@@ -715,6 +715,7 @@ rdns_curve_send (struct rdns_request *req, void *plugin_data, | |||
boxed_len = req->pos + crypto_box_ZEROBYTES; | |||
m = malloc (boxed_len); | |||
if (m == NULL) { | |||
free(creq); | |||
return -1; | |||
} | |||
@@ -92,7 +92,7 @@ rdns_format_dns_name (struct rdns_resolver *resolver, const char *in, | |||
char *o; | |||
int labels = 0; | |||
size_t label_len, olen, remain; | |||
uint32_t *uclabel; | |||
uint32_t *uclabel = NULL; | |||
size_t punylabel_len, uclabel_len; | |||
char tmp_label[DNS_D_MAXLABEL]; | |||
bool need_encode = false; | |||
@@ -163,6 +163,7 @@ rdns_format_dns_name (struct rdns_resolver *resolver, const char *in, | |||
} | |||
free (uclabel); | |||
uclabel = NULL; | |||
if (dot) { | |||
p = dot + 1; | |||
@@ -230,9 +231,11 @@ rdns_format_dns_name (struct rdns_resolver *resolver, const char *in, | |||
return true; | |||
err: | |||
err: | |||
free (*out); | |||
*out = NULL; | |||
free (uclabel); | |||
return false; | |||
} | |||
@@ -351,6 +351,10 @@ rdns_parse_rr (struct rdns_resolver *resolver, | |||
case DNS_T_TXT: | |||
case DNS_T_SPF: | |||
if (datalen <= *remain) { | |||
if (datalen > UINT16_MAX / 2) { | |||
rdns_info ("too large datalen; domain %s", rep->requested_name); | |||
return -1; | |||
} | |||
elt->content.txt.data = malloc(datalen + 1); | |||
if (elt->content.txt.data == NULL) { | |||
rdns_err ("failed to allocate %d bytes for TXT record; domain %s", | |||
@@ -413,6 +417,10 @@ rdns_parse_rr (struct rdns_resolver *resolver, | |||
rdns_info ("stripped dns reply while reading TLSA record; domain %s", rep->requested_name); | |||
return -1; | |||
} | |||
if (datalen > UINT16_MAX / 2) { | |||
rdns_info ("too large datalen; domain %s", rep->requested_name); | |||
return -1; | |||
} | |||
GET8 (elt->content.tlsa.usage); | |||
GET8 (elt->content.tlsa.selector); | |||
GET8 (elt->content.tlsa.match_type); |
@@ -150,13 +150,7 @@ rdns_make_reply (struct rdns_request *req, enum dns_rcode rcode) | |||
rep->code = rcode; | |||
req->reply = rep; | |||
rep->authenticated = false; | |||
if (req) { | |||
rep->requested_name = req->requested_names[0].name; | |||
} | |||
else { | |||
rep->requested_name = NULL; | |||
} | |||
rep->requested_name = req->requested_names[0].name; | |||
} | |||
return rep; | |||
@@ -1133,4 +1127,6 @@ void rdns_resolver_set_fake_reply (struct rdns_resolver *resolver, | |||
HASH_ADD (hh, resolver->fake_elts, key, sizeof (*srch) + len, fake_rep); | |||
} | |||
free (srch); | |||
} |
@@ -207,7 +207,7 @@ rdns_make_client_socket (const char *credits, | |||
hints.ai_flags |= AI_NUMERICHOST | AI_NUMERICSERV; | |||
snprintf (portbuf, sizeof (portbuf), "%d", (int)port); | |||
if ((r = getaddrinfo (credits, portbuf, &hints, &res)) == 0) { | |||
if (getaddrinfo (credits, portbuf, &hints, &res) == 0) { | |||
r = rdns_make_inet_socket (type, res, psockaddr, psocklen); | |||
if (r != -1 && psockaddr) { | |||
@@ -217,6 +217,7 @@ rdns_make_client_socket (const char *credits, | |||
if (cpy == NULL) { | |||
close (r); | |||
freeaddrinfo (res); | |||
return -1; | |||
} |
@@ -685,6 +685,8 @@ ucl_parser_add_container (ucl_object_t *obj, struct ucl_parser *parser, | |||
ucl_object_unref (obj); | |||
} | |||
UCL_FREE(sizeof (struct ucl_stack), st); | |||
return NULL; | |||
} | |||
@@ -2888,7 +2890,9 @@ ucl_parser_add_chunk_full (struct ucl_parser *parser, const unsigned char *data, | |||
if (!special_handler->handler (parser, data, len, &ndata, &nlen, | |||
special_handler->user_data)) { | |||
UCL_FREE(sizeof (struct ucl_chunk), chunk); | |||
ucl_create_err (&parser->err, "call for external handler failed"); | |||
return false; | |||
} | |||
@@ -887,44 +887,49 @@ ucl_fetch_file (const unsigned char *filename, unsigned char **buf, size_t *bufl | |||
{ | |||
int fd; | |||
struct stat st; | |||
if ((fd = open (filename, O_RDONLY)) == -1) { | |||
ucl_create_err (err, "cannot open file %s: %s", | |||
filename, strerror (errno)); | |||
return false; | |||
} | |||
if (stat (filename, &st) == -1) { | |||
if (fstat (fd, &st) == -1) { | |||
if (must_exist || errno == EPERM) { | |||
ucl_create_err (err, "cannot stat file %s: %s", | |||
filename, strerror (errno)); | |||
} | |||
close (fd); | |||
return false; | |||
} | |||
if (!S_ISREG (st.st_mode)) { | |||
if (must_exist) { | |||
ucl_create_err (err, "file %s is not a regular file", filename); | |||
} | |||
close (fd); | |||
return false; | |||
} | |||
if (st.st_size == 0) { | |||
/* Do not map empty files */ | |||
*buf = NULL; | |||
*buflen = 0; | |||
} | |||
else { | |||
if ((fd = open (filename, O_RDONLY)) == -1) { | |||
ucl_create_err (err, "cannot open file %s: %s", | |||
filename, strerror (errno)); | |||
return false; | |||
} | |||
if ((*buf = ucl_mmap (NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0)) == MAP_FAILED) { | |||
close (fd); | |||
ucl_create_err (err, "cannot mmap file %s: %s", | |||
filename, strerror (errno)); | |||
if ((*buf = ucl_mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0)) == MAP_FAILED) { | |||
close(fd); | |||
ucl_create_err(err, "cannot mmap file %s: %s", | |||
filename, strerror(errno)); | |||
*buf = NULL; | |||
return false; | |||
} | |||
*buflen = st.st_size; | |||
close (fd); | |||
} | |||
close (fd); | |||
return true; | |||
} | |||
@@ -1136,6 +1141,10 @@ ucl_include_file_single (const unsigned char *data, size_t len, | |||
/* We need to check signature first */ | |||
snprintf (filebuf, sizeof (filebuf), "%s.sig", realbuf); | |||
if (!ucl_fetch_file (filebuf, &sigbuf, &siglen, &parser->err, true)) { | |||
if (buf) { | |||
ucl_munmap (buf, buflen); | |||
} | |||
return false; | |||
} | |||
if (!ucl_sig_check (buf, buflen, sigbuf, siglen, parser)) { | |||
@@ -1145,8 +1154,13 @@ ucl_include_file_single (const unsigned char *data, size_t len, | |||
if (sigbuf) { | |||
ucl_munmap (sigbuf, siglen); | |||
} | |||
if (buf) { | |||
ucl_munmap (buf, buflen); | |||
} | |||
return false; | |||
} | |||
if (sigbuf) { | |||
ucl_munmap (sigbuf, siglen); | |||
} | |||
@@ -1255,6 +1269,8 @@ ucl_include_file_single (const unsigned char *data, size_t len, | |||
ucl_munmap (buf, buflen); | |||
} | |||
ucl_object_unref (new_obj); | |||
return false; | |||
} | |||
nest_obj->prev = nest_obj; |