Check for null pointer returns when allocating storage.

Clean up some memory leaks in out-of-memory error paths.
Use strdup and asprintf when appropriate.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19650 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 133 insertions, 44 deletions

diff --git a/src/util/ss/error.c b/src/util/ss/error.c
index 064805506..72bf989e5 100644
--- a/src/util/ss/error.c
+++ b/src/util/ss/error.c
@@ -1,4 +1,27 @@
 /*
+ * Copyright 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
  * Copyright 1987, 1988, 1989 by MIT Student Information Processing
  * Board
  *
@@ -14,38 +37,17 @@
 char * ss_name(sci_idx)
     int sci_idx;
 {
-    register char *ret_val;
     register ss_data *infop;
     
     infop = ss_info(sci_idx);
     if (infop->current_request == (char const *)NULL) {
-	ret_val = malloc((unsigned)
-			 (strlen(infop->subsystem_name)+1)
-			 * sizeof(char));
-	if (ret_val == (char *)NULL)
-	    return((char *)NULL);
-	strcpy(ret_val, infop->subsystem_name);
-	return(ret_val);
-    }
-    else {
-	register char *cp;
-	register char const *cp1;
-	ret_val = malloc((unsigned)sizeof(char) * 
-			 (strlen(infop->subsystem_name)+
-			  strlen(infop->current_request)+
-			  4));
-	cp = ret_val;
-	cp1 = infop->subsystem_name;
-	while (*cp1)
-	    *cp++ = *cp1++;
-	*cp++ = ' ';
-	*cp++ = '(';
-	cp1 = infop->current_request;
-	while (*cp1)
-	    *cp++ = *cp1++;
-	*cp++ = ')';
-	*cp = '\0';
-	return(ret_val);
+	return strdup(infop->subsystem_name);
+    } else {
+	char *ret_val;
+	if (asprintf(&ret_val, "%s (%s)",
+		     infop->subsystem_name, infop->current_request) < 0)
+	    return NULL;
+	return ret_val;
     }
 }
 
diff --git a/src/util/ss/invocation.c b/src/util/ss/invocation.c
index 5e1a2565b..8d4a193bc 100644
--- a/src/util/ss/invocation.c
+++ b/src/util/ss/invocation.c
@@ -1,4 +1,27 @@
 /*
+ * Copyright 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
  * For copyright information, see copyright.h.
@@ -7,7 +30,11 @@
 #include "copyright.h"
 #define	size	sizeof(ss_data *)
 
-
+/* XXX The memory in _ss_table never gets freed up until program exit!
+   If you change the code to free it and stick a null pointer into
+   _ss_table[sci_idx], make sure you change the allocation routine to
+   not assume there are no null pointers in the middle of the
+   array.  */
 int ss_create_invocation(subsystem_name, version_string, info_ptr,
 			 request_table_ptr, code_ptr)
 	char *subsystem_name, *version_string;
@@ -17,47 +44,72 @@ int ss_create_invocation(subsystem_name, version_string, info_ptr,
 {
 	register int sci_idx;
 	register ss_data *new_table;
-	register ss_data **table;
+	register ss_data **table, **tmp;
 
 	*code_ptr = 0;
 	table = _ss_table;
 	new_table = (ss_data *) malloc(sizeof(ss_data));
+	if (new_table == NULL) {
+	    *code_ptr = errno;
+	    return -1;
+	}
 
 	if (table == (ss_data **) NULL) {
 		table = (ss_data **) malloc(2 * size);
+		if (table == NULL) {
+		    *code_ptr = errno;
+		    return -1;
+		}
 		table[0] = table[1] = (ss_data *)NULL;
+		_ss_table = table;
 	}
 	initialize_ss_error_table ();
 
 	for (sci_idx = 1; table[sci_idx] != (ss_data *)NULL; sci_idx++)
 		;
-	table = (ss_data **) realloc((char *)table,
-				     ((unsigned)sci_idx+2)*size);
+	tmp = (ss_data **) realloc((char *)table,
+				   ((unsigned)sci_idx+2)*size);
+	if (tmp == NULL) {
+	    *code_ptr = errno;
+	    return 0;
+	}
+	_ss_table = table = tmp;
 	table[sci_idx+1] = (ss_data *) NULL;
-	table[sci_idx] = new_table;
+	table[sci_idx] = NULL;
 
 	new_table->subsystem_name = subsystem_name;
 	new_table->subsystem_version = version_string;
 	new_table->argv = (char **)NULL;
 	new_table->current_request = (char *)NULL;
 	new_table->info_dirs = (char **)malloc(sizeof(char *));
+	if (new_table->info_dirs == NULL) {
+	    *code_ptr = errno;
+	    free(new_table);
+	    return 0;
+	}
 	*new_table->info_dirs = (char *)NULL;
 	new_table->info_ptr = info_ptr;
-	new_table->prompt = malloc((unsigned)strlen(subsystem_name)+4);
-	strcpy(new_table->prompt, subsystem_name);
-	strcat(new_table->prompt, ":  ");
-#ifdef silly
-	new_table->abbrev_info = ss_abbrev_initialize("/etc/passwd", code_ptr);
-#else
+	if (asprintf(&new_table->prompt, "%s:  ", subsystem_name) < 0) {
+	    *code_ptr = errno;
+	    free(new_table->info_dirs);
+	    free(new_table);
+	    return 0;
+	}
 	new_table->abbrev_info = NULL;
-#endif
 	new_table->flags.escape_disabled = 0;
 	new_table->flags.abbrevs_disabled = 0;
 	new_table->rqt_tables =
 		(ss_request_table **) calloc(2, sizeof(ss_request_table *));
+	if (new_table->rqt_tables == NULL) {
+	    *code_ptr = errno;
+	    free(new_table->prompt);
+	    free(new_table->info_dirs);
+	    free(new_table);
+	    return 0;
+	}
 	*(new_table->rqt_tables) = request_table_ptr;
 	*(new_table->rqt_tables+1) = (ss_request_table *) NULL;
-	_ss_table = table;
+	table[sci_idx] = new_table;
 	return(sci_idx);
 }
 
diff --git a/src/util/ss/parse.c b/src/util/ss/parse.c
index 382a61a40..7ff39512b 100644
--- a/src/util/ss/parse.c
+++ b/src/util/ss/parse.c
@@ -1,4 +1,27 @@
 /*
+ * Copyright 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
  * For copyright info, see copyright.h.
@@ -23,7 +46,7 @@ enum parse_mode { WHITESPACE, TOKEN, QUOTED_STRING };
  *              Where to put the "argc" (number of tokens) value.
  * Returns:
  *      argv (char **)
- *              Series of pointers to parsed tokens.
+ *              Series of pointers to parsed tokens in the original string.
  */
 
 #define NEW_ARGV(old,n) (char **)realloc((char *)old,\
@@ -35,6 +58,7 @@ char **ss_parse (sci_idx, line_ptr, argc_ptr)
     int *argc_ptr;
 {
     register char **argv, *cp;
+    char **newargv;
     register int argc;
     register enum parse_mode parse_mode;
 
@@ -67,7 +91,15 @@ char **ss_parse (sci_idx, line_ptr, argc_ptr)
 		/* go to quoted-string mode */
 		parse_mode = QUOTED_STRING;
 		cp = line_ptr++;
-		argv = NEW_ARGV (argv, argc);
+		newargv = NEW_ARGV (argv, argc);
+		if (newargv == NULL) {
+		out_of_mem_in_argv:
+		    free(argv);
+		    ss_error(sci_idx, errno, "Can't allocate storage");
+		    *argc_ptr = 0;
+		    return NULL;
+		}
+		argv = newargv;
 		argv[argc++] = cp;
 		argv[argc] = NULL;
 	    }
@@ -75,7 +107,10 @@ char **ss_parse (sci_idx, line_ptr, argc_ptr)
 		/* random-token mode */
 		parse_mode = TOKEN;
 		cp = line_ptr;
-		argv = NEW_ARGV (argv, argc);
+		newargv = NEW_ARGV (argv, argc);
+		if (newargv == NULL)
+		    goto out_of_mem_in_argv;
+		argv = newargv;
 		argv[argc++] = line_ptr;
 		argv[argc] = NULL;
 	    }