From a90bc78b266ee8945b8e289e94f2f7503b18c3e1 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 4 Jan 2018 22:42:55 +0100 Subject: [PATCH] avoid freeing uninit ptr on error path --- src/dns/dnsparser.c | 28 +++++++++++++++++++++------ src/gns/gnunet-service-gns_resolver.c | 23 ++++++++++++++-------- 2 files changed, 37 insertions(+), 14 deletions(-) diff --git a/src/dns/dnsparser.c b/src/dns/dnsparser.c index 30d9245ff..1fe6f595f 100644 --- a/src/dns/dnsparser.c +++ b/src/dns/dnsparser.c @@ -1170,7 +1170,10 @@ GNUNET_DNSPARSER_pack (const struct GNUNET_DNSPARSER_Packet *p, trc = GNUNET_NO; for (i=0;inum_queries;i++) { - ret = GNUNET_DNSPARSER_builder_add_query (tmp, sizeof (tmp), &off, &p->queries[i]); + ret = GNUNET_DNSPARSER_builder_add_query (tmp, + sizeof (tmp), + &off, + &p->queries[i]); if (GNUNET_SYSERR == ret) return GNUNET_SYSERR; if (GNUNET_NO == ret) @@ -1182,7 +1185,10 @@ GNUNET_DNSPARSER_pack (const struct GNUNET_DNSPARSER_Packet *p, } for (i=0;inum_answers;i++) { - ret = add_record (tmp, sizeof (tmp), &off, &p->answers[i]); + ret = add_record (tmp, + sizeof (tmp), + &off, + &p->answers[i]); if (GNUNET_SYSERR == ret) return GNUNET_SYSERR; if (GNUNET_NO == ret) @@ -1194,7 +1200,10 @@ GNUNET_DNSPARSER_pack (const struct GNUNET_DNSPARSER_Packet *p, } for (i=0;inum_authority_records;i++) { - ret = add_record (tmp, sizeof (tmp), &off, &p->authority_records[i]); + ret = add_record (tmp, + sizeof (tmp), + &off, + &p->authority_records[i]); if (GNUNET_SYSERR == ret) return GNUNET_SYSERR; if (GNUNET_NO == ret) @@ -1206,7 +1215,10 @@ GNUNET_DNSPARSER_pack (const struct GNUNET_DNSPARSER_Packet *p, } for (i=0;inum_additional_records;i++) { - ret = add_record (tmp, sizeof (tmp), &off, &p->additional_records[i]); + ret = add_record (tmp, + sizeof (tmp), + &off, + &p->additional_records[i]); if (GNUNET_SYSERR == ret) return GNUNET_SYSERR; if (GNUNET_NO == ret) @@ -1219,11 +1231,15 @@ GNUNET_DNSPARSER_pack (const struct GNUNET_DNSPARSER_Packet *p, if (GNUNET_YES == trc) dns.flags.message_truncated = 1; - GNUNET_memcpy (tmp, &dns, sizeof (struct GNUNET_TUN_DnsHeader)); + GNUNET_memcpy (tmp, + &dns, + sizeof (struct GNUNET_TUN_DnsHeader)); *buf = GNUNET_malloc (off); *buf_length = off; - GNUNET_memcpy (*buf, tmp, off); + GNUNET_memcpy (*buf, + tmp, + off); if (GNUNET_YES == trc) return GNUNET_NO; return GNUNET_OK; diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c index 54d7ff94b..e14a05d45 100644 --- a/src/gns/gnunet-service-gns_resolver.c +++ b/src/gns/gnunet-service-gns_resolver.c @@ -1019,6 +1019,7 @@ recursive_dns_resolution (struct GNS_ResolverHandle *rh) struct GNUNET_DNSPARSER_Packet *p; char *dns_request; size_t dns_request_length; + int ret; ac = rh->ac_tail; GNUNET_assert (NULL != ac); @@ -1051,11 +1052,16 @@ recursive_dns_resolution (struct GNS_ResolverHandle *rh) UINT16_MAX); p->flags.opcode = GNUNET_TUN_DNS_OPCODE_QUERY; p->flags.recursion_desired = 1; - if (GNUNET_OK != - GNUNET_DNSPARSER_pack (p, 1024, &dns_request, &dns_request_length)) + ret = GNUNET_DNSPARSER_pack (p, + 1024, + &dns_request, + &dns_request_length); + if (GNUNET_OK != ret) { GNUNET_break (0); - rh->proc (rh->proc_cls, 0, NULL); + rh->proc (rh->proc_cls, + 0, + NULL); GNS_resolver_lookup_cancel (rh); } else @@ -1071,7 +1077,8 @@ recursive_dns_resolution (struct GNS_ResolverHandle *rh) &fail_resolution, rh); } - GNUNET_free (dns_request); + if (GNUNET_SYSERR != ret) + GNUNET_free (dns_request); GNUNET_DNSPARSER_free_packet (p); } @@ -1462,10 +1469,10 @@ handle_gns_resolution_result (void *cls, vpn_ctx->rd_data = GNUNET_malloc (vpn_ctx->rd_data_size); vpn_ctx->rd_count = rd_count; GNUNET_assert (vpn_ctx->rd_data_size == - GNUNET_GNSRECORD_records_serialize (rd_count, - rd, - vpn_ctx->rd_data_size, - vpn_ctx->rd_data)); + (size_t) GNUNET_GNSRECORD_records_serialize (rd_count, + rd, + vpn_ctx->rd_data_size, + vpn_ctx->rd_data)); vpn_ctx->vpn_request = GNUNET_VPN_redirect_to_peer (vpn_handle, af, ntohs (vpn->proto), -- 2.25.1