added checks after mallocs in several files

This commit is contained in:
csoler 2016-01-11 23:49:00 -05:00
parent 46520b0e22
commit 9c6e7dfc13
15 changed files with 157 additions and 12 deletions

View File

@ -2399,6 +2399,13 @@ bdNodeNetMsg::bdNodeNetMsg(char *msg, int len, struct sockaddr_in *in_addr)
:data(NULL), mSize(len), addr(*in_addr) :data(NULL), mSize(len), addr(*in_addr)
{ {
data = (char *) malloc(len); data = (char *) malloc(len);
if(data == NULL)
{
std::cerr << "(EE) " << __PRETTY_FUNCTION__ << ": ERROR. cannot allocate memory for " << len << " bytes." << std::endl;
return ;
}
memcpy(data, msg, len); memcpy(data, msg, len);
//print(std::cerr); //print(std::cerr);
} }

View File

@ -20,6 +20,7 @@
*/ */
#include <stdio.h> #include <stdio.h>
#include <iostream>
#include <stdlib.h> /* malloc() realloc() free() strtoll() */ #include <stdlib.h> /* malloc() realloc() free() strtoll() */
#include <string.h> /* memset() */ #include <string.h> /* memset() */
#include "util/bdstring.h" #include "util/bdstring.h"
@ -111,6 +112,13 @@ static char *_be_decode_str(const char **data, long long *data_len)
if (**data == ':') { if (**data == ':') {
char *_ret = (char *) malloc(sizeof(sllen) + len + 1); char *_ret = (char *) malloc(sizeof(sllen) + len + 1);
if(_ret == NULL)
{
std::cerr << "(EE) " << __PRETTY_FUNCTION__ << ": ERROR. cannot allocate memory for " << len+1+sizeof(sllen) << " bytes." << std::endl;
return NULL;
}
memcpy(_ret, &sllen, sizeof(sllen)); memcpy(_ret, &sllen, sizeof(sllen));
ret = _ret + sizeof(sllen); ret = _ret + sizeof(sllen);
memcpy(ret, *data + 1, len); memcpy(ret, *data + 1, len);
@ -500,6 +508,12 @@ be_node *be_create_str(const char *str)
int len = strlen(str); int len = strlen(str);
long long int sllen = len; long long int sllen = len;
char *_ret = (char *) malloc(sizeof(sllen) + len + 1); char *_ret = (char *) malloc(sizeof(sllen) + len + 1);
if(_ret == NULL)
{
std::cerr << "(EE) " << __PRETTY_FUNCTION__ << ": ERROR. cannot allocate memory for " << len+1+sizeof(sllen) << " bytes." << std::endl;
return NULL;
}
char *ret = NULL; char *ret = NULL;
memcpy(_ret, &sllen, sizeof(sllen)); memcpy(_ret, &sllen, sizeof(sllen));
@ -519,6 +533,12 @@ be_node *be_create_str_wlen(const char *str, int len) /* not including \0 */
be_node *n = be_alloc(BE_STR); be_node *n = be_alloc(BE_STR);
long long int sllen = len; long long int sllen = len;
char *_ret = (char *) malloc(sizeof(sllen) + len + 1); char *_ret = (char *) malloc(sizeof(sllen) + len + 1);
if(_ret == NULL)
{
std::cerr << "(EE) " << __PRETTY_FUNCTION__ << ": ERROR. cannot allocate memory for " << len+1+sizeof(sllen) << " bytes." << std::endl;
return NULL;
}
char *ret = NULL; char *ret = NULL;
memcpy(_ret, &sllen, sizeof(sllen)); memcpy(_ret, &sllen, sizeof(sllen));
@ -561,6 +581,12 @@ int be_add_keypair(be_node *dict, const char *str, be_node *node)
int len = strlen(str); int len = strlen(str);
long long int sllen = len; long long int sllen = len;
char *_ret = (char *) malloc(sizeof(sllen) + len + 1); char *_ret = (char *) malloc(sizeof(sllen) + len + 1);
if(_ret == NULL)
{
std::cerr << "(EE) " << __PRETTY_FUNCTION__ << ": ERROR. cannot allocate memory for " << len+1+sizeof(sllen) << " bytes." << std::endl;
return 0;
}
char *ret = NULL; char *ret = NULL;
//fprintf(stderr, "be_add_keypair() key len = %d\n",len); //fprintf(stderr, "be_add_keypair() key len = %d\n",len);

View File

@ -66,7 +66,11 @@ class udpPacket
:raddr(*addr), len(dlen) :raddr(*addr), len(dlen)
{ {
data = malloc(len); data = malloc(len);
if(data != NULL)
memcpy(data, dta, len); memcpy(data, dta, len);
else
std::cerr << "(EE) error in memory allocation in " << __PRETTY_FUNCTION__ << std::endl;
} }
~udpPacket() ~udpPacket()
@ -242,6 +246,12 @@ void UdpLayer::recv_loop()
int maxsize = 16000; int maxsize = 16000;
void *inbuf = malloc(maxsize); void *inbuf = malloc(maxsize);
if(inbuf == NULL)
{
std::cerr << "(EE) Error in memory allocation of size " << maxsize << " in " << __PRETTY_FUNCTION__ << std::endl;
return ;
}
int status; int status;
struct timeval timeout; struct timeval timeout;

View File

@ -100,6 +100,13 @@ int bloomFilter::setFilterBits(const std::string &hex)
// convert to binary array. // convert to binary array.
uint8_t *tmparray = (uint8_t *) malloc(bytes); uint8_t *tmparray = (uint8_t *) malloc(bytes);
if(tmparray == NULL)
{
std::cerr << "(EE) Error. Cannot allocate memory for " << bytes << " bytes in " << __PRETTY_FUNCTION__ << std::endl;
return 0;
}
uint32_t i = 0; uint32_t i = 0;
for(i = 0; i < bytes; i++) for(i = 0; i < bytes; i++)
@ -139,6 +146,13 @@ std::string bloomFilter::getFilter()
// convert to binary array. // convert to binary array.
uint8_t *tmparray = (uint8_t *) malloc(bytes); uint8_t *tmparray = (uint8_t *) malloc(bytes);
if(tmparray == NULL)
{
std::cerr << "(EE) Error. Cannot allocate memory for " << bytes << " bytes in " << __PRETTY_FUNCTION__ << std::endl;
return std::string();
}
int i,j; int i,j;
for(i = 0; i < bytes; i++) for(i = 0; i < bytes; i++)

View File

@ -749,6 +749,13 @@ bool ftController::copyFile(const std::string& source,const std::string& dest)
static const int BUFF_SIZE = 10485760 ; // 10 MB buffer to speed things up. static const int BUFF_SIZE = 10485760 ; // 10 MB buffer to speed things up.
void *buffer = malloc(BUFF_SIZE) ; void *buffer = malloc(BUFF_SIZE) ;
if(buffer == NULL)
{
std::cerr << "(EE) Error while allocating memory for " << BUFF_SIZE << " bytes in " << __PRETTY_FUNCTION__ << std::endl;
fclose (in);
fclose (out);
return false ;
}
bool bRet = true; bool bRet = true;
while( (s = fread(buffer,1,BUFF_SIZE,in)) > 0) while( (s = fread(buffer,1,BUFF_SIZE,in)) > 0)

View File

@ -465,6 +465,8 @@ RsTurtleGenericTunnelItem *ftServer::deserialiseItem(void *data,uint32_t size) c
return NULL; /* wrong type */ return NULL; /* wrong type */
} }
try
{
switch(getRsItemSubType(rstype)) switch(getRsItemSubType(rstype))
{ {
case RS_TURTLE_SUBTYPE_FILE_REQUEST : return new RsTurtleFileRequestItem(data,size) ; case RS_TURTLE_SUBTYPE_FILE_REQUEST : return new RsTurtleFileRequestItem(data,size) ;
@ -477,6 +479,11 @@ RsTurtleGenericTunnelItem *ftServer::deserialiseItem(void *data,uint32_t size) c
default: default:
return NULL ; return NULL ;
} }
}
catch(std::exception& e)
{
std::cerr << "(EE) deserialisation error in " << __PRETTY_FUNCTION__ << ": " << e.what() << std::endl;
}
} }
void ftServer::addVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id,RsTurtleGenericTunnelItem::Direction dir) void ftServer::addVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id,RsTurtleGenericTunnelItem::Direction dir)

View File

@ -422,14 +422,24 @@ RsTurtleFileDataItem::RsTurtleFileDataItem(void *data,uint32_t pktsize)
uint32_t offset = 8; // skip the header uint32_t offset = 8; // skip the header
uint32_t rssize = getRsItemSize(data); uint32_t rssize = getRsItemSize(data);
/* add mandatory parts first */
bool ok = true ; bool ok = true ;
if(rssize > pktsize)
ok = false ;
/* add mandatory parts first */
ok &= getRawUInt32(data, pktsize, &offset, &tunnel_id) ; ok &= getRawUInt32(data, pktsize, &offset, &tunnel_id) ;
ok &= getRawUInt64(data, pktsize, &offset, &chunk_offset); ok &= getRawUInt64(data, pktsize, &offset, &chunk_offset);
ok &= getRawUInt32(data, pktsize, &offset, &chunk_size); ok &= getRawUInt32(data, pktsize, &offset, &chunk_size);
if(chunk_size > rssize || rssize - chunk_size < offset)
throw std::runtime_error("RsTurtleFileDataItem::() error while deserializing.") ;
chunk_data = (void*)malloc(chunk_size) ; chunk_data = (void*)malloc(chunk_size) ;
if(chunk_data == NULL)
throw std::runtime_error("RsTurtleFileDataItem::() cannot allocate memory.") ;
memcpy(chunk_data,(void*)((unsigned char*)data+offset),chunk_size) ; memcpy(chunk_data,(void*)((unsigned char*)data+offset),chunk_size) ;
offset += chunk_size ; offset += chunk_size ;

View File

@ -349,6 +349,13 @@ RsGRouterGenericDataItem *RsGRouterGenericDataItem::duplicate() const
// then duplicate the memory chunk // then duplicate the memory chunk
item->data_bytes = (uint8_t*)malloc(data_size) ; item->data_bytes = (uint8_t*)malloc(data_size) ;
if(item->data_bytes == NULL)
{
std::cerr << "(EE) memory allocation error for " << data_size << " bytes in " << __PRETTY_FUNCTION__ << std::endl;
return NULL ;
}
memcpy(item->data_bytes,data_bytes,data_size) ; memcpy(item->data_bytes,data_bytes,data_size) ;
return item ; return item ;

View File

@ -195,6 +195,12 @@ class RsGRouterTransactionChunkItem: public RsGRouterTransactionItem, public RsG
RsGRouterTransactionChunkItem *item = new RsGRouterTransactionChunkItem ; RsGRouterTransactionChunkItem *item = new RsGRouterTransactionChunkItem ;
*item = *this ; // copy all fields *item = *this ; // copy all fields
item->chunk_data = (uint8_t*)malloc(chunk_size) ; // deep copy memory chunk item->chunk_data = (uint8_t*)malloc(chunk_size) ; // deep copy memory chunk
if(item->chunk_data == NULL)
{
std::cerr << "(EE) Memory allocation error in " << __PRETTY_FUNCTION__ << " for size " << chunk_size << std::endl;
return NULL ;
}
memcpy(item->chunk_data,chunk_data,chunk_size) ; memcpy(item->chunk_data,chunk_data,chunk_size) ;
return item ; return item ;
} }

View File

@ -1922,6 +1922,12 @@ bool p3GRouter::sendData(const RsGxsId& destination,const GRouterServiceId& clie
RsGRouterGenericDataItem *data_item = new RsGRouterGenericDataItem ; RsGRouterGenericDataItem *data_item = new RsGRouterGenericDataItem ;
data_item->data_bytes = (uint8_t*)malloc(data_size) ; data_item->data_bytes = (uint8_t*)malloc(data_size) ;
if(data_item->data_bytes == NULL)
{
std::cerr << "(EE) memory allocaiton error for " << data_size << " bytes in " << __PRETTY_FUNCTION__<< std::endl;
return false ;
}
memcpy(data_item->data_bytes,data,data_size) ; memcpy(data_item->data_bytes,data,data_size) ;
data_item->data_size = data_size ; data_item->data_size = data_size ;

View File

@ -445,6 +445,13 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
int max_evp_key_size = EVP_PKEY_size(public_key); int max_evp_key_size = EVP_PKEY_size(public_key);
ek = (unsigned char*)malloc(max_evp_key_size); ek = (unsigned char*)malloc(max_evp_key_size);
if(ek == NULL)
{
std::cerr << "(EE) memory allocation error for " << max_evp_key_size << " bytes in " << __PRETTY_FUNCTION__ << std::endl;
return false ;
}
const EVP_CIPHER *cipher = EVP_aes_128_cbc(); const EVP_CIPHER *cipher = EVP_aes_128_cbc();
int cipher_block_size = EVP_CIPHER_block_size(cipher); int cipher_block_size = EVP_CIPHER_block_size(cipher);
int size_net_ekl = sizeof(net_ekl); int size_net_ekl = sizeof(net_ekl);
@ -541,6 +548,12 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
int eklen = 0, net_ekl = 0; int eklen = 0, net_ekl = 0;
unsigned char *ek = (unsigned char*)malloc(EVP_PKEY_size(privateKey)); unsigned char *ek = (unsigned char*)malloc(EVP_PKEY_size(privateKey));
if(ek == NULL)
{
std::cerr << "Memory allocation error in " << __PRETTY_FUNCTION__ << " for " << EVP_PKEY_size(privateKey) << " bytes." << std::endl;
return false ;
}
unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH];
EVP_CIPHER_CTX_init(&ctx); EVP_CIPHER_CTX_init(&ctx);

View File

@ -856,7 +856,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item)
#endif #endif
uint32_t pubkey_size = BN_num_bytes(item->public_key) ; uint32_t pubkey_size = BN_num_bytes(item->public_key) ;
unsigned char *data = (unsigned char *)malloc(pubkey_size) ; RsTemporaryMemory data(pubkey_size) ;
BN_bn2bin(item->public_key, data) ; BN_bn2bin(item->public_key, data) ;
RsTlvSecurityKey signature_key ; RsTlvSecurityKey signature_key ;
@ -901,7 +901,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item)
signature_key = item->gxs_key ; signature_key = item->gxs_key ;
} }
if(!GxsSecurity::validateSignature((char*)data,pubkey_size,signature_key,item->signature)) if(!GxsSecurity::validateSignature((char*)(unsigned char*)data,pubkey_size,signature_key,item->signature))
{ {
std::cerr << "(SS) Signature was verified and it doesn't check! This is a security issue!" << std::endl; std::cerr << "(SS) Signature was verified and it doesn't check! This is a security issue!" << std::endl;
return ; return ;
@ -939,7 +939,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item)
// Looks for the DH params. If not there yet, create them. // Looks for the DH params. If not there yet, create them.
// //
int size = DH_size(it->second.dh) ; int size = DH_size(it->second.dh) ;
unsigned char *key_buff = new unsigned char[size] ; RsTemporaryMemory key_buff(size) ;
if(size != DH_compute_key(key_buff,item->public_key,it->second.dh)) if(size != DH_compute_key(key_buff,item->public_key,it->second.dh))
{ {
@ -959,7 +959,6 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item)
assert(GXS_TUNNEL_AES_KEY_SIZE <= Sha1CheckSum::SIZE_IN_BYTES) ; assert(GXS_TUNNEL_AES_KEY_SIZE <= Sha1CheckSum::SIZE_IN_BYTES) ;
memcpy(pinfo.aes_key, RsDirUtil::sha1sum(key_buff,size).toByteArray(),GXS_TUNNEL_AES_KEY_SIZE) ; memcpy(pinfo.aes_key, RsDirUtil::sha1sum(key_buff,size).toByteArray(),GXS_TUNNEL_AES_KEY_SIZE) ;
delete[] key_buff ;
pinfo.last_contact = time(NULL) ; pinfo.last_contact = time(NULL) ;
pinfo.last_keep_alive_sent = time(NULL) ; pinfo.last_keep_alive_sent = time(NULL) ;
@ -1138,6 +1137,12 @@ bool p3GxsTunnelService::locked_sendClearTunnelData(RsGxsTunnelDHPublicKeyItem *
gitem->data_size = rssize + 8 ; gitem->data_size = rssize + 8 ;
gitem->data_bytes = malloc(rssize+8) ; gitem->data_bytes = malloc(rssize+8) ;
if(gitem->data_bytes == NULL)
{
std::cerr << "(EE) could not allocate " << rssize+8 << " bytes of data in " << __PRETTY_FUNCTION__ << std::endl;
delete gitem ;
return NULL ;
}
// by convention, we use a IV of 0 for unencrypted data. // by convention, we use a IV of 0 for unencrypted data.
memset(gitem->data_bytes,0,8) ; memset(gitem->data_bytes,0,8) ;
@ -1223,6 +1228,11 @@ bool p3GxsTunnelService::locked_sendEncryptedTunnelData(RsGxsTunnelItem *item)
gitem->data_size = encrypted_size + GXS_TUNNEL_ENCRYPTION_IV_SIZE + GXS_TUNNEL_ENCRYPTION_HMAC_SIZE ; gitem->data_size = encrypted_size + GXS_TUNNEL_ENCRYPTION_IV_SIZE + GXS_TUNNEL_ENCRYPTION_HMAC_SIZE ;
gitem->data_bytes = malloc(gitem->data_size) ; gitem->data_bytes = malloc(gitem->data_size) ;
if(gitem->data_bytes == NULL)
{
std::cerr << "(EE) cannot allocate " << gitem->data_size << " bytes of memory in " << __PRETTY_FUNCTION__<< std::endl;
return false ;
}
memcpy(& ((uint8_t*)gitem->data_bytes)[0] ,&IV,8) ; memcpy(& ((uint8_t*)gitem->data_bytes)[0] ,&IV,8) ;
unsigned int md_len = GXS_TUNNEL_ENCRYPTION_HMAC_SIZE ; unsigned int md_len = GXS_TUNNEL_ENCRYPTION_HMAC_SIZE ;
@ -1317,6 +1327,12 @@ bool p3GxsTunnelService::sendData(const RsGxsTunnelId &tunnel_id, uint32_t servi
item->service_id = service_id; item->service_id = service_id;
item->data_size = size; // encrypted data size item->data_size = size; // encrypted data size
item->data = (uint8_t*)malloc(size); // encrypted data item->data = (uint8_t*)malloc(size); // encrypted data
if(item->data == NULL)
{
std::cerr << "(EE) Cannot allocate " << size << " bytes of memory in " << __PRETTY_FUNCTION__ << std::endl;
delete item ;
}
item->PeerId(RsPeerId(tunnel_id)) ; item->PeerId(RsPeerId(tunnel_id)) ;
memcpy(item->data,data,size) ; memcpy(item->data,data,size) ;

View File

@ -40,6 +40,12 @@ PassphraseCallback PGPHandler::_passphrase_callback = NULL ;
ops_keyring_t *PGPHandler::allocateOPSKeyring() ops_keyring_t *PGPHandler::allocateOPSKeyring()
{ {
ops_keyring_t *kr = (ops_keyring_t*)malloc(sizeof(ops_keyring_t)) ; ops_keyring_t *kr = (ops_keyring_t*)malloc(sizeof(ops_keyring_t)) ;
if(kr == NULL)
{
std::cerr << "(EE) Cannot allocate memory for " << sizeof(ops_keyring_t) << " bytes in " << __PRETTY_FUNCTION__ << std::endl;
return NULL ;
}
kr->nkeys = 0 ; kr->nkeys = 0 ;
kr->nkeys_allocated = 0 ; kr->nkeys_allocated = 0 ;
kr->keys = 0 ; kr->keys = 0 ;

View File

@ -114,13 +114,16 @@ void ops_finish(void)
\note Should be freed after use with free(). \note Should be freed after use with free().
*/ */
void *ops_mallocz(size_t n) void *ops_mallocz(size_t n)
{ {
void *m=malloc(n); void *m=malloc(n);
if(m == NULL)
fprintf(stderr,"(EE) Cannot allocate %d bytes of memory in %s\n",n,__PRETTY_FUNCTION__) ;
else
memset(m,'\0',n); memset(m,'\0',n);
return m; return m;
} }
typedef struct typedef struct
{ {

View File

@ -434,6 +434,13 @@ bool p3VOIP::getIncomingData(const RsPeerId& peer_id,std::vector<RsVOIPDataChunk
chunk.size = (*it2)->data_size ; chunk.size = (*it2)->data_size ;
chunk.data = malloc((*it2)->data_size) ; chunk.data = malloc((*it2)->data_size) ;
if(chunk.data == NULL)
{
std::cerr << "(EE) p3VOIP::getIncomingData(): error. Cannot allocate memory for chunk of size " << chunk.size << std::endl;
delete *it2 ;
continue ;
}
uint32_t type_flags = (*it2)->flags & (RS_VOIP_FLAGS_AUDIO_DATA | RS_VOIP_FLAGS_VIDEO_DATA) ; uint32_t type_flags = (*it2)->flags & (RS_VOIP_FLAGS_AUDIO_DATA | RS_VOIP_FLAGS_VIDEO_DATA) ;
if(type_flags == RS_VOIP_FLAGS_AUDIO_DATA) if(type_flags == RS_VOIP_FLAGS_AUDIO_DATA)
chunk.type = RsVOIPDataChunk::RS_VOIP_DATA_TYPE_AUDIO ; chunk.type = RsVOIPDataChunk::RS_VOIP_DATA_TYPE_AUDIO ;