diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2008-11-14 16:42:05 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2008-11-14 16:42:05 +0000 |
| commit | a65ce7b107a93d0f83fc91a6b0d67c93cec4caa4 (patch) | |
| tree | 4291325215285bbacd1b828bd03e666bc0a76086 | |
| parent | 2249c12a3c2737e50d81962040dd36990aa16600 (diff) | |
check for NULL returns from strdup() - reported by Jim Meyering
also prevent buffer overflow on MSDOS when you do for example -O on a url
with a file name part longer than PATH_MAX letters
| -rw-r--r-- | src/main.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/src/main.c b/src/main.c index 6b57efce3..f325106ec 100644 --- a/src/main.c +++ b/src/main.c @@ -4284,11 +4284,17 @@ operate(struct Configurable *config, int argc, argv_item_t argv[]) { /* This is for DOS, and then we do some major replacing of bad characters in the file name before using it */ - char file1 [PATH_MAX]; - + char file1[PATH_MAX]; + if(strlen(outfile) >= PATH_MAX) + outfile[PATH_MAX-1]=0; /* cut it */ strcpy(file1, msdosify(outfile)); - free (outfile); - outfile = strdup (rename_if_dos_device_name(file1)); + free(outfile); + + outfile = strdup(rename_if_dos_device_name(file1)); + if(!outfile) { + res = CURLE_OUT_OF_MEMORY; + break; + } } #endif /* MSDOS */ } @@ -5146,12 +5152,19 @@ static char *my_get_line(FILE *fp) do { if (NULL == fgets(buf, sizeof(buf), fp)) break; - if (NULL == retval) + if (NULL == retval) { retval = strdup(buf); + if(!retval) + return NULL; + } else { - if (NULL == (retval = realloc(retval, - strlen(retval) + strlen(buf) + 1))) - break; + char *ptr; + ptr = realloc(retval, strlen(retval) + strlen(buf) + 1); + if (NULL == ptr) { + free(retval); + return NULL; + } + retval = ptr; strcat(retval, buf); } } |