diff options
author | Tony Garnock-Jones <tonygarnockjones@gmail.com> | 2010-04-16 11:05:35 +1200 |
---|---|---|
committer | Tony Garnock-Jones <tonygarnockjones@gmail.com> | 2010-04-16 11:05:35 +1200 |
commit | c3a1d3b60e7bf4913e971b80226ce04780d91594 (patch) | |
tree | ee72c7e4c2c6171ec8058fba06641e43be7f3225 | |
parent | c49ffc97f70148fdb7b201d23e39c06a05575b59 (diff) | |
download | rabbitmq-c-github-ask-c3a1d3b60e7bf4913e971b80226ce04780d91594.tar.gz |
Check results of amqp_pool_alloc() and friends.
-rw-r--r-- | librabbitmq/amqp_connection.c | 6 | ||||
-rw-r--r-- | librabbitmq/amqp_socket.c | 17 | ||||
-rw-r--r-- | librabbitmq/amqp_table.c | 14 | ||||
-rw-r--r-- | librabbitmq/codegen.py | 2 |
4 files changed, 36 insertions, 3 deletions
diff --git a/librabbitmq/amqp_connection.c b/librabbitmq/amqp_connection.c index 610de19..8623eed 100644 --- a/librabbitmq/amqp_connection.c +++ b/librabbitmq/amqp_connection.c @@ -195,6 +195,12 @@ int amqp_handle_input(amqp_connection_state_t state, if (state->state == CONNECTION_STATE_IDLE) { state->inbound_buffer.bytes = amqp_pool_alloc(&state->frame_pool, state->inbound_buffer.len); + if (state->inbound_buffer.bytes == NULL) { + /* state->inbound_buffer.len is always nonzero, because it + corresponds to frame_max, which is not permitted to be less + than AMQP_FRAME_MIN_SIZE (currently 4096 bytes). */ + return -ENOMEM; + } state->state = CONNECTION_STATE_WAITING_FOR_HEADER; } diff --git a/librabbitmq/amqp_socket.c b/librabbitmq/amqp_socket.c index 09dc841..d16c319 100644 --- a/librabbitmq/amqp_socket.c +++ b/librabbitmq/amqp_socket.c @@ -140,6 +140,11 @@ static amqp_bytes_t sasl_response(amqp_pool_t *pool, char *password = va_arg(args, char *); size_t password_len = strlen(password); amqp_pool_alloc_bytes(pool, strlen(username) + strlen(password) + 2, &response); + if (response.bytes == NULL) { + /* We never request a zero-length block, because of the +2 + above, so a NULL here really is ENOMEM. */ + return response; + } *BUF_AT(response, 0) = 0; memcpy(((char *) response.bytes) + 1, username, username_len); *BUF_AT(response, username_len + 1) = 0; @@ -317,6 +322,12 @@ amqp_rpc_reply_t amqp_simple_rpc(amqp_connection_state_t state, amqp_frame_t *frame_copy = amqp_pool_alloc(&state->decoding_pool, sizeof(amqp_frame_t)); amqp_link_t *link = amqp_pool_alloc(&state->decoding_pool, sizeof(amqp_link_t)); + if (frame_copy == NULL || link == NULL) { + result.reply_type = AMQP_RESPONSE_LIBRARY_EXCEPTION; + result.library_errno = ENOMEM; + return result; + } + *frame_copy = frame; link->next = NULL; @@ -370,7 +381,11 @@ static int amqp_login_inner(amqp_connection_state_t state, { amqp_bytes_t response_bytes = sasl_response(&state->decoding_pool, sasl_method, vl); - amqp_connection_start_ok_t s = + amqp_connection_start_ok_t s; + if (response_bytes.bytes == NULL) { + return -ENOMEM; + } + s = (amqp_connection_start_ok_t) { .client_properties = {.num_entries = 0, .entries = NULL}, .mechanism = sasl_method_name(sasl_method), diff --git a/librabbitmq/amqp_table.c b/librabbitmq/amqp_table.c index fda85cb..25c5932 100644 --- a/librabbitmq/amqp_table.c +++ b/librabbitmq/amqp_table.c @@ -114,8 +114,13 @@ static int amqp_decode_array(amqp_bytes_t encoded, output->num_entries = num_entries; output->entries = amqp_pool_alloc(pool, num_entries * sizeof(amqp_field_value_t)); - memcpy(output->entries, entries, num_entries * sizeof(amqp_field_value_t)); + if (output->entries == NULL && num_entries > 0) { + /* NULL is legitimate if we requested a zero-length block. */ + free(entries); + return -ENOMEM; + } + memcpy(output->entries, entries, num_entries * sizeof(amqp_field_value_t)); free(entries); *offsetptr = offset; @@ -174,8 +179,13 @@ int amqp_decode_table(amqp_bytes_t encoded, output->num_entries = num_entries; output->entries = amqp_pool_alloc(pool, num_entries * sizeof(amqp_table_entry_t)); - memcpy(output->entries, entries, num_entries * sizeof(amqp_table_entry_t)); + if (output->entries == NULL && num_entries > 0) { + /* NULL is legitimate if we requested a zero-length block. */ + free(entries); + return -ENOMEM; + } + memcpy(output->entries, entries, num_entries * sizeof(amqp_table_entry_t)); free(entries); *offsetptr = offset; diff --git a/librabbitmq/codegen.py b/librabbitmq/codegen.py index 4f236a2..7683783 100644 --- a/librabbitmq/codegen.py +++ b/librabbitmq/codegen.py @@ -169,6 +169,7 @@ def genErl(spec): print " case %s: {" % (m.defName(),) print " %s *m = (%s *) amqp_pool_alloc(pool, sizeof(%s));" % \ (m.structName(), m.structName(), m.structName()) + print " if (m == NULL) { return -ENOMEM; }" bitindex = None for f in m.arguments: if spec.resolveDomain(f.domain) == 'bit': @@ -193,6 +194,7 @@ def genErl(spec): print " case %d: {" % (c.index,) print " %s *p = (%s *) amqp_pool_alloc(pool, sizeof(%s));" % \ (c.structName(), c.structName(), c.structName()) + print " if (p == NULL) { return -ENOMEM; }" print " p->_flags = flags;" for f in c.fields: if spec.resolveDomain(f.domain) == 'bit': |