[Libvir] [PATCH] Handle failed strdup and malloc.

14 Nov 2007

I noticed a bunch of unchecked strdup's in a row,
and audited the rest of the file:

	Handle failed strdup and malloc.

	* src/remote_internal.c: Don't dereference NULL after
	failed strdup or malloc in doRemoteOpen.

---
 src/remote_internal.c |   22 ++++++++++++++++++++++
 1 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/src/remote_internal.c b/src/remote_internal.c
index 1420a88..bd8b5a7 100644
--- a/src/remote_internal.c
+++ b/src/remote_internal.c
@@ -522,6 +522,10 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv, const char *uri_str
                     sockname = strdup (LIBVIRTD_PRIV_UNIX_SOCKET_RO);
                 else
                     sockname = strdup (LIBVIRTD_PRIV_UNIX_SOCKET);
+                if (sockname == NULL) {
+                    error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+                    goto failed;
+                }
             }
         }
 
@@ -576,10 +580,19 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv, const char *uri_str
         if (no_tty) nr_args += 5;   /* For -T -o BatchMode=yes -e none */
 
         command = command ? : strdup ("ssh");
+        if (command == NULL) {
+            error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+            goto failed;
+        }
 
         // Generate the final command argv[] array.
         //   ssh -p $port [-l $username] $hostname $netcat -U $sockname [NULL]
         cmd_argv = malloc (nr_args * sizeof (char *));
+        if (cmd_argv == NULL) {
+            error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+            goto failed;
+        }
+
         j = 0;
         cmd_argv[j++] = strdup (command);
         cmd_argv[j++] = strdup ("-p");
@@ -601,6 +614,11 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv, const char *uri_str
         cmd_argv[j++] = strdup (sockname ? sockname : LIBVIRTD_PRIV_UNIX_SOCKET);
         cmd_argv[j++] = 0;
         assert (j == nr_args);
+        for (j = 0; j < nr_args; j++)
+            if (cmd_argv[j] == NULL) {
+                error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (ENOMEM));
+                goto failed;
+            }
     }
 
         /*FALLTHROUGH*/
@@ -633,6 +651,10 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv, const char *uri_str
             // Run the external process.
             if (!cmd_argv) {
                 cmd_argv = malloc (2 * sizeof (char *));
+                if (cmd_argv == NULL) {
+                    error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+                    goto failed;
+                }
                 cmd_argv[0] = command;
                 cmd_argv[1] = 0;
             }
-- 
1.5.3.5.666.gfb5f

    

Jim Meyering

Richard W.M. Jones

Jim Meyering

Richard W.M. Jones

tags

participants (2)