curl/memory-ensure-to-check-allocation-results.patch

From 2873971d6251b7c1eb278df1ee2b944d7c3fcdba Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Wed, 3 Oct 2018 00:56:29 +0200
Subject: [PATCH 129/557] memory: ensure to check allocation results

The result of a memory allocation should always be checked, as we may
run under memory pressure where even a small allocation can fail. This
adds checking and error handling to a few cases where the allocation
wasn't checked for success. In the ftp case, the freeing of the path
variable is moved ahead of the allocation since there is little point
in keeping it around across the strdup, and the separation makes for
more readable code. In nwlib, the lock is aslo freed in the error path.

Also bumps the copyright years on affected files.

Closes #3084
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
---
 lib/ftp.c                  | 4 +++-
 lib/http2.c                | 2 ++
 lib/nwlib.c                | 7 +++++--
 lib/vauth/digest.c         | 4 +++-
 lib/vtls/schannel_verify.c | 4 ++++
 5 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/lib/ftp.c b/lib/ftp.c
index a966817..793d991 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -3213,9 +3213,11 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
           ftpc->prevpath[dlen] = 0; /* terminate */
       }
       else {
+        free(path);
         /* we never changed dir */
         ftpc->prevpath = strdup("");
-        free(path);
+        if(!ftpc->prevpath)
+          return CURLE_OUT_OF_MEMORY;
       }
       if(ftpc->prevpath)
         infof(data, "Remembering we are in dir \"%s\"\n", ftpc->prevpath);
diff --git a/lib/http2.c b/lib/http2.c
index 29edfba..ed47b73 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -924,6 +924,8 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
       stream->push_headers_alloc = 10;
       stream->push_headers = malloc(stream->push_headers_alloc *
                                     sizeof(char *));
+      if(!stream->push_headers)
+        return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
       stream->push_headers_used = 0;
     }
     else if(stream->push_headers_used ==
diff --git a/lib/nwlib.c b/lib/nwlib.c
index 215d933..7bf5f51 100644
--- a/lib/nwlib.c
+++ b/lib/nwlib.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -195,7 +195,7 @@ int GetOrSetUpData(int id, libdata_t **appData,
         if(!app_data->tenbytes || !app_data->lock) {
           if(app_data->lock)
             NXMutexFree(app_data->lock);
-
+          free(app_data->tenbytes);
           free(app_data);
           app_data = (libdata_t *) NULL;
           err      = ENOMEM;
@@ -213,6 +213,9 @@ int GetOrSetUpData(int id, libdata_t **appData,
           err = set_app_data(gLibId, app_data);
 
           if(err) {
+            if(app_data->lock)
+              NXMutexFree(app_data->lock);
+            free(app_data->tenbytes);
             free(app_data);
             app_data = (libdata_t *) NULL;
             err      = ENOMEM;
diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
index fae5a49..ab5156e 100644
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -781,6 +781,8 @@ static CURLcode _Curl_auth_create_digest_http_message(
   */
 
   hashthis = (unsigned char *) aprintf("%s:%s", request, uripath);
+  if(!hashthis)
+    return CURLE_OUT_OF_MEMORY;
 
   if(digest->qop && strcasecompare(digest->qop, "auth-int")) {
     /* We don't support auth-int for PUT or POST at the moment.
diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c
index cfc4adf..2516f56 100644
--- a/lib/vtls/schannel_verify.c
+++ b/lib/vtls/schannel_verify.c
@@ -319,6 +319,10 @@ static CURLcode verify_host(struct Curl_easy *data,
    * embedded null bytes. This appears to be undocumented behavior.
    */
   cert_hostname_buff = (LPTSTR)malloc(len * sizeof(TCHAR));
+  if(!cert_hostname_buff) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto cleanup;
+  }
   actual_len = CertGetNameString(pCertContextServer,
                                  CERT_NAME_DNS_TYPE,
                                  name_flags,
-- 
1.8.3.1
Package init 2019-09-30 10:36:29 -04:00			`From 2873971d6251b7c1eb278df1ee2b944d7c3fcdba Mon Sep 17 00:00:00 2001`
			`From: Daniel Gustafsson <daniel@yesql.se>`
			`Date: Wed, 3 Oct 2018 00:56:29 +0200`
			`Subject: [PATCH 129/557] memory: ensure to check allocation results`

			`The result of a memory allocation should always be checked, as we may`
			`run under memory pressure where even a small allocation can fail. This`
			`adds checking and error handling to a few cases where the allocation`
			`wasn't checked for success. In the ftp case, the freeing of the path`
			`variable is moved ahead of the allocation since there is little point`
			`in keeping it around across the strdup, and the separation makes for`
			`more readable code. In nwlib, the lock is aslo freed in the error path.`

			`Also bumps the copyright years on affected files.`

			`Closes #3084`
			`Reviewed-by: Jay Satiro <raysatiro@yahoo.com>`
			`Reviewed-by: Daniel Stenberg <daniel@haxx.se>`
			`---`
			`lib/ftp.c \| 4 +++-`
			`lib/http2.c \| 2 ++`
			`lib/nwlib.c \| 7 +++++--`
			`lib/vauth/digest.c \| 4 +++-`
			`lib/vtls/schannel_verify.c \| 4 ++++`
			`5 files changed, 17 insertions(+), 4 deletions(-)`

			`diff --git a/lib/ftp.c b/lib/ftp.c`
			`index a966817..793d991 100644`
			`--- a/lib/ftp.c`
			`+++ b/lib/ftp.c`
			`@@ -3213,9 +3213,11 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,`
			`ftpc->prevpath[dlen] = 0; /* terminate */`
			`}`
			`else {`
			`+ free(path);`
			`/* we never changed dir */`
			`ftpc->prevpath = strdup("");`
			`- free(path);`
			`+ if(!ftpc->prevpath)`
			`+ return CURLE_OUT_OF_MEMORY;`
			`}`
			`if(ftpc->prevpath)`
			`infof(data, "Remembering we are in dir \"%s\"\n", ftpc->prevpath);`
			`diff --git a/lib/http2.c b/lib/http2.c`
			`index 29edfba..ed47b73 100644`
			`--- a/lib/http2.c`
			`+++ b/lib/http2.c`
			`@@ -924,6 +924,8 @@ static int on_header(nghttp2_session session, const nghttp2_frame frame,`
			`stream->push_headers_alloc = 10;`
			`stream->push_headers = malloc(stream->push_headers_alloc *`
			`sizeof(char *));`
			`+ if(!stream->push_headers)`
			`+ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;`
			`stream->push_headers_used = 0;`
			`}`
			`else if(stream->push_headers_used ==`
			`diff --git a/lib/nwlib.c b/lib/nwlib.c`
			`index 215d933..7bf5f51 100644`
			`--- a/lib/nwlib.c`
			`+++ b/lib/nwlib.c`
			`@@ -5,7 +5,7 @@`
			`* \| (__\| \|_\| \| _ <\| \|___`
			`* \___\|\___/\|_\| \_\_____\|`
			`*`
			`- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.`
			`+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.`
			`*`
			`* This software is licensed as described in the file COPYING, which`
			`* you should have received as part of this distribution. The terms`
			`@@ -195,7 +195,7 @@ int GetOrSetUpData(int id, libdata_t **appData,`
			`if(!app_data->tenbytes \|\| !app_data->lock) {`
			`if(app_data->lock)`
			`NXMutexFree(app_data->lock);`
			`-`
			`+ free(app_data->tenbytes);`
			`free(app_data);`
			`app_data = (libdata_t *) NULL;`
			`err = ENOMEM;`
			`@@ -213,6 +213,9 @@ int GetOrSetUpData(int id, libdata_t **appData,`
			`err = set_app_data(gLibId, app_data);`

			`if(err) {`
			`+ if(app_data->lock)`
			`+ NXMutexFree(app_data->lock);`
			`+ free(app_data->tenbytes);`
			`free(app_data);`
			`app_data = (libdata_t *) NULL;`
			`err = ENOMEM;`
			`diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c`
			`index fae5a49..ab5156e 100644`
			`--- a/lib/vauth/digest.c`
			`+++ b/lib/vauth/digest.c`
			`@@ -5,7 +5,7 @@`
			`* \| (__\| \|_\| \| _ <\| \|___`
			`* \___\|\___/\|_\| \_\_____\|`
			`*`
			`- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.`
			`+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.`
			`*`
			`* This software is licensed as described in the file COPYING, which`
			`* you should have received as part of this distribution. The terms`
			`@@ -781,6 +781,8 @@ static CURLcode _Curl_auth_create_digest_http_message(`
			`*/`

			`hashthis = (unsigned char *) aprintf("%s:%s", request, uripath);`
			`+ if(!hashthis)`
			`+ return CURLE_OUT_OF_MEMORY;`

			`if(digest->qop && strcasecompare(digest->qop, "auth-int")) {`
			`/* We don't support auth-int for PUT or POST at the moment.`
			`diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c`
			`index cfc4adf..2516f56 100644`
			`--- a/lib/vtls/schannel_verify.c`
			`+++ b/lib/vtls/schannel_verify.c`
			`@@ -319,6 +319,10 @@ static CURLcode verify_host(struct Curl_easy *data,`
			`* embedded null bytes. This appears to be undocumented behavior.`
			`*/`
			`cert_hostname_buff = (LPTSTR)malloc(len * sizeof(TCHAR));`
			`+ if(!cert_hostname_buff) {`
			`+ result = CURLE_OUT_OF_MEMORY;`
			`+ goto cleanup;`
			`+ }`
			`actual_len = CertGetNameString(pCertContextServer,`
			`CERT_NAME_DNS_TYPE,`
			`name_flags,`
			`--`
			`1.8.3.1`