doh: fix memory leak in OOM situation

Reviewed-by: Daniel Gustafsson Closes #3342
author: Daniel Stenberg <daniel@haxx.se> 2018-12-05 15:21:27 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2018-12-06 09:52:38 +0100
commit: d506df860fb239bfa2f0d5f3e407eff1fef87f94 (patch)
tree: 0768ef2268f89534b37ce5cdf891dfd663d6f2b2
parent: 027d66e5f1b6946257ecf3bca2d4983579e461cf (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/doh.c b/lib/doh.c
index e2cabb450..1e76c96f9 100644
--- a/lib/doh.c
+++ b/lib/doh.c
@@ -32,6 +32,7 @@
 #include "share.h"
 #include "curl_base64.h"
 #include "connect.h"
+#include "strdup.h"
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
 #include "curl_memory.h"
@@ -142,8 +143,8 @@ doh_write_cb(void *contents, size_t size, size_t nmemb, void *userp)
     /* suspiciously much for us */
     return 0;
 
-  mem->memory = realloc(mem->memory, mem->size + realsize);
-  if(mem->memory == NULL)
+  mem->memory = Curl_saferealloc(mem->memory, mem->size + realsize);
+  if(!mem->memory)
     /* out of memory! */
     return 0;
 
@@ -525,7 +526,7 @@ UNITTEST DOHcode doh_decode(unsigned char *doh,
 
   if(dohlen < 12)
     return DOH_TOO_SMALL_BUFFER; /* too small */
-  if(doh[0] || doh[1])
+  if(!doh || doh[0] || doh[1])
     return DOH_DNS_BAD_ID; /* bad ID */
   rcode = doh[3] & 0x0f;
   if(rcode)
author	Daniel Stenberg <daniel@haxx.se>	2018-12-05 15:21:27 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2018-12-06 09:52:38 +0100
commit	d506df860fb239bfa2f0d5f3e407eff1fef87f94 (patch)
tree	0768ef2268f89534b37ce5cdf891dfd663d6f2b2
parent	027d66e5f1b6946257ecf3bca2d4983579e461cf (diff)