robustness fixes

2015-05-07 23:51:01 +00:00
parent 6ddce21c52
commit ad390ee7ea
4 changed files with 9 additions and 11 deletions
--- a/scan_ldapsearchfilter.c
+++ b/scan_ldapsearchfilter.c
@@ -41,10 +41,7 @@ size_t scan_ldapsearchfilter(const char* src,const char* max,struct Filter** f)
  res+=tmp;
  nmax=src+res+len;
  if (nmax>max) goto error;
-  if (!(*f=malloc(sizeof(struct Filter)))) goto error;
-  (*f)->next=0;
-  (*f)->x=0;
-  (*f)->substrings=0;
+  if (!(*f=calloc(1,sizeof(struct Filter)))) goto error;
  switch ((*f)->type=tag) {
  case 0:    /*  and             [0] SET OF Filter, */
  case 1:    /*  or              [1] SET OF Filter, */
@@ -84,13 +81,12 @@ size_t scan_ldapsearchfilter(const char* src,const char* max,struct Filter** f)
      res+=tmp;
      if (src+res+len2!=nmax) goto error;
      while (src+res<nmax) {
-	struct Substring* s=malloc(sizeof(struct Substring));
+	struct Substring* s=calloc(1,sizeof(struct Substring));
 	unsigned long x;
 	enum asn1_tagtype tt;
 	enum asn1_tagclass tc;
 	if (!s) goto error;
-	if (!(tmp=scan_asn1string(src+res,nmax,&tc,&tt,&x,&s->s.s,&s->s.l))) { free(s); goto error; }
-	if (x>2) goto error;
+	if (!(tmp=scan_asn1string(src+res,nmax,&tc,&tt,&x,&s->s.s,&s->s.l)) || x>2) { free(s); goto error; }
 	s->substrtype=x;
 	res+=tmp;
 	s->next=(*f)->substrings;
--- a/scan_ldapsearchfilterstring.c
+++ b/scan_ldapsearchfilterstring.c
@@ -52,7 +52,7 @@ scan_filterlist:
 substring:
 	  while (*s!=')') {
 	    size_t i,j;
-	    struct Substring* substring=malloc(sizeof(struct Substring));
+	    struct Substring* substring=calloc(1,sizeof(struct Substring));
 	    if (!substring) goto error;
 	    substring->s.s=s;
 	    i=str_chr(s,')');
--- a/scan_ldapsearchrequest.c
+++ b/scan_ldapsearchrequest.c
@@ -1,4 +1,5 @@
 #include <stdlib.h>
+#include <string.h>
 #include "ldap.h"

 size_t scan_ldapsearchrequest(const char* src,const char* max,
@@ -34,10 +35,9 @@ size_t scan_ldapsearchrequest(const char* src,const char* max,
    for (;;) {
      if (src+res>nmax) goto error;
      if (src+res==nmax) break;
-      if (!*a) *a=malloc(sizeof(struct AttributeDescriptionList));
+      if (!*a) *a=calloc(1,sizeof(struct AttributeDescriptionList));
      if (!*a) goto error;
-      (*a)->next=0;
-      if (!(tmp=scan_ldapstring(src+res,nmax,&(*a)->a))) goto error;
+      if (!(tmp=scan_ldapstring(src+res,nmax,&(*a)->a))) { free(*a); goto error; }
      res+=tmp;
      a=&(*a)->next;
    }
@@ -52,4 +52,5 @@ void free_ldapsearchrequest(struct SearchRequest* s) {
  if (s->attributes)
    free_ldapadl(s->attributes->next);
  free_ldapsearchfilter(s->filter);
+  memset(s,0,sizeof(*s));
 }
--- a/scan_ldapsearchresultentry.c
+++ b/scan_ldapsearchresultentry.c
@@ -37,6 +37,7 @@ size_t scan_ldapsearchresultentry(const char* src,const char* max,struct SearchR
  return res;
 error:
  freepal(sre->attributes);
+  sre->attributes=0;
  return 0;
 }