* Check if we have an entry of "[key=value,],bar". If, remove the "," */
if (ibreq->ibr_name[-1] == ',')
ibreq->ibr_name[-1] = '\0';
else
@@ -62,7 +62,17 @@ __create_ib_request (const_nis_name name, unsigned int flags)
ibreq->ibr_name += 2;
ibreq->ibr_name = strdup (ibreq->ibr_name);
if (ibreq->ibr_name == NULL)
- return NULL;
+ {
+ free_null:
+ while (search_len-- > 0)
+ {
+ free (search_val[search_len].zattr_ndx);
+ free (search_val[search_len].zattr_val.zattr_val_val);
+ }
+ free (search_val);
+ nis_free_request (ibreq);
+ return NULL;
+ }
++cptr; /* Remove "[" */
@@ -86,16 +96,19 @@ __create_ib_request (const_nis_name name, unsigned int flags)
size += 1;
search_val = realloc (search_val, size * sizeof (nis_attr));
if (search_val == NULL)
- return NULL;
+ goto free_null;
}
search_val[search_len].zattr_ndx = strdup (key);
if ((search_val[search_len].zattr_ndx) == NULL)
- return NULL;
+ goto free_null;
search_val[search_len].zattr_val.zattr_val_len = strlen (val) + 1;
search_val[search_len].zattr_val.zattr_val_val = strdup (val);
if (search_val[search_len].zattr_val.zattr_val_val == NULL)
- return NULL;
+ {
+ free (search_val[search_len].zattr_ndx);
+ goto free_null;
+ }
++search_len;
}
diff --git a/nss/nss_files/files-netgrp.c b/nss/nss_files/files-netgrp.c
index 34d2b64473..e207691996 100644
--- a/nss/nss_files/files-netgrp.c
+++ b/nss/nss_files/files-netgrp.c
@@ -1,5 +1,5 @@
/* Netgroup file parser in nss_files modules.
- Copyright (C) 1996, 1997, 2000 Free Software Foundation, Inc.
+ Copyright (C) 1996, 1997, 2000, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
@@ -34,12 +34,14 @@
do \
{ \
size_t old_cursor = result->cursor - result->data; \
+ void *old_data = result->data; \
\
result->data_size += 512 > 2 * needed ? 512 : 2 * needed; \
result->data = realloc (result->data, result->data_size); \
\
if (result->data == NULL) \
{ \
+ free (old_data); \
status = NSS_STATUS_UNAVAIL; \
goto the_end; \
} \
diff --git a/resolv/res_hconf.c b/resolv/res_hconf.c
index cd622eddb8..59f186e246 100644
--- a/resolv/res_hconf.c
+++ b/resolv/res_hconf.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1993, 1995-2001, 2002, 2003 Free Software Foundation, Inc.
+/* Copyright (C) 1993, 1995-2003, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by David Mosberger (davidm@azstarnet.com).
@@ -29,6 +29,7 @@
a line)
*/
+#include <assert.h>
#include <errno.h>
#include <ctype.h>
#include <libintl.h>
@@ -577,6 +578,7 @@ _res_hconf_reorder_addrs (struct hostent *hp)
}
/* Just keep enough memory to hold all the interfaces we want. */
ifaddrs = realloc (ifaddrs, num_ifs * sizeof (ifaddrs[0]));
+ assert (ifaddrs != NULL);
cleanup1:
__if_freereq (ifr, num);
diff --git a/sysdeps/generic/ifreq.c b/sysdeps/generic/ifreq.c
index da4db19e6f..55e833bdb3 100644
--- a/sysdeps/generic/ifreq.c
+++ b/sysdeps/generic/ifreq.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1999, 2002, 2003 Free Software Foundation, Inc.
+/* Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Andreas Jaeger <aj@suse.de>.
@@ -43,11 +43,10 @@ __ifreq (struct ifreq **ifreqs, int *num_ifs, int sockfd)
do
{
ifc.ifc_len = rq_len *= 2;
- ifc.ifc_buf = realloc (ifc.ifc_buf, ifc.ifc_len);
- if (ifc.ifc_buf == NULL || __ioctl (fd, SIOCGIFCONF, &ifc) < 0)
+ void *newp = realloc (ifc.ifc_buf, ifc.ifc_len);
+ if (newp == NULL || __ioctl (fd, SIOCGIFCONF, &ifc) < 0)
{
- if (ifc.ifc_buf)
- free (ifc.ifc_buf);
+ free (ifc.ifc_buf);
if (fd != sockfd)
__close (fd);
@@ -55,6 +54,7 @@ __ifreq (struct ifreq **ifreqs, int *num_ifs, int sockfd)
*ifreqs = NULL;
return;
}
+ ifc.ifc_buf = newp;
}
while (rq_len < sizeof (struct ifreq) + ifc.ifc_len);
diff --git a/sysdeps/unix/sysv/linux/ifreq.c b/sysdeps/unix/sysv/linux/ifreq.c
index 5ab5b06397..b93cd56eab 100644
--- a/sysdeps/unix/sysv/linux/ifreq.c
+++ b/sysdeps/unix/sysv/linux/ifreq.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1999, 2002, 2003 Free Software Foundation, Inc.
+/* Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Andreas Jaeger <aj@suse.de>.
@@ -70,11 +70,10 @@ __ifreq (struct ifreq **ifreqs, int *num_ifs, int sockfd)
while (1)
{
ifc.ifc_len = rq_len;
- ifc.ifc_buf = realloc (ifc.ifc_buf, ifc.ifc_len);
- if (ifc.ifc_buf == NULL || __ioctl (fd, SIOCGIFCONF, &ifc) < 0)
+ void *newp = realloc (ifc.ifc_buf, ifc.ifc_len);
+ if (newp == NULL || __ioctl (fd, SIOCGIFCONF, &ifc) < 0)
{
- if (ifc.ifc_buf)
- free (ifc.ifc_buf);
+ free (ifc.ifc_buf);
if (fd != sockfd)
__close (fd);
@@ -83,6 +82,7 @@ __ifreq (struct ifreq **ifreqs, int *num_ifs, int sockfd)
*ifreqs = NULL;
return;
}
+ ifc.ifc_buf = newp;
if (!old_siocgifconf || ifc.ifc_len < rq_len)
break;