[Asterisk-code-review] fix: memory leaks, resource leaks, out of bounds and bugs (asterisk[13])

Anonymous Coward asteriskteam at digium.com
Tue Jun 21 07:02:19 CDT 2016


Anonymous Coward #1000019 has submitted this change and it was merged.

Change subject: fix: memory leaks, resource leaks, out of bounds and bugs
......................................................................


fix: memory leaks, resource leaks, out of bounds and bugs

ASTERISK-26119 #close

Change-Id: Iecbf7d0f360a021147344c4e83ab242fd1e7512c
---
M main/ast_expr2.c
M main/ast_expr2.y
M main/say.c
M res/ael/pval.c
M res/res_phoneprov.c
M res/res_pjsip_sdp_rtp.c
6 files changed, 74 insertions(+), 25 deletions(-)

Approvals:
  Richard Mudgett: Looks good to me, but someone else must approve
  Anonymous Coward #1000019: Verified
  Joshua Colp: Looks good to me, approved



diff --git a/main/ast_expr2.c b/main/ast_expr2.c
index a9e4eff..781abd9 100644
--- a/main/ast_expr2.c
+++ b/main/ast_expr2.c
@@ -3668,13 +3668,20 @@
 	/* strip double quotes from both -- */
 	strip_quotes(a);
 	strip_quotes(b);
-	
+
 	vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
+	if (vs == NULL) {
+		ast_log(LOG_WARNING, "malloc() failed\n");
+		return NULL;
+	}
+
 	strcpy(vs,a->u.s);
 	strcat(vs,b->u.s);
 
 	v = make_str(vs);
 
+	free(vs);
+
 	/* free arguments */
 	free_value(a);
 	free_value(b);
diff --git a/main/ast_expr2.y b/main/ast_expr2.y
index 869dfe9..913bc26 100644
--- a/main/ast_expr2.y
+++ b/main/ast_expr2.y
@@ -1661,13 +1661,20 @@
 	/* strip double quotes from both -- */
 	strip_quotes(a);
 	strip_quotes(b);
-	
+
 	vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
+	if (vs == NULL) {
+		ast_log(LOG_WARNING, "malloc() failed\n");
+		return NULL;
+	}
+
 	strcpy(vs,a->u.s);
 	strcat(vs,b->u.s);
 
 	v = make_str(vs);
 
+	free(vs);
+
 	/* free arguments */
 	free_value(a);
 	free_value(b);
diff --git a/main/say.c b/main/say.c
index ef80dfa..51dc4e2 100644
--- a/main/say.c
+++ b/main/say.c
@@ -7948,9 +7948,9 @@
                      /* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
                      case '\'':
                              /* Literal name of a sound file */
-                             sndoffset=0;
-                             for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < 256) ; sndoffset++)
+                             for (sndoffset = 0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
                                      sndfile[sndoffset] = format[offset];
+                             }
                              sndfile[sndoffset] = '\0';
                              res = wait_file(chan,ints,sndfile,lang);
                              break;
diff --git a/res/ael/pval.c b/res/ael/pval.c
index d72ef0d..07545f6 100644
--- a/res/ael/pval.c
+++ b/res/ael/pval.c
@@ -3355,9 +3355,9 @@
 #ifdef OLD_RAND_ACTION
 	struct ael_priority *rand_test, *rand_end, *rand_skip;
 #endif
-	char *buf1;
-	char *buf2;
-	char *new_label;
+	RAII_VAR(char *, buf1, NULL, free);
+	RAII_VAR(char *, buf2, NULL, free);
+	RAII_VAR(char *, new_label, NULL, free);
 	char *strp, *strp2;
 	int default_exists;
 	int local_control_statement_count;
@@ -4191,9 +4191,6 @@
 			break;
 		}
 	}
-	free(buf1);
-	free(buf2);
-	free(new_label);
 	return 0;
 }
 
@@ -5052,7 +5049,10 @@
 pval *pvalCreateNode( pvaltype type )
 {
 	pval *p = calloc(1,sizeof(pval)); /* why, oh why, don't I use ast_calloc? Way, way, way too messy if I do! */
-	p->type = type;                   /* remember, this can be used externally or internally to asterisk */
+					  /* remember, this can be used externally or internally to asterisk */
+	if (p) {
+		p->type = type;
+	}
 	return p;
 }
 
@@ -5413,14 +5413,30 @@
 
 void pvalIncludesAddIncludeWithTimeConstraints( pval *p, const char *include, char *hour_range, char *dom_range, char *dow_range, char *month_range )
 {
-	pval *hr = pvalCreateNode(PV_WORD);
-	pval *dom = pvalCreateNode(PV_WORD);
-	pval *dow = pvalCreateNode(PV_WORD);
-	pval *mon = pvalCreateNode(PV_WORD);
-	pval *s = pvalCreateNode(PV_WORD);
-	
-	if (!pvalCheckType(p, "pvalIncludeAddIncludeWithTimeConstraints", PV_INCLUDES))
+	pval *hr;
+	pval *dom;
+	pval *dow;
+	pval *mon;
+	pval *s;
+
+	if (!pvalCheckType(p, "pvalIncludeAddIncludeWithTimeConstraints", PV_INCLUDES)) {
 		return;
+	}
+
+	hr = pvalCreateNode(PV_WORD);
+	dom = pvalCreateNode(PV_WORD);
+	dow = pvalCreateNode(PV_WORD);
+	mon = pvalCreateNode(PV_WORD);
+	s = pvalCreateNode(PV_WORD);
+
+	if (!hr || !dom || !dow || !mon || !s) {
+		destroy_pval(hr);
+		destroy_pval(dom);
+		destroy_pval(dow);
+		destroy_pval(mon);
+		destroy_pval(s);
+		return;
+	}
 
 	s->u1.str = (char *)include;
 	p->u1.list = linku1(p->u1.list, s);
@@ -5667,12 +5683,28 @@
 
 void pvalIfTimeSetCondition( pval *p, char *hour_range, char *dow_range, char *dom_range, char *mon_range )  /* time range format: 24-hour format begin-end|dow range|dom range|month range */
 {
-	pval *hr = pvalCreateNode(PV_WORD);
-	pval *dow = pvalCreateNode(PV_WORD);
-	pval *dom = pvalCreateNode(PV_WORD);
-	pval *mon = pvalCreateNode(PV_WORD);
-	if (!pvalCheckType(p, "pvalIfTimeSetCondition", PV_IFTIME))
+	pval *hr;
+	pval *dow;
+	pval *dom;
+	pval *mon;
+
+	if (!pvalCheckType(p, "pvalIfTimeSetCondition", PV_IFTIME)) {
 		return;
+	}
+
+	hr = pvalCreateNode(PV_WORD);
+	dow = pvalCreateNode(PV_WORD);
+	dom = pvalCreateNode(PV_WORD);
+	mon = pvalCreateNode(PV_WORD);
+
+	if (!hr || !dom || !dow || !mon) {
+		destroy_pval(hr);
+		destroy_pval(dom);
+		destroy_pval(dow);
+		destroy_pval(mon);
+		return;
+	}
+
 	pvalWordSetString(hr, hour_range);
 	pvalWordSetString(dow, dow_range);
 	pvalWordSetString(dom, dom_range);
diff --git a/res/res_phoneprov.c b/res/res_phoneprov.c
index df93c5b..71f8757 100644
--- a/res/res_phoneprov.c
+++ b/res/res_phoneprov.c
@@ -410,10 +410,13 @@
 	fseek(f, 0, SEEK_END);
 	len = ftell(f);
 	fseek(f, 0, SEEK_SET);
-	if (!(*ret = ast_malloc(len + 1)))
+	if (!(*ret = ast_malloc(len + 1))) {
+		fclose(f);
 		return -2;
+	}
 
 	if (len != fread(*ret, sizeof(char), len, f)) {
+		fclose(f);
 		free(*ret);
 		*ret = NULL;
 		return -3;
diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c
index 18a7f3f..029eb5d 100644
--- a/res/res_pjsip_sdp_rtp.c
+++ b/res/res_pjsip_sdp_rtp.c
@@ -420,7 +420,7 @@
 		*++tmp = '\0';
 		/* ast...generate gives us everything, just need value */
 		tmp = strchr(ast_str_buffer(fmtp0), ':');
-		if (tmp && tmp + 1) {
+		if (tmp && tmp[1] != '\0') {
 			fmtp1 = pj_str(tmp + 1);
 		} else {
 			fmtp1 = pj_str(ast_str_buffer(fmtp0));

-- 
To view, visit https://gerrit.asterisk.org/3036
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iecbf7d0f360a021147344c4e83ab242fd1e7512c
Gerrit-PatchSet: 6
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Alexei Gradinari <alex2grad at gmail.com>
Gerrit-Reviewer: Alexei Gradinari <alex2grad at gmail.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Mark Michelson <mmichelson at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Scott Griepentrog <sgriepentrog at digium.com>
Gerrit-Reviewer: ibercom <ibercom123 at gmail.com>



More information about the asterisk-code-review mailing list