ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

4110. [bug] Address memory leaks / null pointer dereferences

Browse Source 
on out of memory. [RT #39310]

(cherry picked from commit b292230ab8)
This commit is contained in:
Mark Andrews
2015-04-29 03:16:50 +10:00
parent 7dc09dd9ab
commit fdb83d87d6
8 changed files with 41 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
bin/tests/sock_test.c
View File

@@ -61,7 +61,8 @@ my_send(isc_task_t *task, isc_event_t *event) {
isc_task_shutdown(task);
}
isc_mem_put(mctx, dev->region.base, dev->region.length);
if (dev->region.base != NULL)
isc_mem_put(mctx, dev->region.base, dev->region.length);
isc_event_free(&event);
}
@@ -96,8 +97,8 @@ my_recv(isc_task_t *task, isc_event_t *event) {
if (dev->result != ISC_R_SUCCESS) {
isc_socket_detach(&sock);
isc_mem_put(mctx, dev->region.base,
dev->region.length);
if (dev->region.base != NULL)
isc_mem_put(mctx, dev->region.base, dev->region.length);
isc_event_free(&event);
isc_task_shutdown(task);
@@ -112,8 +113,11 @@ my_recv(isc_task_t *task, isc_event_t *event) {
sprintf(buf, "\r\nReceived: %.*s\r\n\r\n",
(int)dev->n, (char *)region.base);
region.base = isc_mem_get(mctx, strlen(buf) + 1);
region.length = strlen(buf) + 1;
strcpy((char *)region.base, buf); /* strcpy is safe */
if (region.base != NULL) {
region.length = strlen(buf) + 1;
strcpy((char *)region.base, buf); /* strcpy is safe */
} else
region.length = 0;
isc_socket_send(sock, &region, task, my_send, event->ev_arg);
} else {
region = dev->region;
@@ -143,6 +147,8 @@ my_http_get(isc_task_t *task, isc_event_t *event) {
if (dev->result != ISC_R_SUCCESS) {
isc_socket_detach(&sock);
isc_task_shutdown(task);
if (dev->region.base != NULL)
isc_mem_put(mctx, dev->region.base, dev->region.length);
isc_event_free(&event);
return;
}
@@ -179,8 +185,11 @@ my_connect(isc_task_t *task, isc_event_t *event) {
strcpy(buf, "GET / HTTP/1.1\r\nHost: www.flame.org\r\n"
"Connection: Close\r\n\r\n");
region.base = isc_mem_get(mctx, strlen(buf) + 1);
region.length = strlen(buf) + 1;
strcpy((char *)region.base, buf); /* This strcpy is safe. */
if (region.base != NULL) {
region.length = strlen(buf) + 1;
strcpy((char *)region.base, buf); /* This strcpy is safe. */
} else
region.length = 0;
isc_socket_send(sock, &region, task, my_http_get, event->ev_arg);