diff options
| -rw-r--r-- | RELNOTES | 5 | ||||
| -rw-r--r-- | client/dhc6.c | 4 | ||||
| -rw-r--r-- | common/ctrace.c | 7 | ||||
| -rw-r--r-- | server/dhcpd.c | 2 | ||||
| -rw-r--r-- | server/ldap.c | 4 | ||||
| -rw-r--r-- | server/omapi.c | 2 | ||||
| -rw-r--r-- | server/salloc.c | 15 |
7 files changed, 33 insertions, 6 deletions
@@ -54,6 +54,11 @@ by Eric Young (eay@cryptsoft.com). Changes since 4.3.3 +- Fixed several potential null references. Thanks to Bill Parker + (wp02855 at gmail dot com) who identified these issues and supplied + patches to address them. + [ISC-Bugs #40754] + - The linux packet fitler code now correctly treats only least significant 12 bits an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q). Prior to this it was using the entire 16 bit value as the VLAN id and diff --git a/client/dhc6.c b/client/dhc6.c index 093271f9..41c27f46 100644 --- a/client/dhc6.c +++ b/client/dhc6.c @@ -469,6 +469,10 @@ dhc6_dup_ia(struct dhc6_ia *ia, const char *file, int line) struct dhc6_addr **insert_addr, *addr; copy = dmalloc(sizeof(*ia), file, line); + if (copy == NULL) { + log_error("Out of memory for v6 duplicate IA structure."); + return NULL; + } memcpy(copy->iaid, ia->iaid, sizeof(copy->iaid)); diff --git a/common/ctrace.c b/common/ctrace.c index 578ea5e7..63520242 100644 --- a/common/ctrace.c +++ b/common/ctrace.c @@ -84,6 +84,13 @@ void trace_interface_input (trace_type_t *ttype, unsigned len, char *buf) */ ip->address_count = ip->address_max = 1; ip->addresses = dmalloc(sizeof(*ip->addresses), MDL); + if (!ip->addresses) { + dfree(ip->ifp, MDL); + ip->ifp = NULL; + interface_dereference (&ip, MDL); + status = ISC_R_NOMEMORY; + goto foo; + } memcpy(ip->addresses, &tipkt->primary_address, sizeof(*ip->addresses)); memcpy (ip -> name, tipkt -> name, sizeof ip -> name); ip -> index = ntohl (tipkt -> index); diff --git a/server/dhcpd.c b/server/dhcpd.c index f61f1235..ab73443a 100644 --- a/server/dhcpd.c +++ b/server/dhcpd.c @@ -1279,6 +1279,8 @@ int dhcpd_interface_setup_hook (struct interface_info *ip, struct iaddr *ia) log_fatal ("No memory for shared subnet: %s", isc_result_totext (status)); ip -> shared_network -> name = dmalloc (strlen (fnn) + 1, MDL); + if (!ip -> shared_network -> name) + log_fatal("no memory for shared network"); strcpy (ip -> shared_network -> name, fnn); return 1; } diff --git a/server/ldap.c b/server/ldap.c index 2893b823..a5f79eb3 100644 --- a/server/ldap.c +++ b/server/ldap.c @@ -1061,6 +1061,10 @@ add_to_config_stack (LDAPMessage * res, LDAPMessage * ent) struct ldap_config_stack *ns; ns = dmalloc (sizeof (*ns), MDL); + if (!ns) { + log_fatal ("no memory for add_to_config_stack()"); + } + ns->res = res; ns->ldent = ent; ns->close_brace = 0; diff --git a/server/omapi.c b/server/omapi.c index 962aef88..66f8f712 100644 --- a/server/omapi.c +++ b/server/omapi.c @@ -2108,6 +2108,8 @@ static isc_result_t class_lookup (omapi_object_t **lp, status = omapi_get_value_str(ref, id, "name", &nv); if (status == ISC_R_SUCCESS) { char *name = dmalloc(nv->value->u.buffer.len + 1, MDL); + if (name == NULL) + return (ISC_R_NOMEMORY); memcpy (name, nv->value->u.buffer.value, nv->value->u.buffer.len); diff --git a/server/salloc.c b/server/salloc.c index 47ff7abf..164b2e59 100644 --- a/server/salloc.c +++ b/server/salloc.c @@ -3,7 +3,7 @@ Memory allocation for the DHCP server... */ /* - * Copyright (c) 2009,2012,2014 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 2009,2012,2014-2015 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 1996-2003 by Internet Software Consortium * @@ -79,6 +79,7 @@ void relinquish_lease_hunks () dfree(c, MDL); } } + #endif struct lease *new_leases (n, file, line) @@ -89,11 +90,13 @@ struct lease *new_leases (n, file, line) struct lease *rval; #if defined (DEBUG_MEMORY_LEAKAGE_ON_EXIT) rval = dmalloc ((n + 1) * sizeof (struct lease), file, line); - memset (rval, 0, sizeof (struct lease)); - rval -> starts = n; - rval -> next = lease_hunks; - lease_hunks = rval; - rval++; + if (rval != NULL) { + memset (rval, 0, sizeof (struct lease)); + rval -> starts = n; + rval -> next = lease_hunks; + lease_hunks = rval; + rval++; + } #else rval = dmalloc (n * sizeof (struct lease), file, line); #endif |