curl/OS400-handle-memory-error-in-list-conversion.patch

From a58b27740fd78fee88b35104fa71b7019280ccff Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Thu, 13 Dec 2018 10:15:00 +0100
Subject: [PATCH 363/557] OS400: handle memory error in list conversion

Curl_slist_append_nodup() returns NULL when it fails to create a new
item for the specified list, and since the coding here reassigned the
new list on top of the old list it would result in a dangling pointer
and lost memory. Also, in case we hit an allocation failure at some
point during the conversion, with allocation succeeding again on the
subsequent call(s) we will return a truncated list around the malloc
failure point. Fix by assigning to a temporary list pointer, which can
be checked (which is the common pattern for slist appending), and free
all the resources on allocation failure.

Closes #3372
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
---
 packages/OS400/ccsidcurl.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c
index b1d3ba8..ca711d0 100644
--- a/packages/OS400/ccsidcurl.c
+++ b/packages/OS400/ccsidcurl.c
@@ -219,13 +219,20 @@ slist_convert(int dccsid, struct curl_slist * from, int sccsid)
   struct curl_slist * to = (struct curl_slist *) NULL;
 
   for(; from; from = from->next) {
+    struct curl_slist *nl;
     char * cp = dynconvert(dccsid, from->data, -1, sccsid);
 
     if(!cp) {
       curl_slist_free_all(to);
       return (struct curl_slist *) NULL;
     }
-    to = Curl_slist_append_nodup(to, cp);
+    nl = Curl_slist_append_nodup(to, cp);
+    if(!nl) {
+      curl_slist_free_all(to);
+      free(cp);
+      return NULL;
+    }
+    to = nl;
   }
   return to;
 }
-- 
1.8.3.1
Package init 2019-09-30 10:36:29 -04:00			`From a58b27740fd78fee88b35104fa71b7019280ccff Mon Sep 17 00:00:00 2001`
			`From: Daniel Gustafsson <daniel@yesql.se>`
			`Date: Thu, 13 Dec 2018 10:15:00 +0100`
			`Subject: [PATCH 363/557] OS400: handle memory error in list conversion`

			`Curl_slist_append_nodup() returns NULL when it fails to create a new`
			`item for the specified list, and since the coding here reassigned the`
			`new list on top of the old list it would result in a dangling pointer`
			`and lost memory. Also, in case we hit an allocation failure at some`
			`point during the conversion, with allocation succeeding again on the`
			`subsequent call(s) we will return a truncated list around the malloc`
			`failure point. Fix by assigning to a temporary list pointer, which can`
			`be checked (which is the common pattern for slist appending), and free`
			`all the resources on allocation failure.`

			`Closes #3372`
			`Reviewed-by: Daniel Stenberg <daniel@haxx.se>`
			`---`
			`packages/OS400/ccsidcurl.c \| 9 ++++++++-`
			`1 file changed, 8 insertions(+), 1 deletion(-)`

			`diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c`
			`index b1d3ba8..ca711d0 100644`
			`--- a/packages/OS400/ccsidcurl.c`
			`+++ b/packages/OS400/ccsidcurl.c`
			`@@ -219,13 +219,20 @@ slist_convert(int dccsid, struct curl_slist * from, int sccsid)`
			`struct curl_slist * to = (struct curl_slist *) NULL;`

			`for(; from; from = from->next) {`
			`+ struct curl_slist *nl;`
			`char * cp = dynconvert(dccsid, from->data, -1, sccsid);`

			`if(!cp) {`
			`curl_slist_free_all(to);`
			`return (struct curl_slist *) NULL;`
			`}`
			`- to = Curl_slist_append_nodup(to, cp);`
			`+ nl = Curl_slist_append_nodup(to, cp);`
			`+ if(!nl) {`
			`+ curl_slist_free_all(to);`
			`+ free(cp);`
			`+ return NULL;`
			`+ }`
			`+ to = nl;`
			`}`
			`return to;`
			`}`
			`--`
			`1.8.3.1`