Check return value from asprintf()

author David Woodhouse <David.Woodhouse@intel.com>

Tue, 5 Jan 2010 12:53:35 +0000 (12:53 +0000)

committer David Woodhouse <David.Woodhouse@intel.com>

Tue, 5 Jan 2010 12:53:35 +0000 (12:53 +0000)
author David Woodhouse <David.Woodhouse@intel.com>
Tue, 5 Jan 2010 12:53:35 +0000 (12:53 +0000)
committer David Woodhouse <David.Woodhouse@intel.com>
Tue, 5 Jan 2010 12:53:35 +0000 (12:53 +0000)
diff --git a/http.c b/http.c

index a42e11a..52277ea 100644 (file)
--- a/http.c
+++ b/http.c
@@ -373,7 +373,11 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
                                 exit(1);
                         }
                         setenv("HOME", pw->pw_dir, 1);
-                       chdir(pw->pw_dir);
+                       if (chdir(pw->pw_dir)) {
+                               fprintf(stderr, "Failed to change to CSD home directory '%s': %s\n",
+                                       pw->pw_dir, strerror(errno));
+                               exit(1);
+                       }
                 }
                 if (vpninfo->uid_csd == 0) {
                         fprintf(stderr, "Warning: you are running insecure "
@@ -383,11 +387,14 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
  
                 csd_argv[i++] = fname;
                 csd_argv[i++] = "-ticket";
-               asprintf(&csd_argv[i++], "\"%s\"", vpninfo->csd_ticket);
+               if (asprintf(&csd_argv[i++], "\"%s\"", vpninfo->csd_ticket) == -1)
+                       return -ENOMEM;
                 csd_argv[i++] = "-stub";
                 csd_argv[i++] = "\"0\"";
                 csd_argv[i++] = "-group";
-               asprintf(&csd_argv[i++], "\"%s\"", vpninfo->authgroup?:"");
+               if (asprintf(&csd_argv[i++], "\"%s\"", vpninfo->authgroup?:"") == -1)
+                       return -ENOMEM;
+
                 get_cert_md5_fingerprint(vpninfo, scert, scertbuf);
                 if (ccert)
                         get_cert_md5_fingerprint(vpninfo, ccert, ccertbuf);
@@ -395,16 +402,20 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
                         ccertbuf[0] = 0;
  
                 csd_argv[i++] = "-certhash";
-               asprintf(&csd_argv[i++], "\"%s:%s\"", scertbuf, ccertbuf);
+               if (asprintf(&csd_argv[i++], "\"%s:%s\"", scertbuf, ccertbuf) == -1)
+                       return -ENOMEM;
                 csd_argv[i++] = "-url";
-               asprintf(&csd_argv[i++], "\"https://%s%s\"", vpninfo->hostname, vpninfo->csd_starturl);
+               if (asprintf(&csd_argv[i++], "\"https://%s%s\"", vpninfo->hostname, vpninfo->csd_starturl) == -1)
+                       return -ENOMEM;
                 /* WTF would it want to know this for? */
                 csd_argv[i++] = "-vpnclient";
                 csd_argv[i++] = "\"/opt/cisco/vpn/bin/vpnui";
                 csd_argv[i++] = "-connect";
-               asprintf(&csd_argv[i++], "https://%s/%s", vpninfo->hostname, vpninfo->csd_preurl);
+               if (asprintf(&csd_argv[i++], "https://%s/%s", vpninfo->hostname, vpninfo->csd_preurl) == -1)
+                       return -ENOMEM;
                 csd_argv[i++] = "-connectparam";
-               asprintf(&csd_argv[i++], "#csdtoken=%s\"", vpninfo->csd_token);
+               if (asprintf(&csd_argv[i++], "#csdtoken=%s\"", vpninfo->csd_token) == -1)
+                       return -ENOMEM;
                 csd_argv[i++] = "-langselen";
                 csd_argv[i++] = NULL;
  
diff --git a/ssl.c b/ssl.c

index f95f99c..6d85c73 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -522,11 +522,13 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
                         vpninfo->proxy = NULL;
  
                         if (vpninfo->port == 443)
-                               asprintf(&url, "https://%s/%s", vpninfo->hostname,
-                                        vpninfo->urlpath?:"");
+                               i = asprintf(&url, "https://%s/%s", vpninfo->hostname,
+                                            vpninfo->urlpath?:"");
                         else
-                               asprintf(&url, "https://%s:%d/%s", vpninfo->hostname,
-                                        vpninfo->port, vpninfo->urlpath?:"");
+                               i = asprintf(&url, "https://%s:%d/%s", vpninfo->hostname,
+                                            vpninfo->port, vpninfo->urlpath?:"");
+                       if (i == -1)
+                               return -ENOMEM;
  
                         proxies = px_proxy_factory_get_proxies(vpninfo->proxy_factory,
                                                                url);
author	David Woodhouse <David.Woodhouse@intel.com>
	Tue, 5 Jan 2010 12:53:35 +0000 (12:53 +0000)
committer	David Woodhouse <David.Woodhouse@intel.com>
	Tue, 5 Jan 2010 12:53:35 +0000 (12:53 +0000)