From 557fd71fb1407c5de53cd9a19f167c70488077d2 Mon Sep 17 00:00:00 2001 From: Thomas Bernard Date: Fri, 6 Feb 2015 11:39:16 +0100 Subject: [PATCH] miniupnpc: check realloc() return --- miniupnpc/minihttptestserver.c | 22 ++++++++++++++++---- miniupnpc/miniwget.c | 38 +++++++++++++++++++++++++++------- 2 files changed, 49 insertions(+), 11 deletions(-) diff --git a/miniupnpc/minihttptestserver.c b/miniupnpc/minihttptestserver.c index fb77965..bbfdac3 100644 --- a/miniupnpc/minihttptestserver.c +++ b/miniupnpc/minihttptestserver.c @@ -1,7 +1,7 @@ -/* $Id: minihttptestserver.c,v 1.16 2014/04/01 15:08:28 nanard Exp $ */ +/* $Id: minihttptestserver.c,v 1.17 2015/02/06 10:31:19 nanard Exp $ */ /* Project : miniUPnP * Author : Thomas Bernard - * Copyright (c) 2011-2014 Thomas Bernard + * Copyright (c) 2011-2015 Thomas Bernard * This software is subject to the conditions detailed in the * LICENCE file provided in this distribution. * */ @@ -414,7 +414,14 @@ void handle_http_connection(int c) "Content-Length: %d\r\n" "\r\n", content_length); response_len = content_length+n+CRAP_LENGTH; - response_buffer = realloc(response_buffer, response_len); + p = realloc(response_buffer, response_len); + if(p == NULL) { + /* error 500 */ + free(response_buffer); + response_buffer = NULL; + break; + } + response_buffer = p; build_content(response_buffer + n, content_length); build_crap(response_buffer + n + content_length, CRAP_LENGTH); break; @@ -445,7 +452,14 @@ void handle_http_connection(int c) "Content-Type: text/plain\r\n" "\r\n"); response_len = content_length+n; - response_buffer = realloc(response_buffer, response_len); + p = realloc(response_buffer, response_len); + if(p == NULL) { + /* Error 500 */ + free(response_buffer); + response_buffer = NULL; + break; + } + response_buffer = p; build_content(response_buffer + n, response_len - n); } diff --git a/miniupnpc/miniwget.c b/miniupnpc/miniwget.c index 233186c..1edf18c 100644 --- a/miniupnpc/miniwget.c +++ b/miniupnpc/miniwget.c @@ -1,8 +1,8 @@ -/* $Id: miniwget.c,v 1.65 2014/11/04 22:31:55 nanard Exp $ */ +/* $Id: miniwget.c,v 1.68 2015/02/06 10:26:57 nanard Exp $ */ /* Project : miniupnp * Website : http://miniupnp.free.fr/ * Author : Thomas Bernard - * Copyright (c) 2005-2014 Thomas Bernard + * Copyright (c) 2005-2015 Thomas Bernard * This software is subject to the conditions detailed in the * LICENCE file provided in this distribution. */ @@ -98,7 +98,15 @@ getHTTPResponse(int s, int * size) int colon=0; int valuestart=0; if(header_buf_used + n > header_buf_len) { - header_buf = realloc(header_buf, header_buf_used + n); + char * tmp = realloc(header_buf, header_buf_used + n); + if(tmp == NULL) { + /* memory allocation error */ + free(header_buf); + free(content_buf); + *size = -1; + return NULL; + } + header_buf = tmp; header_buf_len = header_buf_used + n; } memcpy(header_buf + header_buf_used, buf, n); @@ -233,13 +241,21 @@ getHTTPResponse(int s, int * size) bytestocopy = ((int)chunksize < (n - i))?chunksize:(unsigned int)(n - i); if((content_buf_used + bytestocopy) > content_buf_len) { + char * tmp; if(content_length >= (int)(content_buf_used + bytestocopy)) { content_buf_len = content_length; } else { content_buf_len = content_buf_used + bytestocopy; } - content_buf = (char *)realloc((void *)content_buf, - content_buf_len); + tmp = realloc(content_buf, content_buf_len); + if(tmp == NULL) { + /* memory allocation error */ + free(content_buf); + free(header_buf); + *size = -1; + return NULL; + } + content_buf = tmp; } memcpy(content_buf + content_buf_used, buf + i, bytestocopy); content_buf_used += bytestocopy; @@ -257,13 +273,21 @@ getHTTPResponse(int s, int * size) } if(content_buf_used + n > content_buf_len) { + char * tmp; if(content_length >= (int)(content_buf_used + n)) { content_buf_len = content_length; } else { content_buf_len = content_buf_used + n; } - content_buf = (char *)realloc((void *)content_buf, - content_buf_len); + tmp = realloc(content_buf, content_buf_len); + if(tmp == NULL) { + /* memory allocation error */ + free(content_buf); + free(header_buf); + *size = -1; + return NULL; + } + content_buf = tmp; } memcpy(content_buf + content_buf_used, buf, n); content_buf_used += n;