From 41c5803d0fa6408ed75dfa7169955ae9891bba2b Mon Sep 17 00:00:00 2001 From: Andy Green Date: Sat, 12 Jan 2013 13:21:08 +0800 Subject: [PATCH] audit and make all malloc check for OOM Signed-off-by: Andy Green --- lib/client-handshake.c | 2 +- lib/extension-x-google-mux.c | 4 ++++ lib/handshake.c | 6 ++++++ lib/libwebsockets.c | 35 +++++++++++++++++++++++++++++------ lib/parsers.c | 16 ++++++++++++++++ 5 files changed, 56 insertions(+), 7 deletions(-) diff --git a/lib/client-handshake.c b/lib/client-handshake.c index 15c4b13..bcc4edb 100644 --- a/lib/client-handshake.c +++ b/lib/client-handshake.c @@ -246,9 +246,9 @@ libwebsocket_client_connect(struct libwebsocket_context *context, if (origin) { wsi->c_origin = (char *)malloc(strlen(origin) + 1); - strcpy(wsi->c_origin, origin); if (wsi->c_origin == NULL) goto oom2; + strcpy(wsi->c_origin, origin); } else wsi->c_origin = NULL; diff --git a/lib/extension-x-google-mux.c b/lib/extension-x-google-mux.c index 2be0d80..5e5c72e 100644 --- a/lib/extension-x-google-mux.c +++ b/lib/extension-x-google-mux.c @@ -632,6 +632,10 @@ int lws_extension_callback_x_google_mux( ext->per_context_private_data = malloc( sizeof (struct lws_ext_x_google_mux_context)); + if (ext->per_context_private_data == NULL) { + lwsl_err("Out of memory\n"); + return -1; + } mux_ctx = (struct lws_ext_x_google_mux_context *) ext->per_context_private_data; mux_ctx->active_conns = 0; diff --git a/lib/handshake.c b/lib/handshake.c index a34d032..98eec31 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -409,6 +409,12 @@ handshake_0405(struct libwebsocket_context *context, struct libwebsocket *wsi) wsi->active_extensions_user[ wsi->count_active_extensions] = malloc(ext->per_session_data_size); + if (wsi->active_extensions_user[ + wsi->count_active_extensions] == NULL) { + lwsl_err("Out of mem\n"); + free(response); + goto bail; + } memset(wsi->active_extensions_user[ wsi->count_active_extensions], 0, ext->per_session_data_size); diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c index 7848761..b36a9b2 100644 --- a/lib/libwebsockets.c +++ b/lib/libwebsockets.c @@ -1336,6 +1336,11 @@ check_extensions: wsi->active_extensions_user[ wsi->count_active_extensions] = malloc(ext->per_session_data_size); + if (wsi->active_extensions_user[ + wsi->count_active_extensions] == NULL) { + lwsl_err("Out of mem\n"); + goto bail2; + } memset(wsi->active_extensions_user[ wsi->count_active_extensions], 0, ext->per_session_data_size); @@ -1692,17 +1697,16 @@ libwebsocket_service_fd(struct libwebsocket_context *context, if (context->fds_count >= MAX_CLIENTS) { lwsl_err("too busy to accept new broadcast " "proxy client\n"); -#ifdef WIN32 - closesocket(accept_fd); -#else - close(accept_fd); -#endif - break; + goto bail_prox_listener; } /* create a dummy wsi for the connection and add it */ new_wsi = (struct libwebsocket *)malloc(sizeof(struct libwebsocket)); + if (new_wsi == NULL) { + lwsl_err("Out of mem\n"); + goto bail_prox_listener; + } memset(new_wsi, 0, sizeof (struct libwebsocket)); new_wsi->sock = accept_fd; new_wsi->mode = LWS_CONNMODE_BROADCAST_PROXY; @@ -1726,6 +1730,14 @@ libwebsocket_service_fd(struct libwebsocket_context *context, break; +bail_prox_listener: +#ifdef WIN32 + closesocket(accept_fd); +#else + close(accept_fd); +#endif + break; + case LWS_CONNMODE_BROADCAST_PROXY: /* handle session socket closed */ @@ -2915,10 +2927,16 @@ libwebsocket_create_context(int port, const char *interf, if (n < 0) { lwsl_err("ERROR on binding to port %d (%d %d)\n", port, n, errno); + close(sockfd); return NULL; } wsi = (struct libwebsocket *)malloc(sizeof(struct libwebsocket)); + if (wsi == NULL) { + lwsl_err("Out of mem\n"); + close(sockfd); + return NULL; + } memset(wsi, 0, sizeof (struct libwebsocket)); wsi->sock = sockfd; wsi->count_active_extensions = 0; @@ -3007,6 +3025,11 @@ libwebsocket_create_context(int port, const char *interf, /* dummy wsi per broadcast proxy socket */ wsi = (struct libwebsocket *)malloc(sizeof(struct libwebsocket)); + if (wsi == NULL) { + lwsl_err("Out of mem\n"); + close(fd); + return NULL; + } memset(wsi, 0, sizeof (struct libwebsocket)); wsi->sock = fd; wsi->mode = LWS_CONNMODE_BROADCAST_PROXY_LISTENER; diff --git a/lib/parsers.c b/lib/parsers.c index 04173d7..1baeb34 100644 --- a/lib/parsers.c +++ b/lib/parsers.c @@ -108,6 +108,10 @@ int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c) wsi->utf8_token[wsi->parser_state].token = (char *) realloc(wsi->utf8_token[wsi->parser_state].token, wsi->current_alloc_len); + if (wsi->utf8_token[wsi->parser_state].token == NULL) { + lwsl_err("Out of mem\n"); + return -1; + } } /* bail at EOL */ @@ -166,6 +170,10 @@ int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c) wsi->utf8_token[wsi->parser_state].token = (char *) malloc(wsi->current_alloc_len); + if (wsi->utf8_token[wsi->parser_state].token == NULL) { + lwsl_err("Out of mem\n"); + return -1; + } wsi->utf8_token[wsi->parser_state].token_len = 0; break; @@ -206,6 +214,10 @@ int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c) wsi->current_alloc_len = LWS_INITIAL_HDR_ALLOC; wsi->utf8_token[wsi->parser_state].token = (char *) malloc(wsi->current_alloc_len); + if (wsi->utf8_token[wsi->parser_state].token == NULL) { + lwsl_err("Out of mem\n"); + return -1; + } wsi->utf8_token[wsi->parser_state].token_len = 0; } @@ -227,6 +239,10 @@ int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c) wsi->current_alloc_len = LWS_INITIAL_HDR_ALLOC; wsi->utf8_token[WSI_TOKEN_GET_URI].token = (char *)malloc(wsi->current_alloc_len); + if (wsi->utf8_token[WSI_TOKEN_GET_URI].token == NULL) { + lwsl_err("Out of mem\n"); + return -1; + } break; } } -- 2.7.4