From a65ce7b107a93d0f83fc91a6b0d67c93cec4caa4 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 14 Nov 2008 16:42:05 +0000
Subject: check for NULL returns from strdup() - reported by Jim Meyering also
 prevent buffer overflow on MSDOS when you do for example -O on a url with a
 file name part longer than PATH_MAX letters

---
 src/main.c | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

(limited to 'src/main.c')

diff --git a/src/main.c b/src/main.c
index 6b57efce3..f325106ec 100644
--- a/src/main.c
+++ b/src/main.c
@@ -4284,11 +4284,17 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
             {
               /* This is for DOS, and then we do some major replacing of
                  bad characters in the file name before using it */
-              char file1 [PATH_MAX];
-
+              char file1[PATH_MAX];
+              if(strlen(outfile) >= PATH_MAX)
+                outfile[PATH_MAX-1]=0; /* cut it */
               strcpy(file1, msdosify(outfile));
-              free (outfile);
-              outfile = strdup (rename_if_dos_device_name(file1));
+              free(outfile);
+
+              outfile = strdup(rename_if_dos_device_name(file1));
+              if(!outfile) {
+                res = CURLE_OUT_OF_MEMORY;
+                break;
+              }
             }
 #endif /* MSDOS */
           }
@@ -5146,12 +5152,19 @@ static char *my_get_line(FILE *fp)
    do {
      if (NULL == fgets(buf, sizeof(buf), fp))
        break;
-     if (NULL == retval)
+     if (NULL == retval) {
        retval = strdup(buf);
+       if(!retval)
+         return NULL;
+     }
      else {
-       if (NULL == (retval = realloc(retval,
-                                     strlen(retval) + strlen(buf) + 1)))
-         break;
+       char *ptr;
+       ptr = realloc(retval, strlen(retval) + strlen(buf) + 1);
+       if (NULL == ptr) {
+         free(retval);
+         return NULL;
+       }
+       retval = ptr;
        strcat(retval, buf);
      }
    }
-- 
cgit v1.2.3