rpki-client: unchecked str(n)dup

Thu, 04 Mar 2021 06:54:18 -0800 

The first two seem obvious oversights.  The ones in rsync_base_uri()
would end up silently ignored:
queue_add_from_cert
 repo_lookup
  rsync_base_uri

Index: http.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
retrieving revision 1.4
diff -u -p -r1.4 http.c
--- http.c      4 Mar 2021 14:24:54 -0000       1.4
+++ http.c      4 Mar 2021 14:46:20 -0000
@@ -807,7 +807,8 @@ http_parse_header(struct http_connection
        } else if (strncasecmp(cp, LAST_MODIFIED,
            sizeof(LAST_MODIFIED) - 1) == 0) {
                cp += sizeof(LAST_MODIFIED) - 1;
-               conn->last_modified = strdup(cp);
+               if ((conn->last_modified = strdup(cp)) == NULL)
+                       err(1, NULL);
        }
 
        return 1;
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.112
diff -u -p -r1.112 main.c
--- main.c      4 Mar 2021 14:24:17 -0000       1.112
+++ main.c      4 Mar 2021 14:46:20 -0000
@@ -590,9 +590,10 @@ queue_add_tal(struct entityq *q, const c
        buf = tal_read_file(file);
 
        /* Record tal for later reporting */
-       if (stats.talnames == NULL)
-               stats.talnames = strdup(file);
-       else {
+       if (stats.talnames == NULL) {
+               if ((stats.talnames = strdup(file)) == NULL)
+                       err(1, NULL);
+       } else {
                char *tmp;
                if (asprintf(&tmp, "%s %s", stats.talnames, file) == -1)
                        err(1, NULL);
Index: rsync.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v
retrieving revision 1.21
diff -u -p -r1.21 rsync.c
--- rsync.c     4 Mar 2021 14:24:17 -0000       1.21
+++ rsync.c     4 Mar 2021 14:46:20 -0000
@@ -55,6 +55,7 @@ char *
 rsync_base_uri(const char *uri)
 {
        const char *host, *module, *rest;
+       char *base_uri;
 
        /* Case-insensitive rsync URI. */
        if (strncasecmp(uri, "rsync://", 8) != 0) {
@@ -82,13 +83,18 @@ rsync_base_uri(const char *uri)
 
        /* The path component is optional. */
        if ((rest = strchr(module, '/')) == NULL) {
-               return strdup(uri);
+               if ((base_uri = strdup(uri)) == NULL)
+                       err(1, NULL);
+               return base_uri;
        } else if (rest == module) {
                warnx("%s: zero-length module", uri);
                return NULL;
        }
 
-       return strndup(uri, rest - uri);
+       if ((base_uri = strndup(uri, rest - uri)) == NULL)
+               err(1, NULL);
+
+       return base_uri;
 }
 
 static void

Reply via email to