From owner-svn-src-all@FreeBSD.ORG  Mon May 21 21:10:11 2012
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E0FF11065675;
	Mon, 21 May 2012 21:10:10 +0000 (UTC)
	(envelope-from ghelmer@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id CC5B78FC1F;
	Mon, 21 May 2012 21:10:10 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q4LLA1mk072798;
	Mon, 21 May 2012 21:10:01 GMT (envelope-from ghelmer@svn.freebsd.org)
Received: (from ghelmer@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q4LLA1nR072795;
	Mon, 21 May 2012 21:10:01 GMT (envelope-from ghelmer@svn.freebsd.org)
Message-Id: <201205212110.q4LLA1nR072795@svn.freebsd.org>
From: Guy Helmer <ghelmer@FreeBSD.org>
Date: Mon, 21 May 2012 21:10:01 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r235740 - head/lib/libc/gen
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2012 21:10:11 -0000

Author: ghelmer
Date: Mon May 21 21:10:00 2012
New Revision: 235740
URL: http://svn.freebsd.org/changeset/base/235740

Log:
  Add checks for memory allocation failures in appropriate places, and
  avoid creating bad entries in the grp list as a result of memory allocation
  failures while building new entries.
  
  PR:		bin/83340
  Reviewed by:	delphij (prior version of patch)

Modified:
  head/lib/libc/gen/getnetgrent.c

Modified: head/lib/libc/gen/getnetgrent.c
==============================================================================
--- head/lib/libc/gen/getnetgrent.c	Mon May 21 21:04:29 2012	(r235739)
+++ head/lib/libc/gen/getnetgrent.c	Mon May 21 21:10:00 2012	(r235740)
@@ -203,9 +203,7 @@ setnetgrent(const char *group)
 			if (parse_netgrp(group))
 				endnetgrent();
 			else {
-				grouphead.grname = (char *)
-					malloc(strlen(group) + 1);
-				strcpy(grouphead.grname, group);
+				grouphead.grname = strdup(group);
 			}
 			if (netf)
 				fclose(netf);
@@ -457,9 +455,9 @@ parse_netgrp(const char *group)
 	while (pos != NULL && *pos != '\0') {
 		if (*pos == '(') {
 			grp = (struct netgrp *)malloc(sizeof (struct netgrp));
+			if (grp == NULL)
+				return (1);
 			bzero((char *)grp, sizeof (struct netgrp));
-			grp->ng_next = grouphead.gr;
-			grouphead.gr = grp;
 			pos++;
 			gpos = strsep(&pos, ")");
 #ifdef DEBUG
@@ -480,6 +478,13 @@ parse_netgrp(const char *group)
 					if (len > 0) {
 						grp->ng_str[strpos] =  (char *)
 							malloc(len + 1);
+						if (grp->ng_str[strpos] == NULL) {
+							int freepos;
+							for (freepos = 0; freepos < strpos; freepos++)
+								free(grp->ng_str[freepos]);
+							free(grp);
+							return (1);
+						}
 						bcopy(spos, grp->ng_str[strpos],
 							len + 1);
 					}
@@ -493,6 +498,8 @@ parse_netgrp(const char *group)
 					grp->ng_str[strpos] = NULL;
 				}
 			}
+			grp->ng_next = grouphead.gr;
+			grouphead.gr = grp;
 #ifdef DEBUG
 			/*
 			 * Note: on other platforms, malformed netgroup
@@ -529,7 +536,7 @@ parse_netgrp(const char *group)
 static struct linelist *
 read_for_group(const char *group)
 {
-	char *pos, *spos, *linep, *olinep;
+	char *pos, *spos, *linep;
 	int len, olen;
 	int cont;
 	struct linelist *lp;
@@ -537,6 +544,7 @@ read_for_group(const char *group)
 #ifdef YP
 	char *result;
 	int resultlen;
+	linep = NULL;
 
 	while (_netgr_yp_enabled || fgets(line, LINSIZ, netf) != NULL) {
 		if (_netgr_yp_enabled) {
@@ -557,6 +565,7 @@ read_for_group(const char *group)
 			free(result);
 		}
 #else
+	linep = NULL;
 	while (fgets(line, LINSIZ, netf) != NULL) {
 #endif
 		pos = (char *)&line;
@@ -579,8 +588,14 @@ read_for_group(const char *group)
 			pos++;
 		if (*pos != '\n' && *pos != '\0') {
 			lp = (struct linelist *)malloc(sizeof (*lp));
+			if (lp == NULL) 
+				return (NULL);
 			lp->l_parsed = 0;
 			lp->l_groupname = (char *)malloc(len + 1);
+			if (lp->l_groupname == NULL) {
+				free(lp);
+				return (NULL);
+			}
 			bcopy(spos, lp->l_groupname, len);
 			*(lp->l_groupname + len) = '\0';
 			len = strlen(pos);
@@ -598,15 +613,15 @@ read_for_group(const char *group)
 				} else
 					cont = 0;
 				if (len > 0) {
-					linep = (char *)malloc(olen + len + 1);
-					if (olen > 0) {
-						bcopy(olinep, linep, olen);
-						free(olinep);
+					linep = (char *)reallocf(linep, olen + len + 1);
+					if (linep == NULL) {
+						free(lp->l_groupname);
+						free(lp);
+						return (NULL);
 					}
 					bcopy(pos, linep + olen, len);
 					olen += len;
 					*(linep + olen) = '\0';
-					olinep = linep;
 				}
 				if (cont) {
 					if (fgets(line, LINSIZ, netf)) {
@@ -637,5 +652,5 @@ read_for_group(const char *group)
 	 */
 	rewind(netf);
 #endif
-	return ((struct linelist *)0);
+	return (NULL);
 }