[OpenWrt-Devel] [PATCH v2 3/7] uclient-http: auth digest: Handle multiple possible memory allocation failures
Tobias Schramm
tobleminer at gmail.com
Sun Feb 18 07:46:06 EST 2018
Add null pointer checks to allocation of buffers for authentication parameters
Signed-off-by: Tobias Schramm <tobleminer at gmail.com>
---
uclient-http.c | 43 ++++++++++++++++++++++++++++++++++---------
1 file changed, 34 insertions(+), 9 deletions(-)
diff --git a/uclient-http.c b/uclient-http.c
index 36e2b38..20b8a9a 100644
--- a/uclient-http.c
+++ b/uclient-http.c
@@ -433,13 +433,14 @@ static void add_field(char **buf, int *ofs, int *len, const char *name, const ch
*ofs = cur - *buf;
}
-static void
+static int
uclient_http_add_auth_digest(struct uclient_http *uh)
{
+ int err = 0;
struct uclient_url *url = uh->uc.url;
const char *realm = NULL, *opaque = NULL;
const char *user, *password;
- char *buf, *next;
+ char *buf, *next, *buf_orig;
int len, ofs;
char cnonce_str[9];
@@ -454,14 +455,21 @@ uclient_http_add_auth_digest(struct uclient_http *uh)
};
len = strlen(uh->auth_str) + 1;
- if (len > 512)
- return;
+ if (len > 512) {
+ err = -EINVAL;
+ goto fail;
+ }
buf = alloca(len);
+ if (!buf) {
+ err = -ENOMEM;
+ goto fail;
+ }
+
strcpy(buf, uh->auth_str);
/* skip auth type */
- strsep(&buf, " ");
+ buf_orig = strsep(&buf, " ");
next = buf;
while (*next) {
@@ -495,8 +503,10 @@ uclient_http_add_auth_digest(struct uclient_http *uh)
*dest = digest_unquote_sep(&next);
}
- if (!realm || !data.qop || !data.nonce)
- return;
+ if (!realm || !data.qop || !data.nonce) {
+ err = -EINVAL;
+ goto fail_buf;
+ }
sprintf(nc_str, "%08x", uh->nc++);
get_cnonce(cnonce_str);
@@ -510,10 +520,17 @@ uclient_http_add_auth_digest(struct uclient_http *uh)
char *user_buf;
len = password - url->auth;
- if (len > 256)
- return;
+ if (len > 256) {
+ err = -EINVAL;
+ goto fail_buf;
+ }
user_buf = alloca(len + 1);
+ if (!user_buf) {
+ err = -ENOMEM;
+ goto fail_buf;
+ }
+
strncpy(user_buf, url->auth, len);
user_buf[len] = 0;
user = user_buf;
@@ -540,7 +557,15 @@ uclient_http_add_auth_digest(struct uclient_http *uh)
add_field(&buf, &ofs, &len, "opaque", opaque);
ustream_printf(uh->us, "Authorization: Digest nc=%s, qop=%s%s\r\n", data.nc, data.qop, buf);
+
free(buf);
+
+ return 0;
+
+fail_buf:
+ free(buf_orig);
+fail:
+ return err;
}
static void
--
2.16.1
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list