From f044157553b2929a276e299cf2234651d0709c02 Mon Sep 17 00:00:00 2001 From: nils Date: Wed, 21 Apr 2004 18:10:58 +0000 Subject: [PATCH] fix incorrect use of realloc (x = realloc(x, y) doesn't free the x in case of a failure) git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1775 c6295689-39f2-0310-b995-f0e70906c6a9 --- src/libopensc/asn1.c | 16 +++++++++++++--- src/libopensc/card.c | 10 +++++++--- src/libopensc/pkcs15-algo.c | 17 ++++++++++++++--- src/libopensc/pkcs15.c | 3 ++- src/libopensc/sc.c | 27 +++++++++++++++++++++------ src/scconf/scconf.c | 19 +++++++++++++------ src/scconf/write.c | 15 +++++++++------ src/sslengines/p11_cert.c | 13 +++++++++---- src/sslengines/p11_key.c | 13 +++++++++---- 9 files changed, 97 insertions(+), 36 deletions(-) diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c index 9abd49b9..fbef7120 100644 --- a/src/libopensc/asn1.c +++ b/src/libopensc/asn1.c @@ -1305,17 +1305,27 @@ static int asn1_encode(struct sc_context *ctx, const struct sc_asn1_entry *asn1, u8 **ptr, size_t *size, int depth) { int r, idx = 0; - u8 *obj, *buf = NULL; + u8 *obj = NULL, *buf = NULL, *tmp; size_t total = 0, objsize; for (idx = 0; asn1[idx].name != NULL; idx++) { r = asn1_encode_entry(ctx, &asn1[idx], &obj, &objsize, depth); if (r) { - if (buf != NULL) + if (obj) + free(obj); + if (buf) free(buf); return r; } - buf = (u8 *) realloc(buf, total + objsize); + tmp = (u8 *) realloc(buf, total + objsize); + if (!tmp) { + if (obj) + free(obj); + if (buf) + free(buf); + return SC_ERROR_OUT_OF_MEMORY; + } + buf = tmp; memcpy(buf + total, obj, objsize); free(obj); total += objsize; diff --git a/src/libopensc/card.c b/src/libopensc/card.c index c1ddf8cc..430a1e80 100644 --- a/src/libopensc/card.c +++ b/src/libopensc/card.c @@ -841,12 +841,16 @@ int _sc_card_add_algorithm(struct sc_card *card, const struct sc_algorithm_info struct sc_algorithm_info *p; assert(sc_card_valid(card) && info != NULL); - card->algorithms = (struct sc_algorithm_info *) realloc(card->algorithms, (card->algorithm_count + 1) * sizeof(*info)); - if (card->algorithms == NULL) { + p = (struct sc_algorithm_info *) realloc(card->algorithms, (card->algorithm_count + 1) * sizeof(*info)); + if (!p) { + if (card->algorithms) + free(card->algorithms); + card->algorithms = NULL; card->algorithm_count = 0; return SC_ERROR_OUT_OF_MEMORY; } - p = card->algorithms + card->algorithm_count; + card->algorithms = p; + p += card->algorithm_count; card->algorithm_count++; *p = *info; return 0; diff --git a/src/libopensc/pkcs15-algo.c b/src/libopensc/pkcs15-algo.c index 9c73982b..2a5232ea 100644 --- a/src/libopensc/pkcs15-algo.c +++ b/src/libopensc/pkcs15-algo.c @@ -323,9 +323,10 @@ sc_asn1_encode_algorithm_id(struct sc_context *ctx, struct sc_asn1_pkcs15_algorithm_info *alg_info; struct sc_algorithm_id temp_id; struct sc_asn1_entry asn1_alg_id[3]; - u8 *obj; + u8 *obj = NULL; size_t obj_len = 0; int r; + u8 *tmp; alg_info = sc_asn1_get_algorithm_info(id); @@ -355,12 +356,22 @@ sc_asn1_encode_algorithm_id(struct sc_context *ctx, /* Encode any parameters */ if (id->params && alg_info->encode) { r = alg_info->encode(ctx, id->params, &obj, &obj_len, depth+1); - if (r < 0) + if (r < 0) { + if (obj) + free(obj); return r; + } } if (obj_len) { - *buf = (u8 *) realloc(*buf, *len + obj_len); + tmp = (u8 *) realloc(*buf, *len + obj_len); + if (!tmp) { + free(*buf); + *buf = NULL; + free(obj); + return SC_ERROR_OUT_OF_MEMORY; + } + *buf = tmp; memcpy(*buf + *len, obj, obj_len); *len += obj_len; free(obj); diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c index e197fd90..cb9121a9 100644 --- a/src/libopensc/pkcs15.c +++ b/src/libopensc/pkcs15.c @@ -1029,7 +1029,7 @@ int sc_pkcs15_encode_df(struct sc_context *ctx, struct sc_pkcs15_df *df, u8 **buf_out, size_t *bufsize_out) { - u8 *buf = NULL, *tmp; + u8 *buf = NULL, *tmp = NULL; size_t bufsize = 0, tmpsize; const struct sc_pkcs15_object *obj; int (* func)(struct sc_context *, const struct sc_pkcs15_object *obj, @@ -1068,6 +1068,7 @@ int sc_pkcs15_encode_df(struct sc_context *ctx, continue; r = func(ctx, obj, &tmp, &tmpsize); if (r) { + free(tmp); free(buf); return r; } diff --git a/src/libopensc/sc.c b/src/libopensc/sc.c index 738e6356..c4066046 100644 --- a/src/libopensc/sc.c +++ b/src/libopensc/sc.c @@ -373,6 +373,7 @@ void sc_file_dup(struct sc_file **dest, const struct sc_file *src) int sc_file_set_sec_attr(struct sc_file *file, const u8 *sec_attr, size_t sec_attr_len) { + u8 *tmp; assert(sc_file_valid(file)); if (sec_attr == NULL) { @@ -382,11 +383,15 @@ int sc_file_set_sec_attr(struct sc_file *file, const u8 *sec_attr, file->sec_attr_len = 0; return 0; } - file->sec_attr = (u8 *) realloc(file->sec_attr, sec_attr_len); - if (file->sec_attr == NULL) { + tmp = (u8 *) realloc(file->sec_attr, sec_attr_len); + if (!tmp) { + if (file->sec_attr) + free(file->sec_attr); + file->sec_attr = NULL; file->sec_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } + file->sec_attr = tmp; memcpy(file->sec_attr, sec_attr, sec_attr_len); file->sec_attr_len = sec_attr_len; @@ -396,6 +401,7 @@ int sc_file_set_sec_attr(struct sc_file *file, const u8 *sec_attr, int sc_file_set_prop_attr(struct sc_file *file, const u8 *prop_attr, size_t prop_attr_len) { + u8 *tmp; assert(sc_file_valid(file)); if (prop_attr == NULL) { @@ -405,11 +411,15 @@ int sc_file_set_prop_attr(struct sc_file *file, const u8 *prop_attr, file->prop_attr_len = 0; return 0; } - file->prop_attr = (u8 *) realloc(file->prop_attr, prop_attr_len); - if (file->prop_attr == NULL) { + tmp = (u8 *) realloc(file->prop_attr, prop_attr_len); + if (!tmp) { + if (file->prop_attr) + free(file->prop_attr); + file->prop_attr = NULL; file->prop_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } + file->prop_attr = tmp; memcpy(file->prop_attr, prop_attr, prop_attr_len); file->prop_attr_len = prop_attr_len; @@ -419,6 +429,7 @@ int sc_file_set_prop_attr(struct sc_file *file, const u8 *prop_attr, int sc_file_set_type_attr(struct sc_file *file, const u8 *type_attr, size_t type_attr_len) { + u8 *tmp; assert(sc_file_valid(file)); if (type_attr == NULL) { @@ -428,11 +439,15 @@ int sc_file_set_type_attr(struct sc_file *file, const u8 *type_attr, file->type_attr_len = 0; return 0; } - file->type_attr = (u8 *) realloc(file->type_attr, type_attr_len); - if (file->type_attr == NULL) { + tmp = (u8 *) realloc(file->type_attr, type_attr_len); + if (!tmp) { + if (file->type_attr) + free(file->type_attr); + file->type_attr = NULL; file->type_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } + file->type_attr = tmp; memcpy(file->type_attr, type_attr, type_attr_len); file->type_attr_len = type_attr_len; diff --git a/src/scconf/scconf.c b/src/scconf/scconf.c index 99bfd7d1..46cdb711 100644 --- a/src/scconf/scconf.c +++ b/src/scconf/scconf.c @@ -62,7 +62,6 @@ void scconf_free(scconf_context * config) } free(config); } - config = NULL; } const scconf_block *scconf_find_block(const scconf_context * config, const scconf_block * block, const char *item_name) @@ -86,7 +85,7 @@ const scconf_block *scconf_find_block(const scconf_context * config, const sccon scconf_block **scconf_find_blocks(const scconf_context * config, const scconf_block * block, const char *item_name, const char *key) { - scconf_block **blocks = NULL; + scconf_block **blocks = NULL, **tmp; int alloc_size, size; scconf_item *item; @@ -108,7 +107,12 @@ scconf_block **scconf_find_blocks(const scconf_context * config, const scconf_bl } if (size + 1 >= alloc_size) { alloc_size *= 2; - blocks = (scconf_block **) realloc(blocks, sizeof(scconf_block *) * alloc_size); + tmp = (scconf_block **) realloc(blocks, sizeof(scconf_block *) * alloc_size); + if (!tmp) { + free(blocks); + return NULL; + } + blocks = tmp; } blocks[size++] = item->value.block; } @@ -421,7 +425,7 @@ char *scconf_list_strdup(const scconf_list * list, const char *filler) static scconf_block **getblocks(const scconf_context * config, const scconf_block * block, scconf_entry * entry) { - scconf_block **blocks = NULL; + scconf_block **blocks = NULL, **tmp; blocks = scconf_find_blocks(config, block, entry->name, NULL); if (blocks) { @@ -438,9 +442,12 @@ static scconf_block **getblocks(const scconf_context * config, const scconf_bloc if (config->debug) { fprintf(stderr, "list found (%s)\n", entry->name); } - blocks = (scconf_block **) realloc(blocks, sizeof(scconf_block *) * 2); - if (!blocks) + tmp = (scconf_block **) realloc(blocks, sizeof(scconf_block *) * 2); + if (!tmp) { + free(blocks); return NULL; + } + blocks = tmp; blocks[0] = (scconf_block *) block; blocks[1] = NULL; } diff --git a/src/scconf/write.c b/src/scconf/write.c index fdd73533..89460a93 100644 --- a/src/scconf/write.c +++ b/src/scconf/write.c @@ -75,7 +75,7 @@ static int string_need_quotes(const char *str) static char *scconf_list_get_string(scconf_list * list) { - char *buffer = NULL; + char *buffer = NULL, *tmp; int datalen, len, alloc_len, quote; if (!list) { @@ -92,7 +92,12 @@ static char *scconf_list_get_string(scconf_list * list) datalen = strlen(list->data); if (len + datalen + 4 > alloc_len) { alloc_len += datalen + 2; - buffer = (char *) realloc(buffer, alloc_len); + tmp = (char *) realloc(buffer, alloc_len); + if (!tmp) { + free(buffer); + return strdup(""); + } + buffer = tmp; } if (len != 0) { memcpy(buffer + len, ", ", 2); @@ -138,14 +143,13 @@ static void scconf_write_items(scconf_writer * writer, const scconf_block * bloc datalen = strlen(item->key) + strlen(name) + 6; data = (char *) malloc(datalen); if (!data) { + free(name); continue; } snprintf(data, datalen, "%s %s {", item->key, name); write_line(writer, data); free(data); - data = NULL; free(name); - name = NULL; /* items */ writer->indent_pos += writer->indent_level; @@ -160,14 +164,13 @@ static void scconf_write_items(scconf_writer * writer, const scconf_block * bloc datalen = strlen(item->key) + strlen(name) + 6; data = (char *) malloc(datalen); if (!data) { + free(name); continue; } snprintf(data, datalen, "%s = %s;", item->key, name); write_line(writer, data); free(data); - data = NULL; free(name); - name = NULL; break; } } diff --git a/src/sslengines/p11_cert.c b/src/sslengines/p11_cert.c index c84c6893..d294ab9f 100644 --- a/src/sslengines/p11_cert.c +++ b/src/sslengines/p11_cert.c @@ -120,7 +120,7 @@ pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token, { PKCS11_TOKEN_private *tpriv; PKCS11_CERT_private *kpriv; - PKCS11_CERT *cert; + PKCS11_CERT *cert, *tmp; char label[256], data[2048]; unsigned char id[256]; CK_CERTIFICATE_TYPE cert_type; @@ -135,9 +135,14 @@ pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token, return 0; tpriv = PRIVTOKEN(token); - tpriv->certs = (PKCS11_CERT *) OPENSSL_realloc(tpriv->certs, - (tpriv->ncerts + - 1) * sizeof(PKCS11_CERT)); + tmp = (PKCS11_CERT *) OPENSSL_realloc(tpriv->certs, + (tpriv->ncerts + 1) * sizeof(PKCS11_CERT)); + if (!tmp) { + free(tpriv->certs); + tpriv->certs = NULL; + return -1; + } + tpriv->certs = tmp; cert = tpriv->certs + tpriv->ncerts++; memset(cert, 0, sizeof(*cert)); diff --git a/src/sslengines/p11_key.c b/src/sslengines/p11_key.c index 198675bd..ef08519c 100644 --- a/src/sslengines/p11_key.c +++ b/src/sslengines/p11_key.c @@ -240,7 +240,7 @@ pkcs11_init_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token, { PKCS11_TOKEN_private *tpriv; PKCS11_KEY_private *kpriv; - PKCS11_KEY *key; + PKCS11_KEY *key, *tmp; char label[256]; unsigned char id[256]; CK_KEY_TYPE key_type; @@ -261,9 +261,14 @@ pkcs11_init_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token, } tpriv = PRIVTOKEN(token); - tpriv->keys = (PKCS11_KEY *) OPENSSL_realloc(tpriv->keys, - (tpriv->nkeys + - 1) * sizeof(PKCS11_KEY)); + tmp = (PKCS11_KEY *) OPENSSL_realloc(tpriv->keys, + (tpriv->nkeys + 1) * sizeof(PKCS11_KEY)); + if (!tmp) { + free(tpriv->keys); + tpriv->keys = NULL; + return -1; + } + tpriv->keys = tmp; key = tpriv->keys + tpriv->nkeys++; memset(key, 0, sizeof(*key));