mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 08:38:49 -05:00
memory: ensure to check allocation results
The result of a memory allocation should always be checked, as we may run under memory pressure where even a small allocation can fail. This adds checking and error handling to a few cases where the allocation wasn't checked for success. In the ftp case, the freeing of the path variable is moved ahead of the allocation since there is little point in keeping it around across the strdup, and the separation makes for more readable code. In nwlib, the lock is aslo freed in the error path. Also bumps the copyright years on affected files. Closes #3084 Reviewed-by: Jay Satiro <raysatiro@yahoo.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
This commit is contained in:
parent
e182fc1613
commit
2873971d62
@ -3213,9 +3213,11 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
|
||||
ftpc->prevpath[dlen] = 0; /* terminate */
|
||||
}
|
||||
else {
|
||||
free(path);
|
||||
/* we never changed dir */
|
||||
ftpc->prevpath = strdup("");
|
||||
free(path);
|
||||
if(!ftpc->prevpath)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
}
|
||||
if(ftpc->prevpath)
|
||||
infof(data, "Remembering we are in dir \"%s\"\n", ftpc->prevpath);
|
||||
|
@ -957,6 +957,8 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
|
||||
stream->push_headers_alloc = 10;
|
||||
stream->push_headers = malloc(stream->push_headers_alloc *
|
||||
sizeof(char *));
|
||||
if(!stream->push_headers)
|
||||
return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
|
||||
stream->push_headers_used = 0;
|
||||
}
|
||||
else if(stream->push_headers_used ==
|
||||
|
@ -5,7 +5,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@ -195,7 +195,7 @@ int GetOrSetUpData(int id, libdata_t **appData,
|
||||
if(!app_data->tenbytes || !app_data->lock) {
|
||||
if(app_data->lock)
|
||||
NXMutexFree(app_data->lock);
|
||||
|
||||
free(app_data->tenbytes);
|
||||
free(app_data);
|
||||
app_data = (libdata_t *) NULL;
|
||||
err = ENOMEM;
|
||||
@ -213,6 +213,9 @@ int GetOrSetUpData(int id, libdata_t **appData,
|
||||
err = set_app_data(gLibId, app_data);
|
||||
|
||||
if(err) {
|
||||
if(app_data->lock)
|
||||
NXMutexFree(app_data->lock);
|
||||
free(app_data->tenbytes);
|
||||
free(app_data);
|
||||
app_data = (libdata_t *) NULL;
|
||||
err = ENOMEM;
|
||||
|
@ -5,7 +5,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@ -781,6 +781,8 @@ static CURLcode _Curl_auth_create_digest_http_message(
|
||||
*/
|
||||
|
||||
hashthis = (unsigned char *) aprintf("%s:%s", request, uripath);
|
||||
if(!hashthis)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
if(digest->qop && strcasecompare(digest->qop, "auth-int")) {
|
||||
/* We don't support auth-int for PUT or POST at the moment.
|
||||
|
@ -319,6 +319,10 @@ static CURLcode verify_host(struct Curl_easy *data,
|
||||
* embedded null bytes. This appears to be undocumented behavior.
|
||||
*/
|
||||
cert_hostname_buff = (LPTSTR)malloc(len * sizeof(TCHAR));
|
||||
if(!cert_hostname_buff) {
|
||||
result = CURLE_OUT_OF_MEMORY;
|
||||
goto cleanup;
|
||||
}
|
||||
actual_len = CertGetNameString(pCertContextServer,
|
||||
CERT_NAME_DNS_TYPE,
|
||||
name_flags,
|
||||
|
Loading…
Reference in New Issue
Block a user