Debian Bug report logs - #135822
does not check for memory allocation success

version graph

Package: whois; Maintainer for whois is Marco d'Itri <md@linux.it>; Source for whois is src:whois.

Reported by: kraai@ftbfs.org

Date: Tue, 26 Feb 2002 08:03:01 UTC

Severity: minor

Tags: patch, wontfix

Found in versions 4.5.18, 4.5.21

Fixed in version whois/4.7.26

Done: Marco d'Itri <md@linux.it>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>, whois@packages.qa.debian.org:
Bug#135822; Package whois. Full text and rfc822 format available.

Acknowledgement sent to Matt Kraai <kraai@debian.org>:
New Bug report received and forwarded. Copy sent to Marco d'Itri <md@linux.it>, whois@packages.qa.debian.org. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Matt Kraai <kraai@debian.org>
To: submit@bugs.debian.org
Subject: does not check for memory allocation success
Date: Mon, 25 Feb 2002 23:54:05 -0800
[Message part 1 (text/plain, inline)]
Package: whois
Version: 4.5.21
Severity: minor
Tags: patch

whois does not check the return values of malloc and realloc to
ensure that they succeeded.  This can cause segfaults.  The
following patch causes it to exit gracefully.

Matt

diff -ur whois-4.5.21/whois.c whois/whois.c
--- whois-4.5.21/whois.c	Sun Feb  3 08:27:47 2002
+++ whois/whois.c	Mon Feb 25 23:48:54 2002
@@ -86,7 +86,7 @@
 	/* program flags */
 	switch (ch) {
 	case 'h':
-	    server = q = malloc(strlen(optarg) + 1);
+	    server = q = xmalloc(strlen(optarg) + 1);
 	    for (p = optarg; *p && *p != ':'; *q++ = tolower(*p++));
 	    if (*p == ':')
 		port = p + 1;
@@ -120,7 +120,7 @@
 	usage();
 
     /* On some systems realloc only works on non-NULL buffers */
-    qstring = malloc(1);
+    qstring = xmalloc(1);
     *qstring = '\0';
 
     /* parse other parameters, if any */
@@ -129,7 +129,7 @@
 
 	while (1) {
 	    qslen += strlen(*argv) + 1 + 1;
-	    qstring = realloc(qstring, qslen);
+	    qstring = xrealloc(qstring, qslen);
 	    strcat(qstring, *argv++);
 	    if (argc == 1)
 		break;
@@ -368,7 +368,7 @@
     int i, isripe = 0;
 
     /* +10 for CORE; +2 for \r\n; +1 for NULL */
-    buf = malloc(strlen(flags) + strlen(query) + 10 + 2 + 1);
+    buf = xmalloc(strlen(flags) + strlen(query) + 10 + 2 + 1);
     *buf = '\0';
     for (i = 0; ripe_servers[i]; i++)
 	if (strcmp(server, ripe_servers[i]) == 0) {
@@ -476,7 +476,7 @@
     FILE *fi;
     int state = 0;
 
-    temp = malloc(strlen(query) + 1 + 2 + 1);
+    temp = xmalloc(strlen(query) + 1 + 2 + 1);
     *temp = '=';
     strcpy(temp + 1, query);
     strcat(temp, "\r\n");
@@ -494,7 +494,7 @@
 
 	    for (p = buf; *p != ':'; p++);	/* skip until colon */
 	    for (p++; *p == ' '; p++);		/* skip colon and spaces */
-	    ret = malloc(strlen(p) + 1);
+	    ret = xmalloc(strlen(p) + 1);
 	    for (q = ret; *p != '\n' && *p != '\r'; *q++ = *p++); /*copy data*/
 	    *q = '\0';
 	    state = 2;
@@ -639,6 +639,26 @@
 "      --version        output version information and exit\n"
 ));
     exit(0);
+}
+
+
+/* Memory allocation routines */
+void *xmalloc(size_t size)
+{
+    void *ptr;
+
+    if ((ptr = malloc(size)) == NULL)
+	err_sys("malloc");
+
+    return ptr;
+}
+
+void *xrealloc(void *ptr, size_t size)
+{
+    if ((ptr = realloc(ptr, size)) == NULL)
+	err_sys("realloc");
+
+    return ptr;
 }
 
 
diff -ur whois-4.5.21/whois.h whois/whois.h
--- whois-4.5.21/whois.h	Wed Oct  3 17:14:49 2001
+++ whois/whois.h	Mon Feb 25 23:48:54 2002
@@ -21,6 +21,8 @@
 int domfind(const char *, const char *[]);
 char *normalize_domain(const char *);
 
+void *xmalloc(size_t);
+void *xrealloc(void *, size_t);
 void err_quit(const char *,...);
 void err_sys(const char *,...);
 
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>, whois@packages.qa.debian.org:
Bug#135822; Package whois. Full text and rfc822 format available.

Acknowledgement sent to Marco d'Itri <md@Linux.IT>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>, whois@packages.qa.debian.org. Full text and rfc822 format available.

Message #10 received at 135822@bugs.debian.org (full text, mbox):

From: Marco d'Itri <md@Linux.IT>
To: Matt Kraai <kraai@debian.org>, 135822@bugs.debian.org
Subject: Re: Bug#135822: does not check for memory allocation success
Date: Tue, 26 Feb 2002 10:30:07 +0100
On Feb 26, Matt Kraai <kraai@debian.org> wrote:

 >whois does not check the return values of malloc and realloc to
 >ensure that they succeeded.  This can cause segfaults.  The
Actually this is by design, I did not bother using xmalloc in a small
program which is only run by the user from the command line.


-- 
ciao,
Marco



Merged 131924 135822. Request was from Marco d'Itri <md@linux.it> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: wontfix Request was from Marco d'Itri <md@linux.it> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug submitter from Matt Kraai <kraai@debian.org> to kraai@ftbfs.org. Request was from Matt Kraai <kraai@ftbfs.org> to control@bugs.debian.org. Full text and rfc822 format available.

Disconnected #135822 from all other report(s). Request was from Marco d'Itri <md@linux.it> to control@bugs.debian.org. (Mon, 07 Apr 2008 00:21:02 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 4.7.26, send any further explanations to kraai@ftbfs.org Request was from Marco d'Itri <md@linux.it> to control@bugs.debian.org. (Mon, 07 Apr 2008 00:21:02 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 11 May 2008 07:46:51 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 09:34:59 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.