aboutsummaryrefslogtreecommitdiff
path: root/nis
diff options
context:
space:
mode:
Diffstat (limited to 'nis')
-rw-r--r--nis/nis_removemember.c7
-rw-r--r--nis/nis_subr.c41
-rw-r--r--nis/nis_table.c25
3 files changed, 51 insertions, 22 deletions
diff --git a/nis/nis_removemember.c b/nis/nis_removemember.c
index 930ca43..b9e27ab 100644
--- a/nis/nis_removemember.c
+++ b/nis/nis_removemember.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1997, 1998, 1999 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 1998, 1999, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
@@ -17,6 +17,7 @@
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
+#include <assert.h>
#include <string.h>
#include <rpcsvc/nis.h>
@@ -87,6 +88,10 @@ nis_removemember (const_nis_name member, const_nis_name group)
}
}
free (NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val);
+ assert (k <= NIS_RES_OBJECT(res)->GR_data.gr_members.gr_members_len);
+ /* This realloc() call always decreases the size. This cannot
+ fail. We still have the test but do not recover memory
+ (i.e., we overwrite the input pointer). */
newmem = realloc (newmem, k * sizeof (char*));
if (newmem == NULL)
return NIS_NOMEMORY;
diff --git a/nis/nis_subr.c b/nis/nis_subr.c
index 47a22e3..78e58ae 100644
--- a/nis/nis_subr.c
+++ b/nis/nis_subr.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1997, 1999, 2000 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 1999, 2000, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
@@ -117,8 +117,11 @@ nis_getnames (const_nis_name name)
{
nis_name *getnames = NULL;
char local_domain[NIS_MAXNAMELEN + 1];
- char *path, *cp;
- int count, pos, have_point;
+ char *path;
+ char *cp;
+ int count;
+ int pos = 0;
+ int have_point;
char *saveptr;
strncpy (local_domain, nis_local_directory (), NIS_MAXNAMELEN);
@@ -133,7 +136,13 @@ nis_getnames (const_nis_name name)
if (name[strlen (name) - 1] == '.')
{
if ((getnames[0] = strdup (name)) == NULL)
- return NULL;
+ {
+ free_null:
+ while (pos-- > 0)
+ free (getnames[pos]);
+ free (getnames);
+ return NULL;
+ }
getnames[1] = NULL;
@@ -149,8 +158,6 @@ nis_getnames (const_nis_name name)
have_point = (strchr (name, '.') != NULL);
- pos = 0;
-
cp = __strtok_r (path, ":", &saveptr);
while (cp)
{
@@ -164,14 +171,16 @@ nis_getnames (const_nis_name name)
if (pos >= count)
{
count += 5;
- getnames = realloc (getnames, (count + 1) * sizeof (char *));
- if (__builtin_expect (getnames == NULL, 0))
- return NULL;
+ nis_name *newp = realloc (getnames,
+ (count + 1) * sizeof (char *));
+ if (__builtin_expect (newp == NULL, 0))
+ goto free_null;
+ getnames = newp;
}
tmp = malloc (strlen (cptr) + strlen (local_domain) +
strlen (name) + 2);
if (__builtin_expect (tmp == NULL, 0))
- return NULL;
+ goto free_null;
getnames[pos] = tmp;
tmp = stpcpy (tmp, name);
@@ -201,7 +210,7 @@ nis_getnames (const_nis_name name)
tmp = malloc (cplen + strlen (local_domain) + strlen (name) + 2);
if (__builtin_expect (tmp == NULL, 0))
- return NULL;
+ goto free_null;
p = __stpcpy (tmp, name);
*p++ = '.';
@@ -217,7 +226,7 @@ nis_getnames (const_nis_name name)
tmp = malloc (cplen + strlen (name) + 2);
if (__builtin_expect (tmp == NULL, 0))
- return NULL;
+ goto free_null;
p = __stpcpy (tmp, name);
*p++ = '.';
@@ -227,9 +236,11 @@ nis_getnames (const_nis_name name)
if (pos >= count)
{
count += 5;
- getnames = realloc (getnames, (count + 1) * sizeof (char *));
- if (__builtin_expect (getnames == NULL, 0))
- return NULL;
+ nis_name *newp = realloc (getnames,
+ (count + 1) * sizeof (char *));
+ if (__builtin_expect (newp == NULL, 0))
+ goto free_null;
+ getnames = newp;
}
getnames[pos] = tmp;
++pos;
diff --git a/nis/nis_table.c b/nis/nis_table.c
index 6c4fb83..746444c 100644
--- a/nis/nis_table.c
+++ b/nis/nis_table.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1997, 1998, 1999, 2003 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 1998, 1999, 2003, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@suse.de>, 1997.
@@ -54,7 +54,7 @@ __create_ib_request (const_nis_name name, unsigned int flags)
return NULL;
}
- /* Check if we have an entry of "[key=value,],bar". If, remove the "," */
+ /* Check if we have an entry of "[key=value,],bar". If, remove the "," */
if (ibreq->ibr_name[-1] == ',')
ibreq->ibr_name[-1] = '\0';
else
@@ -62,7 +62,17 @@ __create_ib_request (const_nis_name name, unsigned int flags)
ibreq->ibr_name += 2;
ibreq->ibr_name = strdup (ibreq->ibr_name);
if (ibreq->ibr_name == NULL)
- return NULL;
+ {
+ free_null:
+ while (search_len-- > 0)
+ {
+ free (search_val[search_len].zattr_ndx);
+ free (search_val[search_len].zattr_val.zattr_val_val);
+ }
+ free (search_val);
+ nis_free_request (ibreq);
+ return NULL;
+ }
++cptr; /* Remove "[" */
@@ -86,16 +96,19 @@ __create_ib_request (const_nis_name name, unsigned int flags)
size += 1;
search_val = realloc (search_val, size * sizeof (nis_attr));
if (search_val == NULL)
- return NULL;
+ goto free_null;
}
search_val[search_len].zattr_ndx = strdup (key);
if ((search_val[search_len].zattr_ndx) == NULL)
- return NULL;
+ goto free_null;
search_val[search_len].zattr_val.zattr_val_len = strlen (val) + 1;
search_val[search_len].zattr_val.zattr_val_val = strdup (val);
if (search_val[search_len].zattr_val.zattr_val_val == NULL)
- return NULL;
+ {
+ free (search_val[search_len].zattr_ndx);
+ goto free_null;
+ }
++search_len;
}