From 6d4920e9d36675ff515da17c1eb301d22d07b489 Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Mon, 21 Sep 2015 20:48:33 +0200 Subject: Replace strdup() calls for string_alloc() calls As reported by Bill Parker in trac #600, strdup() return values are not always correctly checked for failed allocations. This patch adds missing checks by using string_alloc(), which performs the required checks. Signed-off-by: Steffan Karger Acked-by: Gert Doering Message-Id: <561130FC.8090008@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/10176 Signed-off-by: Gert Doering (cherry picked from commit ddc7692d245017c71adc40ad5cc195617e39fce0) --- src/openvpn/buffer.h | 2 +- src/openvpn/cryptoapi.c | 4 +++- src/openvpn/init.c | 2 +- src/openvpn/misc.c | 2 +- src/openvpn/options.c | 2 +- src/openvpn/ssl_polarssl.c | 2 +- 6 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h index d306a04..58f0601 100644 --- a/src/openvpn/buffer.h +++ b/src/openvpn/buffer.h @@ -873,7 +873,7 @@ gc_reset (struct gc_arena *a) } static inline void -check_malloc_return (void *p) +check_malloc_return (const void *p) { if (!p) out_of_memory (); diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index b7fc11e..1d54ee7 100644 --- a/src/openvpn/cryptoapi.c +++ b/src/openvpn/cryptoapi.c @@ -46,6 +46,8 @@ #include #include +#include "buffer.h" + /* MinGW w32api 3.17 is still incomplete when it comes to CryptoAPI while * MinGW32-w64 defines all macros used. This is a hack around that problem. */ @@ -116,7 +118,7 @@ static char *ms_error_text(DWORD ms_err) (LPTSTR) &lpMsgBuf, 0, NULL); if (lpMsgBuf) { char *p; - rv = strdup(lpMsgBuf); + rv = string_alloc(lpMsgBuf, NULL); LocalFree(lpMsgBuf); /* trim to the left */ if (rv) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 71c91a2..2181735 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -840,7 +840,7 @@ void init_options_dev (struct options *options) { if (!options->dev && options->dev_node) { - char *dev_node = strdup(options->dev_node); /* POSIX basename() implementaions may modify its arguments */ + char *dev_node = string_alloc(options->dev_node, NULL); /* POSIX basename() implementaions may modify its arguments */ options->dev = basename (dev_node); } } diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index f20d059..bca5e42 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -1647,7 +1647,7 @@ argv_extract_cmd_name (const char *path) { if (path) { - char *path_cp = strdup(path); /* POSIX basename() implementaions may modify its arguments */ + char *path_cp = string_alloc(path, NULL); /* POSIX basename() implementaions may modify its arguments */ const char *bn = basename (path_cp); if (bn) { diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7ff5f77..019ae6c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2617,7 +2617,7 @@ check_file_access(const int type, const char *file, const int mode, const char * /* Is the directory path leading to the given file accessible? */ if (type & CHKACC_DIRPATH) { - char *fullpath = strdup(file); /* POSIX dirname() implementaion may modify its arguments */ + char *fullpath = string_alloc (file, NULL); /* POSIX dirname() implementaion may modify its arguments */ char *dirpath = dirname(fullpath); if (platform_access (dirpath, mode|X_OK) != 0) diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c index 30c7395..562ace0 100644 --- a/src/openvpn/ssl_polarssl.c +++ b/src/openvpn/ssl_polarssl.c @@ -191,7 +191,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) /* Parse allowed ciphers, getting IDs */ i = 0; - tmp_ciphers_orig = tmp_ciphers = strdup(ciphers); + tmp_ciphers_orig = tmp_ciphers = string_alloc (ciphers, NULL); token = strtok (tmp_ciphers, ":"); while(token) -- cgit