status-im/miniupnp
2
0
Fork 0
mirror of https://github.com/status-im/miniupnp.git synced 2025-02-09 12:53:48 +00:00
Code Issues Projects Releases Wiki Activity

fix realloc failure issues detected thanks to cppcheck

Browse Source
This commit is contained in:
Thomas Bernard 2015-02-08 10:23:22 +01:00
parent e280c3dd3a
commit c7d7efd230
8 changed files with 143 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
minissdpd/listifaces.c
View File

@ -1,5 +1,5 @@
/* $Id: listifaces.c,v 1.6 2014/02/03 14:32:14 nanard Exp $ */ /* $Id: listifaces.c,v 1.7 2015/02/08 08:51:54 nanard Exp $ */
/* (c) 2006-2014 Thomas BERNARD /* (c) 2006-2015 Thomas BERNARD
* http://miniupnp.free.fr/ http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ http://miniupnp.tuxfamily.org/
*/ */
#include <sys/types.h> #include <sys/types.h>
@ -49,11 +49,20 @@ void listifaces(void)
/*s = socket(PF_INET, SOCK_DGRAM, 0);*/ /*s = socket(PF_INET, SOCK_DGRAM, 0);*/
s = socket(AF_INET, SOCK_DGRAM, 0); s = socket(AF_INET, SOCK_DGRAM, 0);
do { do {
char * tmp;
#ifdef __linux__ #ifdef __linux__
buflen += buflen; buflen += buflen;
#endif #endif
if(buflen > 0) if(buflen > 0) {
buf = realloc(buf, buflen); tmp = realloc(buf, buflen);
if(!tmp) {
fprintf(stderr, "error allocating %d bytes.\n", buflen);
close(f);
free(buf);
return;
}
buf = tmp;
}
ifc.ifc_len = buflen; ifc.ifc_len = buflen;
ifc.ifc_buf = (caddr_t)buf; ifc.ifc_buf = (caddr_t)buf;
if(ioctl(s, SIOCGIFCONF, &ifc) < 0) if(ioctl(s, SIOCGIFCONF, &ifc) < 0)

16
minissdpd/minissdpd.c
View File

@ -1,6 +1,6 @@
/* $Id: minissdpd.c,v 1.44 2014/12/05 17:31:46 nanard Exp $ */ /* $Id: minissdpd.c,v 1.45 2015/02/08 08:51:54 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* (c) 2007-2014 Thomas Bernard * (c) 2007-2015 Thomas Bernard
* website : http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * website : http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */
@ -196,7 +196,8 @@ add_to_buffer(struct reqelem * req, const unsigned char * data, int len)
} }
tmp = realloc(req->output_buffer, req->output_buffer_len + len); tmp = realloc(req->output_buffer, req->output_buffer_len + len);
if(tmp == NULL) { if(tmp == NULL) {
syslog(LOG_ERR, "%s: failed to allocate %d bytes", __func__, req->output_buffer_len + len); syslog(LOG_ERR, "%s: failed to allocate %d bytes",
__func__, req->output_buffer_len + len);
return -1; return -1;
} }
req->output_buffer = tmp; req->output_buffer = tmp;
@ -269,13 +270,16 @@ updateDevice(const struct header * headers, time_t t)
/* update Location ! */ /* update Location ! */
if(headers[HEADER_LOCATION].l > p->headers[HEADER_LOCATION].l) if(headers[HEADER_LOCATION].l > p->headers[HEADER_LOCATION].l)
{ {
p = realloc(p, sizeof(struct device) struct device * tmp;
+ headers[0].l+headers[1].l+headers[2].l ); tmp = realloc(p, sizeof(struct device)
if(!p) /* allocation error */ + headers[0].l+headers[1].l+headers[2].l);
if(!tmp) /* allocation error */
{ {
syslog(LOG_ERR, "updateDevice() : memory allocation error"); syslog(LOG_ERR, "updateDevice() : memory allocation error");
free(p);
return 0; return 0;
} }
p = tmp;
*pp = p; *pp = p;
} }
memcpy(p->data + p->headers[0].l + p->headers[1].l, memcpy(p->data + p->headers[0].l + p->headers[1].l,

10
miniupnpc/testigddescparse.c
View File

@ -1,8 +1,8 @@
/* $Id: testigddescparse.c,v 1.7 2014/11/17 19:28:20 nanard Exp $ */ /* $Id: testigddescparse.c,v 1.8 2015/02/08 08:46:06 nanard Exp $ */
/* Project : miniupnp /* Project : miniupnp
* http://miniupnp.free.fr/ * http://miniupnp.free.fr/
* Author : Thomas Bernard * Author : Thomas Bernard
* Copyright (c) 2008-2014 Thomas Bernard * Copyright (c) 2008-2015 Thomas Bernard
* This software is subject to the conditions detailed in the * This software is subject to the conditions detailed in the
* LICENCE file provided in this distribution. * LICENCE file provided in this distribution.
* */ * */
@ -155,6 +155,11 @@ int main(int argc, char * * argv)
len = ftell(f); len = ftell(f);
fseek(f, 0, SEEK_SET); fseek(f, 0, SEEK_SET);
buffer = malloc(len); buffer = malloc(len);
if(!buffer) {
fprintf(stderr, "Memory allocation error.\n");
fclose(f);
return 1;
}
fread(buffer, 1, len, f); fread(buffer, 1, len, f);
fclose(f); fclose(f);
f = NULL; f = NULL;
@ -162,6 +167,7 @@ int main(int argc, char * * argv)
f = fopen(argv[2], "r"); f = fopen(argv[2], "r");
if(!f) { if(!f) {
fprintf(stderr, "Cannot open %s for reading.\n", argv[2]); fprintf(stderr, "Cannot open %s for reading.\n", argv[2]);
free(buffer);
return 1; return 1;
} }
} }

5
miniupnpc/wingenminiupnpcstrings.c
View File

@ -1,8 +1,8 @@
/* $Id: wingenminiupnpcstrings.c,v 1.2 2011/01/11 15:31:13 nanard Exp $ */ /* $Id: wingenminiupnpcstrings.c,v 1.4 2015/02/08 08:46:06 nanard Exp $ */
/* Project: miniupnp /* Project: miniupnp
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* Author: Thomas Bernard * Author: Thomas Bernard
* Copyright (c) 2005-2009 Thomas Bernard * Copyright (c) 2005-2015 Thomas Bernard
* This software is subjects to the conditions detailed * This software is subjects to the conditions detailed
* in the LICENSE file provided within this distribution */ * in the LICENSE file provided within this distribution */
#include <stdio.h> #include <stdio.h>
@ -59,6 +59,7 @@ int main(int argc, char * * argv) {
fout = fopen(argv[2], "w"); fout = fopen(argv[2], "w");
if(!fout) { if(!fout) {
fprintf(stderr, "Cannot open %s for writing.\n", argv[2]); fprintf(stderr, "Cannot open %s for writing.\n", argv[2]);
fclose(fin);
return 1; return 1;
} }
n = 0; n = 0;

4
miniupnpd/natpmp.c
View File

@ -1,6 +1,6 @@
/* $Id: natpmp.c,v 1.47 2014/05/19 12:51:52 nanard Exp $ */ /* $Id: natpmp.c,v 1.51 2015/02/08 09:18:15 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* (c) 2007-2014 Thomas Bernard * (c) 2007-2015 Thomas Bernard
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */

115
miniupnpd/netfilter/iptcrdr.c
View File

@ -1,7 +1,7 @@
/* $Id: iptcrdr.c,v 1.50 2012/10/03 14:49:08 nanard Exp $ */ /* $Id: iptcrdr.c,v 1.53 2015/02/08 09:10:00 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2011 Thomas Bernard * (c) 2006-2015 Thomas Bernard
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */
#include <stdio.h> #include <stdio.h>
@ -1083,25 +1083,37 @@ addnatrule(int proto, unsigned short eport,
{ {
int r = 0; int r = 0;
struct ipt_entry * e; struct ipt_entry * e;
struct ipt_entry * tmp;
struct ipt_entry_match *match = NULL; struct ipt_entry_match *match = NULL;
struct ipt_entry_target *target = NULL; struct ipt_entry_target *target = NULL;
e = calloc(1, sizeof(struct ipt_entry)); e = calloc(1, sizeof(struct ipt_entry));
e->ip.proto = proto; if(!e) {
if(proto == IPPROTO_TCP) syslog(LOG_ERR, "%s: calloc(%d) error", "addnatrule",
{ (int)sizeof(struct ipt_entry));
match = get_tcp_match(eport, 0); return -1;
} }
else e->ip.proto = proto;
{ if(proto == IPPROTO_TCP) {
match = get_tcp_match(eport, 0);
} else {
match = get_udp_match(eport, 0); match = get_udp_match(eport, 0);
} }
e->nfcache = NFC_IP_DST_PT; e->nfcache = NFC_IP_DST_PT;
target = get_dnat_target(iaddr, iport); target = get_dnat_target(iaddr, iport);
e->nfcache |= NFC_UNKNOWN; e->nfcache |= NFC_UNKNOWN;
e = realloc(e, sizeof(struct ipt_entry) tmp = realloc(e, sizeof(struct ipt_entry)
+ match->u.match_size + match->u.match_size
+ target->u.target_size); + target->u.target_size);
if(!tmp) {
syslog(LOG_ERR, "%s: realloc(%d) error", "addnatrule",
(int)(sizeof(struct ipt_entry) + match->u.match_size + target->u.target_size));
free(e);
free(match);
free(target);
return -1;
}
e = tmp;
memcpy(e->elems, match, match->u.match_size); memcpy(e->elems, match, match->u.match_size);
memcpy(e->elems + match->u.match_size, target, target->u.target_size); memcpy(e->elems + match->u.match_size, target, target->u.target_size);
e->target_offset = sizeof(struct ipt_entry) e->target_offset = sizeof(struct ipt_entry)
@ -1110,8 +1122,7 @@ addnatrule(int proto, unsigned short eport,
+ match->u.match_size + match->u.match_size
+ target->u.target_size; + target->u.target_size;
/* remote host */ /* remote host */
if(rhost && (rhost[0] != '\0') && (0 != strcmp(rhost, "*"))) if(rhost && (rhost[0] != '\0') && (0 != strcmp(rhost, "*"))) {
{
e->ip.src.s_addr = inet_addr(rhost); e->ip.src.s_addr = inet_addr(rhost);
e->ip.smsk.s_addr = INADDR_NONE; e->ip.smsk.s_addr = INADDR_NONE;
} }
@ -1134,26 +1145,38 @@ addpeernatrule(int proto,
{ {
int r = 0; int r = 0;
struct ipt_entry * e; struct ipt_entry * e;
struct ipt_entry * tmp;
struct ipt_entry_match *match = NULL; struct ipt_entry_match *match = NULL;
struct ipt_entry_target *target = NULL; struct ipt_entry_target *target = NULL;
e = calloc(1, sizeof(struct ipt_entry)); e = calloc(1, sizeof(struct ipt_entry));
if(!e) {
syslog(LOG_ERR, "%s: calloc(%d) error", "addpeernatrule",
(int)sizeof(struct ipt_entry));
return -1;
}
e->ip.proto = proto; e->ip.proto = proto;
/* TODO: Fill port matches and SNAT */ /* TODO: Fill port matches and SNAT */
if(proto == IPPROTO_TCP) if(proto == IPPROTO_TCP) {
{
match = get_tcp_match(rport, iport); match = get_tcp_match(rport, iport);
} } else {
else
{
match = get_udp_match(rport, iport); match = get_udp_match(rport, iport);
} }
e->nfcache = NFC_IP_DST_PT | NFC_IP_SRC_PT; e->nfcache = NFC_IP_DST_PT | NFC_IP_SRC_PT;
target = get_snat_target(eaddr, eport); target = get_snat_target(eaddr, eport);
e->nfcache |= NFC_UNKNOWN; e->nfcache |= NFC_UNKNOWN;
e = realloc(e, sizeof(struct ipt_entry) tmp = realloc(e, sizeof(struct ipt_entry)
+ match->u.match_size + match->u.match_size
+ target->u.target_size); + target->u.target_size);
if(!tmp) {
syslog(LOG_ERR, "%s: realloc(%d) error", "addpeernatrule",
(int)(sizeof(struct ipt_entry) + match->u.match_size + target->u.target_size));
free(e);
free(match);
free(target);
return -1;
}
e = tmp;
memcpy(e->elems, match, match->u.match_size); memcpy(e->elems, match, match->u.match_size);
memcpy(e->elems + match->u.match_size, target, target->u.target_size); memcpy(e->elems + match->u.match_size, target, target->u.target_size);
e->target_offset = sizeof(struct ipt_entry) e->target_offset = sizeof(struct ipt_entry)
@ -1192,26 +1215,38 @@ addpeerdscprule(int proto, unsigned char dscp,
{ {
int r = 0; int r = 0;
struct ipt_entry * e; struct ipt_entry * e;
struct ipt_entry * tmp;
struct ipt_entry_match *match = NULL; struct ipt_entry_match *match = NULL;
struct ipt_entry_target *target = NULL; struct ipt_entry_target *target = NULL;
e = calloc(1, sizeof(struct ipt_entry)); e = calloc(1, sizeof(struct ipt_entry));
if(!e) {
syslog(LOG_ERR, "%s: calloc(%d) error", "addpeerdscprule",
(int)sizeof(struct ipt_entry));
return -1;
}
e->ip.proto = proto; e->ip.proto = proto;
/* TODO: Fill port matches and SNAT */ /* TODO: Fill port matches and SNAT */
if(proto == IPPROTO_TCP) if(proto == IPPROTO_TCP) {
{
match = get_tcp_match(rport, iport); match = get_tcp_match(rport, iport);
} } else {
else
{
match = get_udp_match(rport, iport); match = get_udp_match(rport, iport);
} }
e->nfcache = NFC_IP_DST_PT | NFC_IP_SRC_PT; e->nfcache = NFC_IP_DST_PT | NFC_IP_SRC_PT;
target = get_dscp_target(dscp); target = get_dscp_target(dscp);
e->nfcache |= NFC_UNKNOWN; e->nfcache |= NFC_UNKNOWN;
e = realloc(e, sizeof(struct ipt_entry) tmp = realloc(e, sizeof(struct ipt_entry)
+ match->u.match_size + match->u.match_size
+ target->u.target_size); + target->u.target_size);
if(!tmp) {
syslog(LOG_ERR, "%s: realloc(%d) error", "addpeerdscprule",
(int)(sizeof(struct ipt_entry) + match->u.match_size + target->u.target_size));
free(e);
free(match);
free(target);
return -1;
}
e = tmp;
memcpy(e->elems, match, match->u.match_size); memcpy(e->elems, match, match->u.match_size);
memcpy(e->elems + match->u.match_size, target, target->u.target_size); memcpy(e->elems + match->u.match_size, target, target->u.target_size);
e->target_offset = sizeof(struct ipt_entry) e->target_offset = sizeof(struct ipt_entry)
@ -1264,17 +1299,20 @@ add_filter_rule(int proto, const char * rhost,
{ {
int r = 0; int r = 0;
struct ipt_entry * e; struct ipt_entry * e;
struct ipt_entry * tmp;
struct ipt_entry_match *match = NULL; struct ipt_entry_match *match = NULL;
struct ipt_entry_target *target = NULL; struct ipt_entry_target *target = NULL;
e = calloc(1, sizeof(struct ipt_entry)); e = calloc(1, sizeof(struct ipt_entry));
e->ip.proto = proto; if(!e) {
if(proto == IPPROTO_TCP) syslog(LOG_ERR, "%s: calloc(%d) error", "add_filter_rule",
{ (int)sizeof(struct ipt_entry));
match = get_tcp_match(iport,0); return -1;
} }
else e->ip.proto = proto;
{ if(proto == IPPROTO_TCP) {
match = get_tcp_match(iport,0);
} else {
match = get_udp_match(iport,0); match = get_udp_match(iport,0);
} }
e->nfcache = NFC_IP_DST_PT; e->nfcache = NFC_IP_DST_PT;
@ -1282,9 +1320,18 @@ add_filter_rule(int proto, const char * rhost,
e->ip.dmsk.s_addr = INADDR_NONE; e->ip.dmsk.s_addr = INADDR_NONE;
target = get_accept_target(); target = get_accept_target();
e->nfcache |= NFC_UNKNOWN; e->nfcache |= NFC_UNKNOWN;
e = realloc(e, sizeof(struct ipt_entry) tmp = realloc(e, sizeof(struct ipt_entry)
+ match->u.match_size + match->u.match_size
+ target->u.target_size); + target->u.target_size);
if(!tmp) {
syslog(LOG_ERR, "%s: realloc(%d) error", "add_filter_rule",
(int)(sizeof(struct ipt_entry) + match->u.match_size + target->u.target_size));
free(e);
free(match);
free(target);
return -1;
}
e = tmp;
memcpy(e->elems, match, match->u.match_size); memcpy(e->elems, match, match->u.match_size);
memcpy(e->elems + match->u.match_size, target, target->u.target_size); memcpy(e->elems + match->u.match_size, target, target->u.target_size);
e->target_offset = sizeof(struct ipt_entry) e->target_offset = sizeof(struct ipt_entry)
@ -1374,15 +1421,19 @@ get_portmappings_in_range(unsigned short startport, unsigned short endport,
{ {
if(*number >= capacity) if(*number >= capacity)
{ {
unsigned short * tmp;
/* need to increase the capacity of the array */ /* need to increase the capacity of the array */
array = realloc(array, sizeof(unsigned short)*capacity); tmp = realloc(array, sizeof(unsigned short)*capacity);
if(!array) if(!tmp)
{ {
syslog(LOG_ERR, "get_portmappings_in_range() : realloc(%u) error", syslog(LOG_ERR, "get_portmappings_in_range() : realloc(%u) error",
(unsigned)sizeof(unsigned short)*capacity); (unsigned)sizeof(unsigned short)*capacity);
*number = 0; *number = 0;
free(array);
array = NULL;
break; break;
} }
array = tmp;
array[*number] = eport; array[*number] = eport;
(*number)++; (*number)++;
} }

20
miniupnpd/netfilter/iptpinhole.c
View File

@ -1,7 +1,7 @@
/* $Id: iptpinhole.c,v 1.8 2012/09/18 08:29:17 nanard Exp $ */ /* $Id: iptpinhole.c,v 1.12 2015/02/08 09:16:50 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2012 Thomas Bernard * (c) 2012-2015 Thomas Bernard
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */
@ -201,10 +201,16 @@ int add_pinhole(const char * ifname,
{ {
int uid; int uid;
struct ip6t_entry * e; struct ip6t_entry * e;
struct ip6t_entry * tmp;
struct ip6t_entry_match *match = NULL; struct ip6t_entry_match *match = NULL;
struct ip6t_entry_target *target = NULL; struct ip6t_entry_target *target = NULL;
e = calloc(1, sizeof(struct ip6t_entry)); e = calloc(1, sizeof(struct ip6t_entry));
if(!e) {
syslog(LOG_ERR, "%s: calloc(%d) failed",
"add_pinhole", (int)sizeof(struct ip6t_entry));
return -1;
}
e->ipv6.proto = proto; e->ipv6.proto = proto;
if (proto) if (proto)
e->ipv6.flags |= IP6T_F_PROTO; e->ipv6.flags |= IP6T_F_PROTO;
@ -223,9 +229,17 @@ int add_pinhole(const char * ifname,
match = new_match(proto, rem_port, int_port); match = new_match(proto, rem_port, int_port);
target = get_accept_target(); target = get_accept_target();
e = realloc(e, sizeof(struct ip6t_entry) tmp = realloc(e, sizeof(struct ip6t_entry)
+ match->u.match_size + match->u.match_size
+ target->u.target_size); + target->u.target_size);
if(!tmp) {
syslog(LOG_ERR, "%s: realloc(%d) failed",
"add_pinhole", (int)(sizeof(struct ip6t_entry) + match->u.match_size + target->u.target_size));
free(e);
free(match);
free(target);
return -1;
}
memcpy(e->elems, match, match->u.match_size); memcpy(e->elems, match, match->u.match_size);
memcpy(e->elems + match->u.match_size, target, target->u.target_size); memcpy(e->elems + match->u.match_size, target, target->u.target_size);
e->target_offset = sizeof(struct ip6t_entry) e->target_offset = sizeof(struct ip6t_entry)

11
miniupnpd/pf/obsdrdr.c
View File

@ -1,7 +1,7 @@
/* $Id: obsdrdr.c,v 1.82 2014/04/15 23:15:25 nanard Exp $ */ /* $Id: obsdrdr.c,v 1.84 2015/02/08 08:55:55 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2014 Thomas Bernard * (c) 2006-2015 Thomas Bernard
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */
@ -959,14 +959,17 @@ get_portmappings_in_range(unsigned short startport, unsigned short endport,
if(*number >= capacity) if(*number >= capacity)
{ {
/* need to increase the capacity of the array */ /* need to increase the capacity of the array */
unsigned short * tmp;
capacity += 128; capacity += 128;
array = realloc(array, sizeof(unsigned short)*capacity); tmp = realloc(array, sizeof(unsigned short)*capacity);
if(!array) if(!tmp)
{ {
syslog(LOG_ERR, "get_portmappings_in_range() : realloc(%lu) error", sizeof(unsigned short)*capacity); syslog(LOG_ERR, "get_portmappings_in_range() : realloc(%lu) error", sizeof(unsigned short)*capacity);
*number = 0; *number = 0;
free(array);
return NULL; return NULL;
} }
array = tmp;
} }
array[*number] = eport; array[*number] = eport;
(*number)++; (*number)++;