From 27ca7078e04d814a3f9a291acb9fc9395d69ae67 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Tue, 25 May 2010 06:53:48 -0700 Subject: [PATCH] Fix 2 OOM errors: a missing NULL-check in lib/http_negociate.c and a potential NULL dereferencing in lib/splay.c --- CHANGES | 3 +++ lib/http_negotiate.c | 2 ++ lib/splay.c | 8 ++++---- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index f70a58f..6013688 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,9 @@ Changelog +- Julien Chaffraix fixed 2 OOM errors: a missing NULL-check in + lib/http_negociate.c and a potential NULL dereferencing in lib/splay.c + Daniel Stenberg (25 May 2010) - Howard Chu brought a patch that makes the LDAP code much cleaner, nicer and in general being a better libcurl citizen. If a new enough OpenLDAP version diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 956f734..d51d456 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -308,6 +308,8 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) free(neg_ctx->output_token.value); responseToken = NULL; neg_ctx->output_token.value = malloc(spnegoTokenLength); + if(neg_ctx->output_token.value == NULL) + return CURLE_OUT_OF_MEMORY; memcpy(neg_ctx->output_token.value, spnegoToken,spnegoTokenLength); neg_ctx->output_token.length = spnegoTokenLength; free(spnegoToken); diff --git a/lib/splay.c b/lib/splay.c index db3dbea..dcc42cf 100644 --- a/lib/splay.c +++ b/lib/splay.c @@ -394,6 +394,10 @@ int main(int argc, argv_item_t argv[]) for (i = 0; i < MAX; i++) { struct timeval key; ptrs[i] = t = malloc(sizeof(struct Curl_tree)); + if(!t) { + puts("out of memory!"); + return 0; + } key.tv_sec = 0; #ifdef TEST2 @@ -405,10 +409,6 @@ int main(int argc, argv_item_t argv[]) #endif t->payload = (void *)key.tv_usec; /* for simplicity */ - if(!t) { - puts("out of memory!"); - return 0; - } root = Curl_splayinsert(key, root, t); } -- 1.7.0.4