[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-dev
Subject: [ossec-dev] Fwd: Missing Sanity Checks/Null Pointer Dereference (CWE-476)/Memory Leaks in rootcheck
From: Bill Parker <wp02855 () gmail ! com>
Date: 2016-02-26 22:47:34
Message-ID: CAFrbyQxJAEyMq_mLXQvohLWWaMJ=8XL7gDheUJk7m59igwcxGA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
---------- Forwarded message ----------
From: ossec@trendmicro.com <ossec@trendmicro.com>
Date: Fri, Feb 26, 2016 at 2:45 PM
Subject: Re: Missing Sanity Checks/Null Pointer Dereference
(CWE-476)/Memory Leaks in rootcheck
To: Bill Parker <wp02855@gmail.com>
Bill,
Thank you for your effort.
The OSSEC development team has moved all development to GitHub. Please
submit Pull Requests to https://github.com/ossec/ossec-hids.
Alternatively, you send send send your patch to
ossec-dev@googlegroups.com where
the OSSEC dev team is monitoring.
Thank you very much!
JB Cheng
From: Bill Parker <wp02855@gmail.com>
Date: Friday, February 26, 2016 at 1:59 PM
To: Vic Hargrave <ossecproject@gmail.com>, "Jia-Bing (JB) Cheng" <
ossec@trendmicro.com>
Subject: Missing Sanity Checks/Null Pointer Dereference (CWE-476)/Memory
Leaks in rootcheck
Hello All,
In reviewing calls to malloc() in the latest version of rootcheck, I found
numerous instances where return values for malloc are not checked for a
value
of NULL, indicating failure. Additionally, calls to memset() and strncpy()
are made immediately afterwards, but if the return value from malloc() is
NULL, these calls will result in a segmentation violation/fault.
Additionally, previously allocated memory is also not released in the
event that malloc() fails.
The three patch files below should address/correct these issues:
--- GeoIP.c.orig 2016-02-26 12:39:26.334682615 -0800
+++ GeoIP.c 2016-02-26 12:43:29.717615334 -0800
@@ -775,6 +775,8 @@
{
if (NULL == GeoIPDBFileName) {
GeoIPDBFileName = malloc(sizeof(char *) * NUM_DB_TYPES);
+ if (GeoIPDBFileName == NULL)
+ return;
memset(GeoIPDBFileName, 0, sizeof(char *) * NUM_DB_TYPES);
GeoIPDBFileName[GEOIP_COUNTRY_EDITION] = _GeoIP_full_path_to(
@@ -2387,6 +2389,9 @@
} else {
len = sizeof(char) * (strlen(buf) + 1);
org_buf = malloc(len);
+ if (org_buf == NULL) {
+ return NULL;
+ }
strncpy(org_buf, buf, len);
}
} else {
@@ -2396,6 +2401,9 @@
} else {
len = sizeof(char) * (strlen(buf_pointer) + 1);
org_buf = malloc(len);
+ if (org_buf == NULL) {
+ return NULL;
+ }
strncpy(org_buf, buf_pointer, len);
}
}
@@ -2447,6 +2455,9 @@
} else {
len = sizeof(char) * (strlen(buf) + 1);
org_buf = malloc(len);
+ if (org_buf == NULL) {
+ return NULL;
+ }
strncpy(org_buf, buf, len);
}
} else {
@@ -2456,6 +2467,9 @@
} else {
len = sizeof(char) * (strlen(buf_pointer) + 1);
org_buf = malloc(len);
+ if (org_buf == NULL) {
+ return NULL;
+ }
strncpy(org_buf, buf_pointer, len);
}
}
@@ -2470,6 +2484,9 @@
int num_chars_written, i;
ret_str = malloc(sizeof(char) * 16);
+ if (ret_str == NULL) {
+ return NULL;
+ }
cur_str = ret_str;
for (i = 0; i < 4; i++) {
@@ -2506,6 +2523,9 @@
}
ret = malloc(sizeof(char *) * 2);
+ if (ret == NULL) {
+ return NULL;
+ }
ipnum = GeoIP_addr_to_num(addr);
target_value = _GeoIP_seek_record_gl(gi, ipnum, gl);
=======================================================================
--- GeoIPCity.c.orig 2016-02-26 12:32:11.939473218 -0800
+++ GeoIPCity.c 2016-02-26 12:38:16.486805309 -0800
@@ -77,6 +77,9 @@
}
record = malloc(sizeof(GeoIPRecord));
+ if (record == NULL) {
+ return NULL;
+ }
memset(record, 0, sizeof(GeoIPRecord));
record->charset = gi->charset;
@@ -86,6 +89,10 @@
if (gi->cache == NULL) {
begin_record_buf = record_buf = malloc(
sizeof(unsigned char) * FULL_RECORD_LENGTH);
+ if (record_buf == NULL) {
+ free(record);
+ return NULL;
+ }
bytes_read = pread(fileno(
gi->GeoIPDatabase), record_buf,
FULL_RECORD_LENGTH, record_pointer);
@@ -117,6 +124,11 @@
}
if (str_length > 0) {
record->region = malloc(str_length + 1);
+ if (record->region == NULL) {
+ free(record_buf);
+ free(record);
+ return NULL;
+ }
strncpy(record->region, (char *)record_buf, str_length + 1);
}
record_buf += str_length + 1;
@@ -131,6 +143,12 @@
record->city = _GeoIP_iso_8859_1__utf8((const char
*)record_buf);
}else {
record->city = malloc(str_length + 1);
+ if (record->city == NULL) {
+ free(record->region);
+ free(record->buf);
+ free(record);
+ return NULL;
+ }
strncpy(record->city, (const char *)record_buf, str_length +
1);
}
}
@@ -143,6 +161,13 @@
}
if (str_length > 0) {
record->postal_code = malloc(str_length + 1);
+ if (record->postal_code == NULL) {
+ free(record->city);
+ free(record->region);
+ free(record->buf);
+ free(record);
+ return NULL;
+ }
strncpy(record->postal_code, (char *)record_buf, str_length + 1);
}
record_buf += (str_length + 1);
=======================================================================
--- lists_list.c.orig 2016-02-26 12:29:22.196899810 -0800
+++ lists_list.c 2016-02-26 12:30:14.805586103 -0800
@@ -209,6 +209,8 @@
vpos = cdb_datapos(&lrule->db->cdb);
vlen = cdb_datalen(&lrule->db->cdb);
val = malloc(vlen);
+ if (val == NULL)
+ return 0;
cdb_read(&lrule->db->cdb, val, vlen, vpos);
result = OSMatch_Execute(val, vlen, lrule->matcher);
free(val);
=======================================================================
I am attaching the patch files to this bug report...
Bill Parker (wp02855 at gmail dot com)
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
--
---
You received this message because you are subscribed to the Google Groups "ossec-dev" \
group. To unsubscribe from this group and stop receiving emails from it, send an \
email to ossec-dev+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.
[Attachment #5 (text/html)]
<div dir="ltr"><br><div class="gmail_quote">---------- Forwarded message \
----------<br>From: <b class="gmail_sendername"><a \
href="mailto:ossec@trendmicro.com">ossec@trendmicro.com</a></b> <span \
dir="ltr"><<a href="mailto:ossec@trendmicro.com">ossec@trendmicro.com</a>></span><br>Date: \
Fri, Feb 26, 2016 at 2:45 PM<br>Subject: Re: Missing Sanity Checks/Null Pointer \
Dereference (CWE-476)/Memory Leaks in rootcheck<br>To: Bill Parker <<a \
href="mailto:wp02855@gmail.com">wp02855@gmail.com</a>><br><br><br>
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">
<div>Bill,</div>
<div><br>
</div>
<div>Thank you for your effort. </div>
<div><br>
</div>
<div>
<div>The OSSEC development team has moved all development to GitHub. Please submit \
Pull Requests to <a href="https://github.com/ossec/ossec-hids" \
target="_blank">https://github.com/ossec/ossec-hids</a>.</div> </div>
<div>Alternatively, you send send send your patch to <span \
style="font-weight:700;color:rgb(51,51,51);font-family:'Helvetica \
Neue',Helvetica,Arial,sans-serif;line-height:20px;background-color:rgb(255,255,255)"><a \
href="mailto:ossec-dev@googlegroups.com" \
target="_blank">ossec-dev@googlegroups.com</a> </span>where the OSSEC dev team is \
monitoring. </div> <div><br>
</div>
<div>Thank you very much!</div>
<div>JB Cheng</div>
<span>
<div style="font-family:Calibri;font-size:11pt;text-align:left;color:black;BORDER-BOTTOM:medium \
none;BORDER-LEFT:medium \
none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;BORDER-TOP:#b5c4df 1pt \
solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt"> <span style="font-weight:bold">From: \
</span>Bill Parker <<a href="mailto:wp02855@gmail.com" \
target="_blank">wp02855@gmail.com</a>><br> <span style="font-weight:bold">Date: \
</span>Friday, February 26, 2016 at 1:59 PM<br> <span style="font-weight:bold">To: \
</span>Vic Hargrave <<a href="mailto:ossecproject@gmail.com" \
target="_blank">ossecproject@gmail.com</a>>, "Jia-Bing (JB) Cheng" \
<<a href="mailto:ossec@trendmicro.com" \
target="_blank">ossec@trendmicro.com</a>><br> <span \
style="font-weight:bold">Subject: </span>Missing Sanity Checks/Null Pointer \
Dereference (CWE-476)/Memory Leaks in rootcheck<br> </div><div><div class="h5">
<div><br>
</div>
<div>
<div>
<div dir="ltr">
<div>Hello All,</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"></span>In reviewing calls to malloc() in the \
latest version of rootcheck, I found</div> <div>numerous instances where return \
values for malloc are not checked for a value</div> <div>of NULL, indicating failure. \
Additionally, calls to memset() and strncpy()</div> <div>are made immediately \
afterwards, but if the return value from malloc() is</div> <div>NULL, these calls \
will result in a segmentation violation/fault.</div> <div><br>
</div>
<div>Additionally, previously allocated memory is also not released in the</div>
<div>event that malloc() fails.</div>
<div><br>
</div>
<div>The three patch files below should address/correct these issues:</div>
<div><br>
</div>
<div>--- GeoIP.c.orig<span style="white-space:pre-wrap"> </span>2016-02-26 \
12:39:26.334682615 -0800</div> <div>+++ GeoIP.c<span style="white-space:pre-wrap"> \
</span>2016-02-26 12:43:29.717615334 -0800</div> <div>@@ -775,6 +775,8 @@</div>
<div> {</div>
<div> if (NULL == GeoIPDBFileName) {</div>
<div> GeoIPDBFileName = malloc(sizeof(char *) * NUM_DB_TYPES);</div>
<div>+<span style="white-space:pre-wrap"> </span>if (GeoIPDBFileName == NULL)</div>
<div>+<span style="white-space:pre-wrap"> </span> return;</div>
<div> memset(GeoIPDBFileName, 0, sizeof(char *) * NUM_DB_TYPES);</div>
<div> </div>
<div> GeoIPDBFileName[GEOIP_COUNTRY_EDITION] = \
_GeoIP_full_path_to(</div> <div>@@ -2387,6 +2389,9 @@</div>
<div> } else {</div>
<div> len = sizeof(char) * (strlen(buf) + 1);</div>
<div> org_buf = malloc(len);</div>
<div>+<span style="white-space:pre-wrap"> </span> if (org_buf == NULL) {</div>
<div>+<span style="white-space:pre-wrap"> </span>return NULL;</div>
<div>+<span style="white-space:pre-wrap"> </span> }</div>
<div> strncpy(org_buf, buf, len);</div>
<div> }</div>
<div> } else {</div>
<div>@@ -2396,6 +2401,9 @@</div>
<div> } else {</div>
<div> len = sizeof(char) * (strlen(buf_pointer) + 1);</div>
<div> org_buf = malloc(len);</div>
<div>+<span style="white-space:pre-wrap"> </span> if (org_buf == NULL) {</div>
<div>+<span style="white-space:pre-wrap"> </span>return NULL;</div>
<div>+<span style="white-space:pre-wrap"> </span> }</div>
<div> strncpy(org_buf, buf_pointer, len);</div>
<div> }</div>
<div> }</div>
<div>@@ -2447,6 +2455,9 @@</div>
<div> } else {</div>
<div> len = sizeof(char) * (strlen(buf) + 1);</div>
<div> org_buf = malloc(len);</div>
<div>+<span style="white-space:pre-wrap"> </span> if (org_buf == NULL) {</div>
<div>+<span style="white-space:pre-wrap"> </span>return NULL;</div>
<div>+<span style="white-space:pre-wrap"> </span> }</div>
<div> strncpy(org_buf, buf, len);</div>
<div> }</div>
<div> } else {</div>
<div>@@ -2456,6 +2467,9 @@</div>
<div> } else {</div>
<div> len = sizeof(char) * (strlen(buf_pointer) + 1);</div>
<div> org_buf = malloc(len);</div>
<div>+<span style="white-space:pre-wrap"> </span> if (org_buf == NULL) {</div>
<div>+<span style="white-space:pre-wrap"> </span>return NULL;</div>
<div>+<span style="white-space:pre-wrap"> </span> }</div>
<div> strncpy(org_buf, buf_pointer, len);</div>
<div> }</div>
<div> }</div>
<div>@@ -2470,6 +2484,9 @@</div>
<div> int num_chars_written, i;</div>
<div> </div>
<div> ret_str = malloc(sizeof(char) * 16);</div>
<div>+ if (ret_str == NULL) {</div>
<div>+<span style="white-space:pre-wrap"> </span>return NULL;</div>
<div>+ }</div>
<div> cur_str = ret_str;</div>
<div> </div>
<div> for (i = 0; i < 4; i++) {</div>
<div>@@ -2506,6 +2523,9 @@</div>
<div> }</div>
<div> </div>
<div> ret = malloc(sizeof(char *) * 2);</div>
<div>+ if (ret == NULL) {</div>
<div>+<span style="white-space:pre-wrap"> </span>return NULL;</div>
<div>+ }</div>
<div> </div>
<div> ipnum = GeoIP_addr_to_num(addr);</div>
<div> target_value = _GeoIP_seek_record_gl(gi, ipnum, gl);</div>
<div><br>
</div>
<div>=======================================================================</div>
<div><br>
</div>
<div>--- GeoIPCity.c.orig<span style="white-space:pre-wrap"> </span>2016-02-26 \
12:32:11.939473218 -0800</div> <div>+++ GeoIPCity.c<span \
style="white-space:pre-wrap"> </span>2016-02-26 12:38:16.486805309 -0800</div> \
<div>@@ -77,6 +77,9 @@</div> <div> }</div>
<div> </div>
<div> record = malloc(sizeof(GeoIPRecord));</div>
<div>+ if (record == NULL) {</div>
<div>+<span style="white-space:pre-wrap"> </span>return NULL;</div>
<div>+ }</div>
<div> memset(record, 0, sizeof(GeoIPRecord));</div>
<div> record->charset = gi->charset;</div>
<div> </div>
<div>@@ -86,6 +89,10 @@</div>
<div> if (gi->cache == NULL) {</div>
<div> begin_record_buf = record_buf = malloc(</div>
<div> sizeof(unsigned char) * \
FULL_RECORD_LENGTH);</div> <div>+<span style="white-space:pre-wrap"> </span>if \
(record_buf == NULL) {</div> <div>+<span style="white-space:pre-wrap"> </span> \
free(record);</div> <div>+<span style="white-space:pre-wrap"> </span> return \
NULL;</div> <div>+<span style="white-space:pre-wrap"> </span>}</div>
<div> bytes_read = pread(fileno(</div>
<div> gi->GeoIPDatabase), \
record_buf,</div> <div> FULL_RECORD_LENGTH, \
record_pointer);</div> <div>@@ -117,6 +124,11 @@</div>
<div> }</div>
<div> if (str_length > 0) {</div>
<div> record->region = malloc(str_length + 1);</div>
<div>+<span style="white-space:pre-wrap"> </span>if (record->region == NULL) \
{</div> <div>+<span style="white-space:pre-wrap"> </span> free(record_buf);</div>
<div>+<span style="white-space:pre-wrap"> </span> free(record);</div>
<div>+<span style="white-space:pre-wrap"> </span> return NULL;</div>
<div>+<span style="white-space:pre-wrap"> </span>}</div>
<div> strncpy(record->region, (char *)record_buf, str_length + \
1);</div> <div> }</div>
<div> record_buf += str_length + 1;</div>
<div>@@ -131,6 +143,12 @@</div>
<div> record->city = _GeoIP_iso_8859_1__utf8((const char \
*)record_buf);</div> <div> }else {</div>
<div> record->city = malloc(str_length + 1);</div>
<div>+<span style="white-space:pre-wrap"> </span> if (record->city == NULL) \
{</div> <div>+<span style="white-space:pre-wrap"> \
</span>free(record->region);</div> <div>+<span style="white-space:pre-wrap"> \
</span>free(record->buf);</div> <div>+<span style="white-space:pre-wrap"> \
</span>free(record);</div> <div>+<span style="white-space:pre-wrap"> </span>return \
NULL;</div> <div>+<span style="white-space:pre-wrap"> </span> }</div>
<div> strncpy(record->city, (const char *)record_buf, \
str_length + 1);</div> <div> }</div>
<div> }</div>
<div>@@ -143,6 +161,13 @@</div>
<div> }</div>
<div> if (str_length > 0) {</div>
<div> record->postal_code = malloc(str_length + 1);</div>
<div>+<span style="white-space:pre-wrap"> </span>if (record->postal_code == NULL) \
{</div> <div>+<span style="white-space:pre-wrap"> </span> \
free(record->city);</div> <div>+<span style="white-space:pre-wrap"> </span> \
free(record->region);</div> <div>+<span style="white-space:pre-wrap"> </span> \
free(record->buf);</div> <div>+<span style="white-space:pre-wrap"> </span> \
free(record);</div> <div>+<span style="white-space:pre-wrap"> </span> return \
NULL;</div> <div>+<span style="white-space:pre-wrap"> </span>}</div>
<div> strncpy(record->postal_code, (char *)record_buf, str_length + \
1);</div> <div> }</div>
<div> record_buf += (str_length + 1);</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"></span> </div>
<div>=======================================================================</div>
<div><br>
</div>
<div>--- lists_list.c.orig<span style="white-space:pre-wrap"> </span>2016-02-26 \
12:29:22.196899810 -0800</div> <div>+++ lists_list.c<span \
style="white-space:pre-wrap"> </span>2016-02-26 12:30:14.805586103 -0800</div> \
<div>@@ -209,6 +209,8 @@</div> <div> vpos = \
cdb_datapos(&lrule->db->cdb);</div> <div> vlen = \
cdb_datalen(&lrule->db->cdb);</div> <div> val = \
malloc(vlen);</div> <div>+<span style="white-space:pre-wrap"> </span> if (val == \
NULL)</div> <div>+<span style="white-space:pre-wrap"> </span>return 0;</div>
<div> cdb_read(&lrule->db->cdb, val, vlen, vpos);</div>
<div> result = OSMatch_Execute(val, vlen, \
lrule->matcher);</div> <div> free(val);</div>
<div><br>
</div>
<div>=======================================================================</div>
<div><br>
</div>
<div>I am attaching the patch files to this bug report...</div>
<div><br>
</div>
<div>Bill Parker (wp02855 at gmail dot com)</div>
</div>
</div>
</div>
</div></div></span>
</div>
<table><tbody><tr><td bgcolor="#ffffff"><font \
color="#000000"><pre><table><tbody><tr><td><pre>TREND MICRO EMAIL NOTICE The \
information contained in this email and any attachments is confidential and may be \
subject to copyright or other intellectual property protection. If you are not the \
intended recipient, you are not authorized to use or disclose this information, and \
we request that you notify us by reply mail or telephone and delete the original \
message from your mail system. \
</pre></td></tr></tbody></table></pre></font></td></tr></tbody></table> \
</div><br></div>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups \
"ossec-dev" group.<br /> To unsubscribe from this group and stop receiving \
emails from it, send an email to <a \
href="mailto:ossec-dev+unsubscribe@googlegroups.com">ossec-dev+unsubscribe@googlegroups.com</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/d/optout">https://groups.google.com/d/optout</a>.<br \
/>
--047d7b417e63cb1942052cb4158d--
["lists_list.c.patch" (application/octet-stream)]
--- lists_list.c.orig 2016-02-26 12:29:22.196899810 -0800
+++ lists_list.c 2016-02-26 12:30:14.805586103 -0800
@@ -209,6 +209,8 @@
vpos = cdb_datapos(&lrule->db->cdb);
vlen = cdb_datalen(&lrule->db->cdb);
val = malloc(vlen);
+ if (val == NULL)
+ return 0;
cdb_read(&lrule->db->cdb, val, vlen, vpos);
result = OSMatch_Execute(val, vlen, lrule->matcher);
free(val);
["GeoIP.c.patch" (application/octet-stream)]
--- GeoIP.c.orig 2016-02-26 12:39:26.334682615 -0800
+++ GeoIP.c 2016-02-26 12:43:29.717615334 -0800
@@ -775,6 +775,8 @@
{
if (NULL == GeoIPDBFileName) {
GeoIPDBFileName = malloc(sizeof(char *) * NUM_DB_TYPES);
+ if (GeoIPDBFileName == NULL)
+ return;
memset(GeoIPDBFileName, 0, sizeof(char *) * NUM_DB_TYPES);
GeoIPDBFileName[GEOIP_COUNTRY_EDITION] = _GeoIP_full_path_to(
@@ -2387,6 +2389,9 @@
} else {
len = sizeof(char) * (strlen(buf) + 1);
org_buf = malloc(len);
+ if (org_buf == NULL) {
+ return NULL;
+ }
strncpy(org_buf, buf, len);
}
} else {
@@ -2396,6 +2401,9 @@
} else {
len = sizeof(char) * (strlen(buf_pointer) + 1);
org_buf = malloc(len);
+ if (org_buf == NULL) {
+ return NULL;
+ }
strncpy(org_buf, buf_pointer, len);
}
}
@@ -2447,6 +2455,9 @@
} else {
len = sizeof(char) * (strlen(buf) + 1);
org_buf = malloc(len);
+ if (org_buf == NULL) {
+ return NULL;
+ }
strncpy(org_buf, buf, len);
}
} else {
@@ -2456,6 +2467,9 @@
} else {
len = sizeof(char) * (strlen(buf_pointer) + 1);
org_buf = malloc(len);
+ if (org_buf == NULL) {
+ return NULL;
+ }
strncpy(org_buf, buf_pointer, len);
}
}
@@ -2470,6 +2484,9 @@
int num_chars_written, i;
ret_str = malloc(sizeof(char) * 16);
+ if (ret_str == NULL) {
+ return NULL;
+ }
cur_str = ret_str;
for (i = 0; i < 4; i++) {
@@ -2506,6 +2523,9 @@
}
ret = malloc(sizeof(char *) * 2);
+ if (ret == NULL) {
+ return NULL;
+ }
ipnum = GeoIP_addr_to_num(addr);
target_value = _GeoIP_seek_record_gl(gi, ipnum, gl);
["GeoIPCity.c.patch" (application/octet-stream)]
--- GeoIPCity.c.orig 2016-02-26 12:32:11.939473218 -0800
+++ GeoIPCity.c 2016-02-26 12:38:16.486805309 -0800
@@ -77,6 +77,9 @@
}
record = malloc(sizeof(GeoIPRecord));
+ if (record == NULL) {
+ return NULL;
+ }
memset(record, 0, sizeof(GeoIPRecord));
record->charset = gi->charset;
@@ -86,6 +89,10 @@
if (gi->cache == NULL) {
begin_record_buf = record_buf = malloc(
sizeof(unsigned char) * FULL_RECORD_LENGTH);
+ if (record_buf == NULL) {
+ free(record);
+ return NULL;
+ }
bytes_read = pread(fileno(
gi->GeoIPDatabase), record_buf,
FULL_RECORD_LENGTH, record_pointer);
@@ -117,6 +124,11 @@
}
if (str_length > 0) {
record->region = malloc(str_length + 1);
+ if (record->region == NULL) {
+ free(record_buf);
+ free(record);
+ return NULL;
+ }
strncpy(record->region, (char *)record_buf, str_length + 1);
}
record_buf += str_length + 1;
@@ -131,6 +143,12 @@
record->city = _GeoIP_iso_8859_1__utf8((const char *)record_buf);
}else {
record->city = malloc(str_length + 1);
+ if (record->city == NULL) {
+ free(record->region);
+ free(record->buf);
+ free(record);
+ return NULL;
+ }
strncpy(record->city, (const char *)record_buf, str_length + 1);
}
}
@@ -143,6 +161,13 @@
}
if (str_length > 0) {
record->postal_code = malloc(str_length + 1);
+ if (record->postal_code == NULL) {
+ free(record->city);
+ free(record->region);
+ free(record->buf);
+ free(record);
+ return NULL;
+ }
strncpy(record->postal_code, (char *)record_buf, str_length + 1);
}
record_buf += (str_length + 1);
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic