From commits-return-7602-archive-asf-public=cust-asf.ponee.io@nuttx.apache.org Sat Apr 18 16:08:17 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 76ECE18066D for ; Sat, 18 Apr 2020 18:08:17 +0200 (CEST) Received: (qmail 41455 invoked by uid 500); 18 Apr 2020 16:08:16 -0000 Mailing-List: contact commits-help@nuttx.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@nuttx.apache.org Delivered-To: mailing list commits@nuttx.apache.org Received: (qmail 41437 invoked by uid 99); 18 Apr 2020 16:08:16 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Apr 2020 16:08:16 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id BA17E8B6B5; Sat, 18 Apr 2020 16:08:16 +0000 (UTC) Date: Sat, 18 Apr 2020 16:08:17 +0000 To: "commits@nuttx.apache.org" Subject: [incubator-nuttx-apps] 01/04: nshlib/nsh_codeccmd.c: fix potential NULL dereference and check malloc return values MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit From: gnutt@apache.org In-Reply-To: <158722609666.16893.5369346369878009904@gitbox.apache.org> References: <158722609666.16893.5369346369878009904@gitbox.apache.org> X-Git-Host: gitbox.apache.org X-Git-Repo: incubator-nuttx-apps X-Git-Refname: refs/heads/releases/9.0 X-Git-Reftype: branch X-Git-Rev: 408d73903e2e5bd4ca7f38154be50f0e5f7d8025 X-Git-NotificationType: diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated Message-Id: <20200418160816.BA17E8B6B5@gitbox.apache.org> This is an automated email from the ASF dual-hosted git repository. gnutt pushed a commit to branch releases/9.0 in repository https://gitbox.apache.org/repos/asf/incubator-nuttx-apps.git commit 408d73903e2e5bd4ca7f38154be50f0e5f7d8025 Author: Juha Niskanen AuthorDate: Thu Apr 16 13:36:21 2020 +0300 nshlib/nsh_codeccmd.c: fix potential NULL dereference and check malloc return values --- nshlib/nsh_codeccmd.c | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/nshlib/nsh_codeccmd.c b/nshlib/nsh_codeccmd.c index e106f9a..a2ed61a 100644 --- a/nshlib/nsh_codeccmd.c +++ b/nshlib/nsh_codeccmd.c @@ -156,7 +156,7 @@ static void urlencode_cb(FAR char *src, int srclen, FAR char *dest, static void urldecode_cb(FAR char *src, int srclen, FAR char *dest, FAR int *destlen, int mode) { - urldecode(src,srclen,dest,destlen); + urldecode(src, srclen, dest, destlen); } #endif @@ -359,7 +359,13 @@ static int cmd_codecs_proc(FAR struct nsh_vtbl_s *vtbl, int argc, char **argv, goto exit; } - srcbuf = malloc(CONFIG_NSH_CODECS_BUFSIZE+2); + srcbuf = malloc(CONFIG_NSH_CODECS_BUFSIZE + 2); + if (!srcbuf) + { + fmt = g_fmtcmdoutofmemory; + goto errout; + } + #ifdef HAVE_CODECS_BASE64ENC if (mode == CODEC_MODE_BASE64ENC) { @@ -371,19 +377,25 @@ static int cmd_codecs_proc(FAR struct nsh_vtbl_s *vtbl, int argc, char **argv, srclen = CONFIG_NSH_CODECS_BUFSIZE; } - buflen = calc_codec_buffsize(srclen+2, mode); + buflen = calc_codec_buffsize(srclen + 2, mode); destbuf = malloc(buflen); + if (!destbuf) + { + fmt = g_fmtcmdoutofmemory; + goto errout; + } + while (true) { - memset(srcbuf, 0, srclen+2); - ret=read(fd, srcbuf, srclen); + memset(srcbuf, 0, srclen + 2); + ret = read(fd, srcbuf, srclen); if (ret < 0) { nsh_error(vtbl, g_fmtcmdfailed, argv[0], "read", NSH_ERRNO); ret = ERROR; goto exit; } - else if (ret==0) + else if (ret == 0) { break; } @@ -391,13 +403,13 @@ static int cmd_codecs_proc(FAR struct nsh_vtbl_s *vtbl, int argc, char **argv, #ifdef HAVE_CODECS_URLDECODE if (mode == CODEC_MODE_URLDECODE) { - if (srcbuf[srclen-1]=='%') + if (srcbuf[srclen - 1] == '%') { - ret += read(fd,&srcbuf[srclen],2); + ret += read(fd, &srcbuf[srclen], 2); } - else if (srcbuf[srclen-2]=='%') + else if (srcbuf[srclen - 2] == '%') { - ret += read(fd,&srcbuf[srclen],1); + ret += read(fd, &srcbuf[srclen], 1); } } #endif @@ -407,17 +419,17 @@ static int cmd_codecs_proc(FAR struct nsh_vtbl_s *vtbl, int argc, char **argv, #ifdef HAVE_CODECS_HASH_MD5 if (mode == CODEC_MODE_HASH_MD5) { - func(srcbuf, ret, (char *)&ctx, &buflen,0); + func(srcbuf, ret, (char *)&ctx, &buflen, 0); } else #endif { - func(srcbuf, ret, destbuf, &buflen,(iswebsafe)?1:0); + func(srcbuf, ret, destbuf, &buflen, iswebsafe ? 1 : 0); nsh_output(vtbl, "%s", destbuf); } } - buflen = calc_codec_buffsize(srclen+2, mode); + buflen = calc_codec_buffsize(srclen + 2, mode); } #ifdef HAVE_CODECS_HASH_MD5 @@ -447,7 +459,6 @@ static int cmd_codecs_proc(FAR struct nsh_vtbl_s *vtbl, int argc, char **argv, srclen = strlen(sdata); buflen = calc_codec_buffsize(srclen, mode); destbuf = malloc(buflen); - destbuf[0]=0; if (!destbuf) { fmt = g_fmtcmdoutofmemory; @@ -477,11 +488,11 @@ static int cmd_codecs_proc(FAR struct nsh_vtbl_s *vtbl, int argc, char **argv, else #endif { - func(srcbuf, srclen, destbuf, &buflen,(iswebsafe)?1:0); + func(srcbuf, srclen, destbuf, &buflen, iswebsafe ? 1 : 0); } } - nsh_output(vtbl, "%s\n",destbuf); + nsh_output(vtbl, "%s\n", destbuf); srcbuf = NULL; goto exit; }