From 9c6e7dfc1338ef696bdeb416ea3f15af833a3d19 Mon Sep 17 00:00:00 2001 From: csoler Date: Mon, 11 Jan 2016 23:49:00 -0500 Subject: [PATCH] added checks after mallocs in several files --- libbitdht/src/bitdht/bdnode.cc | 7 +++++ libbitdht/src/bitdht/bencode.c | 26 +++++++++++++++++++ libbitdht/src/udp/udplayer.cc | 12 ++++++++- libbitdht/src/util/bdbloom.cc | 14 ++++++++++ libretroshare/src/ft/ftcontroller.cc | 7 +++++ libretroshare/src/ft/ftserver.cc | 7 +++++ .../src/ft/ftturtlefiletransferitem.cc | 14 ++++++++-- libretroshare/src/grouter/grouteritems.cc | 7 +++++ libretroshare/src/grouter/grouteritems.h | 6 +++++ libretroshare/src/grouter/p3grouter.cc | 6 +++++ libretroshare/src/gxs/gxssecurity.cc | 13 ++++++++++ libretroshare/src/gxstunnel/p3gxstunnel.cc | 24 ++++++++++++++--- libretroshare/src/pgp/pgphandler.cc | 6 +++++ openpgpsdk/src/openpgpsdk/util.c | 13 ++++++---- plugins/VOIP/services/p3VOIP.cc | 7 +++++ 15 files changed, 157 insertions(+), 12 deletions(-) diff --git a/libbitdht/src/bitdht/bdnode.cc b/libbitdht/src/bitdht/bdnode.cc index 9161c6991..a994db475 100644 --- a/libbitdht/src/bitdht/bdnode.cc +++ b/libbitdht/src/bitdht/bdnode.cc @@ -2399,6 +2399,13 @@ bdNodeNetMsg::bdNodeNetMsg(char *msg, int len, struct sockaddr_in *in_addr) :data(NULL), mSize(len), addr(*in_addr) { data = (char *) malloc(len); + + if(data == NULL) + { + std::cerr << "(EE) " << __PRETTY_FUNCTION__ << ": ERROR. cannot allocate memory for " << len << " bytes." << std::endl; + return ; + } + memcpy(data, msg, len); //print(std::cerr); } diff --git a/libbitdht/src/bitdht/bencode.c b/libbitdht/src/bitdht/bencode.c index 2a486daca..4678677f7 100644 --- a/libbitdht/src/bitdht/bencode.c +++ b/libbitdht/src/bitdht/bencode.c @@ -20,6 +20,7 @@ */ #include +#include #include /* malloc() realloc() free() strtoll() */ #include /* memset() */ #include "util/bdstring.h" @@ -111,6 +112,13 @@ static char *_be_decode_str(const char **data, long long *data_len) if (**data == ':') { char *_ret = (char *) malloc(sizeof(sllen) + len + 1); + + if(_ret == NULL) + { + std::cerr << "(EE) " << __PRETTY_FUNCTION__ << ": ERROR. cannot allocate memory for " << len+1+sizeof(sllen) << " bytes." << std::endl; + return NULL; + } + memcpy(_ret, &sllen, sizeof(sllen)); ret = _ret + sizeof(sllen); memcpy(ret, *data + 1, len); @@ -500,6 +508,12 @@ be_node *be_create_str(const char *str) int len = strlen(str); long long int sllen = len; char *_ret = (char *) malloc(sizeof(sllen) + len + 1); + + if(_ret == NULL) + { + std::cerr << "(EE) " << __PRETTY_FUNCTION__ << ": ERROR. cannot allocate memory for " << len+1+sizeof(sllen) << " bytes." << std::endl; + return NULL; + } char *ret = NULL; memcpy(_ret, &sllen, sizeof(sllen)); @@ -519,6 +533,12 @@ be_node *be_create_str_wlen(const char *str, int len) /* not including \0 */ be_node *n = be_alloc(BE_STR); long long int sllen = len; char *_ret = (char *) malloc(sizeof(sllen) + len + 1); + + if(_ret == NULL) + { + std::cerr << "(EE) " << __PRETTY_FUNCTION__ << ": ERROR. cannot allocate memory for " << len+1+sizeof(sllen) << " bytes." << std::endl; + return NULL; + } char *ret = NULL; memcpy(_ret, &sllen, sizeof(sllen)); @@ -561,6 +581,12 @@ int be_add_keypair(be_node *dict, const char *str, be_node *node) int len = strlen(str); long long int sllen = len; char *_ret = (char *) malloc(sizeof(sllen) + len + 1); + + if(_ret == NULL) + { + std::cerr << "(EE) " << __PRETTY_FUNCTION__ << ": ERROR. cannot allocate memory for " << len+1+sizeof(sllen) << " bytes." << std::endl; + return 0; + } char *ret = NULL; //fprintf(stderr, "be_add_keypair() key len = %d\n",len); diff --git a/libbitdht/src/udp/udplayer.cc b/libbitdht/src/udp/udplayer.cc index 71dfd4f9a..db048b857 100644 --- a/libbitdht/src/udp/udplayer.cc +++ b/libbitdht/src/udp/udplayer.cc @@ -66,7 +66,11 @@ class udpPacket :raddr(*addr), len(dlen) { data = malloc(len); - memcpy(data, dta, len); + + if(data != NULL) + memcpy(data, dta, len); + else + std::cerr << "(EE) error in memory allocation in " << __PRETTY_FUNCTION__ << std::endl; } ~udpPacket() @@ -242,6 +246,12 @@ void UdpLayer::recv_loop() int maxsize = 16000; void *inbuf = malloc(maxsize); + if(inbuf == NULL) + { + std::cerr << "(EE) Error in memory allocation of size " << maxsize << " in " << __PRETTY_FUNCTION__ << std::endl; + return ; + } + int status; struct timeval timeout; diff --git a/libbitdht/src/util/bdbloom.cc b/libbitdht/src/util/bdbloom.cc index 1d6566d52..36f3a3bee 100644 --- a/libbitdht/src/util/bdbloom.cc +++ b/libbitdht/src/util/bdbloom.cc @@ -100,6 +100,13 @@ int bloomFilter::setFilterBits(const std::string &hex) // convert to binary array. uint8_t *tmparray = (uint8_t *) malloc(bytes); + + if(tmparray == NULL) + { + std::cerr << "(EE) Error. Cannot allocate memory for " << bytes << " bytes in " << __PRETTY_FUNCTION__ << std::endl; + return 0; + } + uint32_t i = 0; for(i = 0; i < bytes; i++) @@ -139,6 +146,13 @@ std::string bloomFilter::getFilter() // convert to binary array. uint8_t *tmparray = (uint8_t *) malloc(bytes); + + if(tmparray == NULL) + { + std::cerr << "(EE) Error. Cannot allocate memory for " << bytes << " bytes in " << __PRETTY_FUNCTION__ << std::endl; + return std::string(); + } + int i,j; for(i = 0; i < bytes; i++) diff --git a/libretroshare/src/ft/ftcontroller.cc b/libretroshare/src/ft/ftcontroller.cc index b58650a1a..3593977c8 100644 --- a/libretroshare/src/ft/ftcontroller.cc +++ b/libretroshare/src/ft/ftcontroller.cc @@ -749,6 +749,13 @@ bool ftController::copyFile(const std::string& source,const std::string& dest) static const int BUFF_SIZE = 10485760 ; // 10 MB buffer to speed things up. void *buffer = malloc(BUFF_SIZE) ; + if(buffer == NULL) + { + std::cerr << "(EE) Error while allocating memory for " << BUFF_SIZE << " bytes in " << __PRETTY_FUNCTION__ << std::endl; + fclose (in); + fclose (out); + return false ; + } bool bRet = true; while( (s = fread(buffer,1,BUFF_SIZE,in)) > 0) diff --git a/libretroshare/src/ft/ftserver.cc b/libretroshare/src/ft/ftserver.cc index ae0c8354a..7ea0a57c0 100644 --- a/libretroshare/src/ft/ftserver.cc +++ b/libretroshare/src/ft/ftserver.cc @@ -465,6 +465,8 @@ RsTurtleGenericTunnelItem *ftServer::deserialiseItem(void *data,uint32_t size) c return NULL; /* wrong type */ } + try + { switch(getRsItemSubType(rstype)) { case RS_TURTLE_SUBTYPE_FILE_REQUEST : return new RsTurtleFileRequestItem(data,size) ; @@ -477,6 +479,11 @@ RsTurtleGenericTunnelItem *ftServer::deserialiseItem(void *data,uint32_t size) c default: return NULL ; } + } + catch(std::exception& e) + { + std::cerr << "(EE) deserialisation error in " << __PRETTY_FUNCTION__ << ": " << e.what() << std::endl; + } } void ftServer::addVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id,RsTurtleGenericTunnelItem::Direction dir) diff --git a/libretroshare/src/ft/ftturtlefiletransferitem.cc b/libretroshare/src/ft/ftturtlefiletransferitem.cc index 938c76796..65cfede70 100644 --- a/libretroshare/src/ft/ftturtlefiletransferitem.cc +++ b/libretroshare/src/ft/ftturtlefiletransferitem.cc @@ -422,14 +422,24 @@ RsTurtleFileDataItem::RsTurtleFileDataItem(void *data,uint32_t pktsize) uint32_t offset = 8; // skip the header uint32_t rssize = getRsItemSize(data); - /* add mandatory parts first */ - bool ok = true ; + + if(rssize > pktsize) + ok = false ; + + /* add mandatory parts first */ ok &= getRawUInt32(data, pktsize, &offset, &tunnel_id) ; ok &= getRawUInt64(data, pktsize, &offset, &chunk_offset); ok &= getRawUInt32(data, pktsize, &offset, &chunk_size); + if(chunk_size > rssize || rssize - chunk_size < offset) + throw std::runtime_error("RsTurtleFileDataItem::() error while deserializing.") ; + chunk_data = (void*)malloc(chunk_size) ; + + if(chunk_data == NULL) + throw std::runtime_error("RsTurtleFileDataItem::() cannot allocate memory.") ; + memcpy(chunk_data,(void*)((unsigned char*)data+offset),chunk_size) ; offset += chunk_size ; diff --git a/libretroshare/src/grouter/grouteritems.cc b/libretroshare/src/grouter/grouteritems.cc index 17b3cb2b4..cb9c93083 100644 --- a/libretroshare/src/grouter/grouteritems.cc +++ b/libretroshare/src/grouter/grouteritems.cc @@ -349,6 +349,13 @@ RsGRouterGenericDataItem *RsGRouterGenericDataItem::duplicate() const // then duplicate the memory chunk item->data_bytes = (uint8_t*)malloc(data_size) ; + + if(item->data_bytes == NULL) + { + std::cerr << "(EE) memory allocation error for " << data_size << " bytes in " << __PRETTY_FUNCTION__ << std::endl; + return NULL ; + } + memcpy(item->data_bytes,data_bytes,data_size) ; return item ; diff --git a/libretroshare/src/grouter/grouteritems.h b/libretroshare/src/grouter/grouteritems.h index 574c7b3c4..d72d78c4e 100644 --- a/libretroshare/src/grouter/grouteritems.h +++ b/libretroshare/src/grouter/grouteritems.h @@ -195,6 +195,12 @@ class RsGRouterTransactionChunkItem: public RsGRouterTransactionItem, public RsG RsGRouterTransactionChunkItem *item = new RsGRouterTransactionChunkItem ; *item = *this ; // copy all fields item->chunk_data = (uint8_t*)malloc(chunk_size) ; // deep copy memory chunk + + if(item->chunk_data == NULL) + { + std::cerr << "(EE) Memory allocation error in " << __PRETTY_FUNCTION__ << " for size " << chunk_size << std::endl; + return NULL ; + } memcpy(item->chunk_data,chunk_data,chunk_size) ; return item ; } diff --git a/libretroshare/src/grouter/p3grouter.cc b/libretroshare/src/grouter/p3grouter.cc index 61721e312..4a42aa33b 100644 --- a/libretroshare/src/grouter/p3grouter.cc +++ b/libretroshare/src/grouter/p3grouter.cc @@ -1922,6 +1922,12 @@ bool p3GRouter::sendData(const RsGxsId& destination,const GRouterServiceId& clie RsGRouterGenericDataItem *data_item = new RsGRouterGenericDataItem ; data_item->data_bytes = (uint8_t*)malloc(data_size) ; + + if(data_item->data_bytes == NULL) + { + std::cerr << "(EE) memory allocaiton error for " << data_size << " bytes in " << __PRETTY_FUNCTION__<< std::endl; + return false ; + } memcpy(data_item->data_bytes,data,data_size) ; data_item->data_size = data_size ; diff --git a/libretroshare/src/gxs/gxssecurity.cc b/libretroshare/src/gxs/gxssecurity.cc index 37e33be88..46e81315f 100644 --- a/libretroshare/src/gxs/gxssecurity.cc +++ b/libretroshare/src/gxs/gxssecurity.cc @@ -445,6 +445,13 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u int max_evp_key_size = EVP_PKEY_size(public_key); ek = (unsigned char*)malloc(max_evp_key_size); + + if(ek == NULL) + { + std::cerr << "(EE) memory allocation error for " << max_evp_key_size << " bytes in " << __PRETTY_FUNCTION__ << std::endl; + return false ; + } + const EVP_CIPHER *cipher = EVP_aes_128_cbc(); int cipher_block_size = EVP_CIPHER_block_size(cipher); int size_net_ekl = sizeof(net_ekl); @@ -541,6 +548,12 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, EVP_CIPHER_CTX ctx; int eklen = 0, net_ekl = 0; unsigned char *ek = (unsigned char*)malloc(EVP_PKEY_size(privateKey)); + + if(ek == NULL) + { + std::cerr << "Memory allocation error in " << __PRETTY_FUNCTION__ << " for " << EVP_PKEY_size(privateKey) << " bytes." << std::endl; + return false ; + } unsigned char iv[EVP_MAX_IV_LENGTH]; EVP_CIPHER_CTX_init(&ctx); diff --git a/libretroshare/src/gxstunnel/p3gxstunnel.cc b/libretroshare/src/gxstunnel/p3gxstunnel.cc index ccd20087c..ecb130974 100644 --- a/libretroshare/src/gxstunnel/p3gxstunnel.cc +++ b/libretroshare/src/gxstunnel/p3gxstunnel.cc @@ -856,7 +856,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item) #endif uint32_t pubkey_size = BN_num_bytes(item->public_key) ; - unsigned char *data = (unsigned char *)malloc(pubkey_size) ; + RsTemporaryMemory data(pubkey_size) ; BN_bn2bin(item->public_key, data) ; RsTlvSecurityKey signature_key ; @@ -901,7 +901,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item) signature_key = item->gxs_key ; } - if(!GxsSecurity::validateSignature((char*)data,pubkey_size,signature_key,item->signature)) + if(!GxsSecurity::validateSignature((char*)(unsigned char*)data,pubkey_size,signature_key,item->signature)) { std::cerr << "(SS) Signature was verified and it doesn't check! This is a security issue!" << std::endl; return ; @@ -939,7 +939,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item) // Looks for the DH params. If not there yet, create them. // int size = DH_size(it->second.dh) ; - unsigned char *key_buff = new unsigned char[size] ; + RsTemporaryMemory key_buff(size) ; if(size != DH_compute_key(key_buff,item->public_key,it->second.dh)) { @@ -959,7 +959,6 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item) assert(GXS_TUNNEL_AES_KEY_SIZE <= Sha1CheckSum::SIZE_IN_BYTES) ; memcpy(pinfo.aes_key, RsDirUtil::sha1sum(key_buff,size).toByteArray(),GXS_TUNNEL_AES_KEY_SIZE) ; - delete[] key_buff ; pinfo.last_contact = time(NULL) ; pinfo.last_keep_alive_sent = time(NULL) ; @@ -1138,6 +1137,12 @@ bool p3GxsTunnelService::locked_sendClearTunnelData(RsGxsTunnelDHPublicKeyItem * gitem->data_size = rssize + 8 ; gitem->data_bytes = malloc(rssize+8) ; + if(gitem->data_bytes == NULL) + { + std::cerr << "(EE) could not allocate " << rssize+8 << " bytes of data in " << __PRETTY_FUNCTION__ << std::endl; + delete gitem ; + return NULL ; + } // by convention, we use a IV of 0 for unencrypted data. memset(gitem->data_bytes,0,8) ; @@ -1223,6 +1228,11 @@ bool p3GxsTunnelService::locked_sendEncryptedTunnelData(RsGxsTunnelItem *item) gitem->data_size = encrypted_size + GXS_TUNNEL_ENCRYPTION_IV_SIZE + GXS_TUNNEL_ENCRYPTION_HMAC_SIZE ; gitem->data_bytes = malloc(gitem->data_size) ; + if(gitem->data_bytes == NULL) + { + std::cerr << "(EE) cannot allocate " << gitem->data_size << " bytes of memory in " << __PRETTY_FUNCTION__<< std::endl; + return false ; + } memcpy(& ((uint8_t*)gitem->data_bytes)[0] ,&IV,8) ; unsigned int md_len = GXS_TUNNEL_ENCRYPTION_HMAC_SIZE ; @@ -1317,6 +1327,12 @@ bool p3GxsTunnelService::sendData(const RsGxsTunnelId &tunnel_id, uint32_t servi item->service_id = service_id; item->data_size = size; // encrypted data size item->data = (uint8_t*)malloc(size); // encrypted data + + if(item->data == NULL) + { + std::cerr << "(EE) Cannot allocate " << size << " bytes of memory in " << __PRETTY_FUNCTION__ << std::endl; + delete item ; + } item->PeerId(RsPeerId(tunnel_id)) ; memcpy(item->data,data,size) ; diff --git a/libretroshare/src/pgp/pgphandler.cc b/libretroshare/src/pgp/pgphandler.cc index 76850b4e6..685a2f739 100644 --- a/libretroshare/src/pgp/pgphandler.cc +++ b/libretroshare/src/pgp/pgphandler.cc @@ -40,6 +40,12 @@ PassphraseCallback PGPHandler::_passphrase_callback = NULL ; ops_keyring_t *PGPHandler::allocateOPSKeyring() { ops_keyring_t *kr = (ops_keyring_t*)malloc(sizeof(ops_keyring_t)) ; + + if(kr == NULL) + { + std::cerr << "(EE) Cannot allocate memory for " << sizeof(ops_keyring_t) << " bytes in " << __PRETTY_FUNCTION__ << std::endl; + return NULL ; + } kr->nkeys = 0 ; kr->nkeys_allocated = 0 ; kr->keys = 0 ; diff --git a/openpgpsdk/src/openpgpsdk/util.c b/openpgpsdk/src/openpgpsdk/util.c index 88fe3f100..491611b8b 100644 --- a/openpgpsdk/src/openpgpsdk/util.c +++ b/openpgpsdk/src/openpgpsdk/util.c @@ -114,13 +114,16 @@ void ops_finish(void) \note Should be freed after use with free(). */ void *ops_mallocz(size_t n) - { - void *m=malloc(n); +{ + void *m=malloc(n); - memset(m,'\0',n); + if(m == NULL) + fprintf(stderr,"(EE) Cannot allocate %d bytes of memory in %s\n",n,__PRETTY_FUNCTION__) ; + else + memset(m,'\0',n); - return m; - } + return m; +} typedef struct { diff --git a/plugins/VOIP/services/p3VOIP.cc b/plugins/VOIP/services/p3VOIP.cc index d5cc4b06b..a17854379 100644 --- a/plugins/VOIP/services/p3VOIP.cc +++ b/plugins/VOIP/services/p3VOIP.cc @@ -433,6 +433,13 @@ bool p3VOIP::getIncomingData(const RsPeerId& peer_id,std::vectordata_size ; chunk.data = malloc((*it2)->data_size) ; + + if(chunk.data == NULL) + { + std::cerr << "(EE) p3VOIP::getIncomingData(): error. Cannot allocate memory for chunk of size " << chunk.size << std::endl; + delete *it2 ; + continue ; + } uint32_t type_flags = (*it2)->flags & (RS_VOIP_FLAGS_AUDIO_DATA | RS_VOIP_FLAGS_VIDEO_DATA) ; if(type_flags == RS_VOIP_FLAGS_AUDIO_DATA)