miniupnpc: Check malloc/calloc return values

fixes #136
This commit is contained in:
Thomas Bernard 2015-07-15 14:48:57 +02:00
parent 769f4d4708
commit e0999ace78
8 changed files with 104 additions and 20 deletions

View File

@ -1,6 +1,9 @@
$Id: Changelog.txt,v 1.206 2015/05/22 10:23:47 nanard Exp $ $Id: Changelog.txt,v 1.208 2015/07/15 12:18:59 nanard Exp $
miniUPnP client Changelog. miniUPnP client Changelog.
2015/07/15:
Check malloc/calloc
2015/06/16: 2015/06/16:
update getDevicesFromMiniSSDPD() to process longer minissdpd update getDevicesFromMiniSSDPD() to process longer minissdpd
responses responses

View File

@ -1,4 +1,4 @@
/* $Id: minihttptestserver.c,v 1.17 2015/02/06 10:31:19 nanard Exp $ */ /* $Id: minihttptestserver.c,v 1.18 2015/07/15 12:41:15 nanard Exp $ */
/* Project : miniUPnP /* Project : miniUPnP
* Author : Thomas Bernard * Author : Thomas Bernard
* Copyright (c) 2011-2015 Thomas Bernard * Copyright (c) 2011-2015 Thomas Bernard
@ -104,6 +104,8 @@ char * build_chunked_response(int content_length, int * response_len)
/* allocate to have some margin */ /* allocate to have some margin */
buffer_length = 256 + content_length + (content_length >> 4); buffer_length = 256 + content_length + (content_length >> 4);
response_buffer = malloc(buffer_length); response_buffer = malloc(buffer_length);
if(response_buffer == NULL)
return NULL;
*response_len = snprintf(response_buffer, buffer_length, *response_len = snprintf(response_buffer, buffer_length,
"HTTP/1.1 200 OK\r\n" "HTTP/1.1 200 OK\r\n"
"Content-Type: text/plain\r\n" "Content-Type: text/plain\r\n"
@ -112,6 +114,10 @@ char * build_chunked_response(int content_length, int * response_len)
/* build the content */ /* build the content */
content_buffer = malloc(content_length); content_buffer = malloc(content_length);
if(content_buffer == NULL) {
free(response_buffer);
return NULL;
}
build_content(content_buffer, content_length); build_content(content_buffer, content_length);
/* chunk it */ /* chunk it */
@ -578,12 +584,16 @@ int main(int argc, char * * argv) {
if(f) { if(f) {
char * buffer; char * buffer;
buffer = malloc(16*1024); buffer = malloc(16*1024);
if(buffer == NULL) {
fprintf(stderr, "memory allocation error\n");
} else {
build_content(buffer, 16*1024); build_content(buffer, 16*1024);
i = fwrite(buffer, 1, 16*1024, f); i = fwrite(buffer, 1, 16*1024, f);
if(i != 16*1024) { if(i != 16*1024) {
fprintf(stderr, "error writing to file %s : %dbytes written (out of %d)\n", expected_file_name, i, 16*1024); fprintf(stderr, "error writing to file %s : %dbytes written (out of %d)\n", expected_file_name, i, 16*1024);
} }
free(buffer); free(buffer);
}
fclose(f); fclose(f);
} else { } else {
fprintf(stderr, "error opening file %s for writing\n", expected_file_name); fprintf(stderr, "error opening file %s for writing\n", expected_file_name);

View File

@ -1,4 +1,4 @@
/* $Id: miniupnpc.c,v 1.127 2015/05/22 10:42:46 nanard Exp $ */ /* $Id: miniupnpc.c,v 1.131 2015/07/15 12:41:14 nanard Exp $ */
/* Project : miniupnp /* Project : miniupnp
* Web : http://miniupnp.free.fr/ * Web : http://miniupnp.free.fr/
* Author : Thomas BERNARD * Author : Thomas BERNARD
@ -463,10 +463,12 @@ upnpDiscoverDevices(const char * const deviceTypes[],
printf("ifIndex=%lu nextHop=%lx \n", ip_forward.dwForwardIfIndex, ip_forward.dwForwardNextHop); printf("ifIndex=%lu nextHop=%lx \n", ip_forward.dwForwardIfIndex, ip_forward.dwForwardNextHop);
#endif #endif
pIPAddrTable = (MIB_IPADDRTABLE *) malloc(sizeof (MIB_IPADDRTABLE)); pIPAddrTable = (MIB_IPADDRTABLE *) malloc(sizeof (MIB_IPADDRTABLE));
if(pIPAddrTable) {
if (GetIpAddrTable(pIPAddrTable, &dwSize, 0) == ERROR_INSUFFICIENT_BUFFER) { if (GetIpAddrTable(pIPAddrTable, &dwSize, 0) == ERROR_INSUFFICIENT_BUFFER) {
free(pIPAddrTable); free(pIPAddrTable);
pIPAddrTable = (MIB_IPADDRTABLE *) malloc(dwSize); pIPAddrTable = (MIB_IPADDRTABLE *) malloc(dwSize);
} }
}
if(pIPAddrTable) { if(pIPAddrTable) {
dwRetVal = GetIpAddrTable( pIPAddrTable, &dwSize, 0 ); dwRetVal = GetIpAddrTable( pIPAddrTable, &dwSize, 0 );
#ifdef DEBUG #ifdef DEBUG

View File

@ -1,4 +1,4 @@
/* $Id: miniwget.c,v 1.68 2015/02/06 10:26:57 nanard Exp $ */ /* $Id: miniwget.c,v 1.70 2015/07/15 12:41:13 nanard Exp $ */
/* Project : miniupnp /* Project : miniupnp
* Website : http://miniupnp.free.fr/ * Website : http://miniupnp.free.fr/
* Author : Thomas Bernard * Author : Thomas Bernard
@ -85,7 +85,24 @@ getHTTPResponse(int s, int * size)
unsigned int chunksize_buf_index; unsigned int chunksize_buf_index;
header_buf = malloc(header_buf_len); header_buf = malloc(header_buf_len);
if(header_buf == NULL)
{
#ifdef DEBUG
fprintf(stderr, "%s: Memory allocation error\n", "getHTTPResponse");
#endif /* DEBUG */
*size = -1;
return NULL;
}
content_buf = malloc(content_buf_len); content_buf = malloc(content_buf_len);
if(header_buf == NULL)
{
free(header_buf);
#ifdef DEBUG
fprintf(stderr, "%s: Memory allocation error\n", "getHTTPResponse");
#endif /* DEBUG */
*size = -1;
return NULL;
}
chunksize_buf[0] = '\0'; chunksize_buf[0] = '\0';
chunksize_buf_index = 0; chunksize_buf_index = 0;

View File

@ -1,11 +1,14 @@
/* $Id: portlistingparse.c,v 1.7 2014/11/01 10:37:32 nanard Exp $ */ /* $Id: portlistingparse.c,v 1.9 2015/07/15 12:41:13 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2011 Thomas Bernard * (c) 2011-2015 Thomas Bernard
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#ifdef DEBUG
#include <stdio.h>
#endif /* DEBUG */
#include "portlistingparse.h" #include "portlistingparse.h"
#include "minixml.h" #include "minixml.h"
@ -62,6 +65,15 @@ startelt(void * d, const char * name, int l)
{ {
struct PortMapping * pm; struct PortMapping * pm;
pm = calloc(1, sizeof(struct PortMapping)); pm = calloc(1, sizeof(struct PortMapping));
if(pm == NULL)
{
/* malloc error */
#ifdef DEBUG
fprintf(stderr, "%s: error allocating memory",
"startelt");
#endif /* DEBUG */
return;
}
pm->l_next = pdata->l_head; /* insert in list */ pm->l_next = pdata->l_head; /* insert in list */
pdata->l_head = pm; pdata->l_head = pm;
} }

View File

@ -1,4 +1,4 @@
/* $Id: upnpcommands.c,v 1.45 2015/02/06 10:37:00 nanard Exp $ */ /* $Id: upnpcommands.c,v 1.46 2015/07/15 12:19:00 nanard Exp $ */
/* Project : miniupnp /* Project : miniupnp
* Author : Thomas Bernard * Author : Thomas Bernard
* Copyright (c) 2005-2015 Thomas Bernard * Copyright (c) 2005-2015 Thomas Bernard
@ -354,6 +354,8 @@ UPNP_AddPortMapping(const char * controlURL, const char * servicetype,
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
AddPortMappingArgs = calloc(9, sizeof(struct UPNParg)); AddPortMappingArgs = calloc(9, sizeof(struct UPNParg));
if(AddPortMappingArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
AddPortMappingArgs[0].elt = "NewRemoteHost"; AddPortMappingArgs[0].elt = "NewRemoteHost";
AddPortMappingArgs[0].val = remoteHost; AddPortMappingArgs[0].val = remoteHost;
AddPortMappingArgs[1].elt = "NewExternalPort"; AddPortMappingArgs[1].elt = "NewExternalPort";
@ -416,6 +418,8 @@ UPNP_AddAnyPortMapping(const char * controlURL, const char * servicetype,
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
AddPortMappingArgs = calloc(9, sizeof(struct UPNParg)); AddPortMappingArgs = calloc(9, sizeof(struct UPNParg));
if(AddPortMappingArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
AddPortMappingArgs[0].elt = "NewRemoteHost"; AddPortMappingArgs[0].elt = "NewRemoteHost";
AddPortMappingArgs[0].val = remoteHost; AddPortMappingArgs[0].val = remoteHost;
AddPortMappingArgs[1].elt = "NewExternalPort"; AddPortMappingArgs[1].elt = "NewExternalPort";
@ -478,6 +482,8 @@ UPNP_DeletePortMapping(const char * controlURL, const char * servicetype,
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
DeletePortMappingArgs = calloc(4, sizeof(struct UPNParg)); DeletePortMappingArgs = calloc(4, sizeof(struct UPNParg));
if(DeletePortMappingArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
DeletePortMappingArgs[0].elt = "NewRemoteHost"; DeletePortMappingArgs[0].elt = "NewRemoteHost";
DeletePortMappingArgs[0].val = remoteHost; DeletePortMappingArgs[0].val = remoteHost;
DeletePortMappingArgs[1].elt = "NewExternalPort"; DeletePortMappingArgs[1].elt = "NewExternalPort";
@ -522,6 +528,8 @@ UPNP_DeletePortMappingRange(const char * controlURL, const char * servicetype,
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
DeletePortMappingArgs = calloc(5, sizeof(struct UPNParg)); DeletePortMappingArgs = calloc(5, sizeof(struct UPNParg));
if(DeletePortMappingArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
DeletePortMappingArgs[0].elt = "NewStartPort"; DeletePortMappingArgs[0].elt = "NewStartPort";
DeletePortMappingArgs[0].val = extPortStart; DeletePortMappingArgs[0].val = extPortStart;
DeletePortMappingArgs[1].elt = "NewEndPort"; DeletePortMappingArgs[1].elt = "NewEndPort";
@ -575,6 +583,8 @@ UPNP_GetGenericPortMappingEntry(const char * controlURL,
intClient[0] = '\0'; intClient[0] = '\0';
intPort[0] = '\0'; intPort[0] = '\0';
GetPortMappingArgs = calloc(2, sizeof(struct UPNParg)); GetPortMappingArgs = calloc(2, sizeof(struct UPNParg));
if(GetPortMappingArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
GetPortMappingArgs[0].elt = "NewPortMappingIndex"; GetPortMappingArgs[0].elt = "NewPortMappingIndex";
GetPortMappingArgs[0].val = index; GetPortMappingArgs[0].val = index;
if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype, if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
@ -710,6 +720,8 @@ UPNP_GetSpecificPortMappingEntry(const char * controlURL,
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
GetPortMappingArgs = calloc(4, sizeof(struct UPNParg)); GetPortMappingArgs = calloc(4, sizeof(struct UPNParg));
if(GetPortMappingArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
GetPortMappingArgs[0].elt = "NewRemoteHost"; GetPortMappingArgs[0].elt = "NewRemoteHost";
GetPortMappingArgs[0].val = remoteHost; GetPortMappingArgs[0].val = remoteHost;
GetPortMappingArgs[1].elt = "NewExternalPort"; GetPortMappingArgs[1].elt = "NewExternalPort";
@ -799,6 +811,8 @@ UPNP_GetListOfPortMappings(const char * controlURL,
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
GetListOfPortMappingsArgs = calloc(6, sizeof(struct UPNParg)); GetListOfPortMappingsArgs = calloc(6, sizeof(struct UPNParg));
if(GetListOfPortMappingsArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
GetListOfPortMappingsArgs[0].elt = "NewStartPort"; GetListOfPortMappingsArgs[0].elt = "NewStartPort";
GetListOfPortMappingsArgs[0].val = startPort; GetListOfPortMappingsArgs[0].val = startPort;
GetListOfPortMappingsArgs[1].elt = "NewEndPort"; GetListOfPortMappingsArgs[1].elt = "NewEndPort";
@ -926,6 +940,8 @@ UPNP_GetOutboundPinholeTimeout(const char * controlURL, const char * servicetype
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
GetOutboundPinholeTimeoutArgs = calloc(6, sizeof(struct UPNParg)); GetOutboundPinholeTimeoutArgs = calloc(6, sizeof(struct UPNParg));
if(GetOutboundPinholeTimeoutArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
GetOutboundPinholeTimeoutArgs[0].elt = "RemoteHost"; GetOutboundPinholeTimeoutArgs[0].elt = "RemoteHost";
GetOutboundPinholeTimeoutArgs[0].val = remoteHost; GetOutboundPinholeTimeoutArgs[0].val = remoteHost;
GetOutboundPinholeTimeoutArgs[1].elt = "RemotePort"; GetOutboundPinholeTimeoutArgs[1].elt = "RemotePort";
@ -982,6 +998,8 @@ UPNP_AddPinhole(const char * controlURL, const char * servicetype,
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
AddPinholeArgs = calloc(7, sizeof(struct UPNParg)); AddPinholeArgs = calloc(7, sizeof(struct UPNParg));
if(AddPinholeArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
/* RemoteHost can be wilcarded */ /* RemoteHost can be wilcarded */
if(strncmp(remoteHost, "empty", 5)==0) if(strncmp(remoteHost, "empty", 5)==0)
{ {
@ -1055,6 +1073,8 @@ UPNP_UpdatePinhole(const char * controlURL, const char * servicetype,
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
UpdatePinholeArgs = calloc(3, sizeof(struct UPNParg)); UpdatePinholeArgs = calloc(3, sizeof(struct UPNParg));
if(UpdatePinholeArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
UpdatePinholeArgs[0].elt = "UniqueID"; UpdatePinholeArgs[0].elt = "UniqueID";
UpdatePinholeArgs[0].val = uniqueID; UpdatePinholeArgs[0].val = uniqueID;
UpdatePinholeArgs[1].elt = "NewLeaseTime"; UpdatePinholeArgs[1].elt = "NewLeaseTime";
@ -1096,6 +1116,8 @@ UPNP_DeletePinhole(const char * controlURL, const char * servicetype, const char
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
DeletePinholeArgs = calloc(2, sizeof(struct UPNParg)); DeletePinholeArgs = calloc(2, sizeof(struct UPNParg));
if(DeletePinholeArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
DeletePinholeArgs[0].elt = "UniqueID"; DeletePinholeArgs[0].elt = "UniqueID";
DeletePinholeArgs[0].val = uniqueID; DeletePinholeArgs[0].val = uniqueID;
buffer = simpleUPnPcommand(-1, controlURL, servicetype, buffer = simpleUPnPcommand(-1, controlURL, servicetype,
@ -1135,6 +1157,8 @@ UPNP_CheckPinholeWorking(const char * controlURL, const char * servicetype,
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
CheckPinholeWorkingArgs = calloc(4, sizeof(struct UPNParg)); CheckPinholeWorkingArgs = calloc(4, sizeof(struct UPNParg));
if(CheckPinholeWorkingArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
CheckPinholeWorkingArgs[0].elt = "UniqueID"; CheckPinholeWorkingArgs[0].elt = "UniqueID";
CheckPinholeWorkingArgs[0].val = uniqueID; CheckPinholeWorkingArgs[0].val = uniqueID;
buffer = simpleUPnPcommand(-1, controlURL, servicetype, buffer = simpleUPnPcommand(-1, controlURL, servicetype,
@ -1180,6 +1204,8 @@ UPNP_GetPinholePackets(const char * controlURL, const char * servicetype,
return UPNPCOMMAND_INVALID_ARGS; return UPNPCOMMAND_INVALID_ARGS;
GetPinholePacketsArgs = calloc(4, sizeof(struct UPNParg)); GetPinholePacketsArgs = calloc(4, sizeof(struct UPNParg));
if(GetPinholePacketsArgs == NULL)
return UPNPCOMMAND_MEM_ALLOC_ERROR;
GetPinholePacketsArgs[0].elt = "UniqueID"; GetPinholePacketsArgs[0].elt = "UniqueID";
GetPinholePacketsArgs[0].val = uniqueID; GetPinholePacketsArgs[0].val = uniqueID;
buffer = simpleUPnPcommand(-1, controlURL, servicetype, buffer = simpleUPnPcommand(-1, controlURL, servicetype,

View File

@ -1,7 +1,7 @@
/* $Id: upnpcommands.h,v 1.27 2014/02/17 15:38:26 nanard Exp $ */ /* $Id: upnpcommands.h,v 1.30 2015/07/15 12:21:28 nanard Exp $ */
/* Miniupnp project : http://miniupnp.free.fr/ /* Miniupnp project : http://miniupnp.free.fr/
* Author : Thomas Bernard * Author : Thomas Bernard
* Copyright (c) 2005-2014 Thomas Bernard * Copyright (c) 2005-2015 Thomas Bernard
* This software is subject to the conditions detailed in the * This software is subject to the conditions detailed in the
* LICENCE file provided within this distribution */ * LICENCE file provided within this distribution */
#ifndef UPNPCOMMANDS_H_INCLUDED #ifndef UPNPCOMMANDS_H_INCLUDED
@ -18,6 +18,7 @@
#define UPNPCOMMAND_INVALID_ARGS (-2) #define UPNPCOMMAND_INVALID_ARGS (-2)
#define UPNPCOMMAND_HTTP_ERROR (-3) #define UPNPCOMMAND_HTTP_ERROR (-3)
#define UPNPCOMMAND_INVALID_RESPONSE (-4) #define UPNPCOMMAND_INVALID_RESPONSE (-4)
#define UPNPCOMMAND_MEM_ALLOC_ERROR (-5)
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {

View File

@ -1,7 +1,7 @@
/* $Id: upnpreplyparse.c,v 1.17 2014/11/04 22:25:48 nanard Exp $ */ /* $Id: upnpreplyparse.c,v 1.19 2015/07/15 10:29:11 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2014 Thomas Bernard * (c) 2006-2015 Thomas Bernard
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */
@ -40,6 +40,15 @@ NameValueParserEndElt(void * d, const char * name, int l)
/* standard case. Limited to n chars strings */ /* standard case. Limited to n chars strings */
l = data->cdatalen; l = data->cdatalen;
nv = malloc(sizeof(struct NameValue)); nv = malloc(sizeof(struct NameValue));
if(nv == NULL)
{
/* malloc error */
#ifdef DEBUG
fprintf(stderr, "%s: error allocating memory",
"NameValueParserEndElt");
#endif /* DEBUG */
return;
}
if(l>=(int)sizeof(nv->value)) if(l>=(int)sizeof(nv->value))
l = sizeof(nv->value) - 1; l = sizeof(nv->value) - 1;
strncpy(nv->name, data->curelt, 64); strncpy(nv->name, data->curelt, 64);
@ -72,6 +81,10 @@ NameValueParserGetData(void * d, const char * datas, int l)
if(!data->portListing) if(!data->portListing)
{ {
/* malloc error */ /* malloc error */
#ifdef DEBUG
fprintf(stderr, "%s: error allocating memory",
"NameValueParserGetData");
#endif /* DEBUG */
return; return;
} }
memcpy(data->portListing, datas, l); memcpy(data->portListing, datas, l);
@ -180,5 +193,5 @@ DisplayNameValueList(char * buffer, int bufsize)
} }
ClearNameValueList(&pdata); ClearNameValueList(&pdata);
} }
#endif #endif /* DEBUG */