Browse Source

add force_assert for many allocations and function results

From: Gaurav <g.gupta@samsung.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3047 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.38
Gaurav 6 years ago
committed by Stefan Bühler
parent
commit
5c5f67a5c7
  1. 1
      NEWS
  2. 13
      src/mod_cgi.c
  3. 12
      src/mod_scgi.c
  4. 1
      src/mod_ssi_expr.c

1
NEWS

@ -10,6 +10,7 @@ NEWS
* [core] check configparserAlloc() result with force_assert
* [mod_auth] implement and use safe_memclear, using memset_s or explicit_bzero if available (thx loganaden)
* [core] don't buffer request bodies smaller than 64k on disk
* add force_assert for many allocations and function results
- 1.4.37 - 2015-08-30
* [mod_proxy] remove debug log line from error log (fixes #2659)

13
src/mod_cgi.c

@ -161,6 +161,7 @@ SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) {
if (!p) return HANDLER_ERROR;
p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *));
force_assert(p->config_storage);
for (i = 0; i < srv->config_context->used; i++) {
plugin_config *s;
@ -199,9 +200,11 @@ static int cgi_pid_add(server *srv, plugin_data *p, pid_t pid) {
if (r->size == 0) {
r->size = 16;
r->ptr = malloc(sizeof(*r->ptr) * r->size);
force_assert(r->ptr);
} else if (r->used == r->size) {
r->size += 16;
r->ptr = realloc(r->ptr, sizeof(*r->ptr) * r->size);
force_assert(r->ptr);
}
r->ptr[r->used++] = pid;
@ -709,6 +712,7 @@ static int cgi_env_add(char_array *env, const char *key, size_t key_len, const c
if (!key || !val) return -1;
dst = malloc(key_len + val_len + 2);
force_assert(dst);
memcpy(dst, key, key_len);
dst[key_len] = '=';
memcpy(dst + key_len + 1, val, val_len);
@ -717,9 +721,11 @@ static int cgi_env_add(char_array *env, const char *key, size_t key_len, const c
if (env->size == 0) {
env->size = 16;
env->ptr = malloc(env->size * sizeof(*env->ptr));
force_assert(env->ptr);
} else if (env->size == env->used) {
env->size += 16;
env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr));
force_assert(env->ptr);
}
env->ptr[env->used++] = dst;
@ -903,12 +909,13 @@ static int cgi_create_env(server *srv, connection *con, plugin_data *p, buffer *
#else
s = inet_ntoa(srv_sock->addr.ipv4.sin_addr);
#endif
force_assert(s);
cgi_env_add(&env, CONST_STR_LEN("SERVER_NAME"), s, strlen(s));
}
cgi_env_add(&env, CONST_STR_LEN("GATEWAY_INTERFACE"), CONST_STR_LEN("CGI/1.1"));
s = get_http_version_name(con->request.http_version);
force_assert(s);
cgi_env_add(&env, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s));
li_utostr(buf,
@ -943,9 +950,11 @@ static int cgi_create_env(server *srv, connection *con, plugin_data *p, buffer *
s = "";
break;
}
force_assert(s);
cgi_env_add(&env, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s));
s = get_http_method_name(con->request.http_method);
force_assert(s);
cgi_env_add(&env, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s));
if (!buffer_string_is_empty(con->request.pathinfo)) {
@ -983,6 +992,7 @@ static int cgi_create_env(server *srv, connection *con, plugin_data *p, buffer *
s = "";
break;
}
force_assert(s);
cgi_env_add(&env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s));
li_utostr(buf,
@ -1053,6 +1063,7 @@ static int cgi_create_env(server *srv, connection *con, plugin_data *p, buffer *
/* set up args */
argc = 3;
args = malloc(sizeof(*args) * argc);
force_assert(args);
i = 0;
if (!buffer_string_is_empty(cgi_handler)) {

12
src/mod_scgi.c

@ -386,6 +386,7 @@ static scgi_proc *scgi_process_init(void) {
scgi_proc *f;
f = calloc(1, sizeof(*f));
force_assert(f);
f->socket = buffer_init();
f->prev = NULL;
@ -440,6 +441,7 @@ static scgi_exts *scgi_extensions_init(void) {
scgi_exts *f;
f = calloc(1, sizeof(*f));
force_assert(f);
return f;
}
@ -529,6 +531,7 @@ INIT_FUNC(mod_scgi_init) {
plugin_data *p;
p = calloc(1, sizeof(*p));
force_assert(p);
p->scgi_env = buffer_init();
@ -608,6 +611,7 @@ static int env_add(char_array *env, const char *key, size_t key_len, const char
if (!key || !val) return -1;
dst = malloc(key_len + val_len + 3);
force_assert(dst);
memcpy(dst, key, key_len);
dst[key_len] = '=';
/* add the \0 from the value */
@ -625,9 +629,11 @@ static int env_add(char_array *env, const char *key, size_t key_len, const char
if (env->size == 0) {
env->size = 16;
env->ptr = malloc(env->size * sizeof(*env->ptr));
force_assert(env->ptr);
} else if (env->size == env->used) {
env->size += 16;
env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr));
force_assert(env->ptr);
}
env->ptr[env->used++] = dst;
@ -930,12 +936,14 @@ SETDEFAULTS_FUNC(mod_scgi_set_defaults) {
};
p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *));
force_assert(p->config_storage);
for (i = 0; i < srv->config_context->used; i++) {
plugin_config *s;
array *ca;
s = malloc(sizeof(plugin_config));
force_assert(s);
s->exts = scgi_extensions_init();
s->debug = 0;
@ -1493,6 +1501,7 @@ static int scgi_create_env(server *srv, handler_ctx *hctx) {
#else
s = inet_ntoa(srv_sock->addr.ipv4.sin_addr);
#endif
force_assert(s);
scgi_env_add(p->scgi_env, CONST_STR_LEN("SERVER_NAME"), s, strlen(s));
}
@ -1529,6 +1538,7 @@ static int scgi_create_env(server *srv, handler_ctx *hctx) {
scgi_env_add(p->scgi_env, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf));
s = inet_ntop_cache_get_ip(srv, &(con->dst_addr));
force_assert(s);
scgi_env_add(p->scgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s));
/*
@ -1591,9 +1601,11 @@ static int scgi_create_env(server *srv, handler_ctx *hctx) {
}
s = get_http_method_name(con->request.http_method);
force_assert(s);
scgi_env_add(p->scgi_env, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s));
scgi_env_add(p->scgi_env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200")); /* if php is compiled with --force-redirect */
s = get_http_version_name(con->request.http_version);
force_assert(s);
scgi_env_add(p->scgi_env, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s));
#ifdef USE_OPENSSL

1
src/mod_ssi_expr.c

@ -291,6 +291,7 @@ int ssi_eval_expr(server *srv, connection *con, plugin_data *p, const char *expr
/* default context */
pParser = ssiexprparserAlloc( malloc );
force_assert(pParser);
token = buffer_init();
while((1 == (ret = ssi_expr_tokenizer(srv, con, p, &t, &token_id, token))) && context.ok) {
ssiexprparser(pParser, token_id, token, &context);

Loading…
Cancel
Save