diff --git a/src/adc/message.c b/src/adc/message.c index 5343123..d6b3565 100644 --- a/src/adc/message.c +++ b/src/adc/message.c @@ -26,8 +26,7 @@ uhub_assert(X->capacity); \ uhub_assert(X->length); \ uhub_assert(X->length <= X->capacity); \ - uhub_assert(X->length == strlen(X->cache)); \ - uhub_assert(X->references >= 0); + uhub_assert(X->length == strlen(X->cache)); #else #define ADC_MSG_ASSERT(X) do { } while(0) #endif /* DEBUG */ @@ -111,12 +110,12 @@ static int adc_msg_grow(struct adc_message* msg, size_t size) if (msg->capacity > size) return 1; - + /* Make sure we align our data */ newsize = size; newsize += 2; /* termination */ newsize += (newsize % sizeof(size_t)); /* alignment padding */ - + buf = msg_malloc_zero(newsize); if (!buf) return 0; @@ -126,7 +125,7 @@ static int adc_msg_grow(struct adc_message* msg, size_t size) memcpy(buf, msg->cache, msg->length); msg_free(msg->cache); } - + msg->cache = buf; msg->capacity = newsize; @@ -144,7 +143,7 @@ static int adc_msg_cache_append(struct adc_message* msg, const char* string, siz memcpy(&msg->cache[msg->length], string, len); adc_msg_set_length(msg, msg->length + len); - + assert(msg->capacity > msg->length); msg->cache[msg->length] = 0; return 1; @@ -777,16 +776,15 @@ char* adc_msg_get_argument(struct adc_message* cmd, int offset) char* end; char* argument; int count = 0; - + ADC_MSG_ASSERT(cmd); - + adc_msg_unterminate(cmd); - + start = strchr(&cmd->cache[adc_msg_get_arg_offset(cmd)-1], ' '); while (start) { end = strchr(&start[1], ' '); - if (count == offset) { if (end) @@ -796,21 +794,27 @@ char* adc_msg_get_argument(struct adc_message* cmd, int offset) else { argument = hub_strdup(&start[1]); - if (argument[strlen(argument)-1] == '\n') + if (argument && argument[strlen(argument)-1] == '\n') argument[strlen(argument)-1] = 0; } - + + if (!argument) + return 0; // FIXME: OOM + if (*argument) { adc_msg_terminate(cmd); return argument; } + else + { + hub_free(argument); + } } - count++; start = end; } - + adc_msg_terminate(cmd); return 0; } diff --git a/src/adc/sid.c b/src/adc/sid.c index e0ec39c..c41151b 100644 --- a/src/adc/sid.c +++ b/src/adc/sid.c @@ -88,10 +88,18 @@ struct sid_pool struct sid_pool* sid_pool_create(sid_t max) { struct sid_pool* pool = hub_malloc(sizeof(struct sid_pool)); + if (!pool) + return 0; + pool->min = 1; pool->max = max + 1; pool->count = 0; pool->map = hub_malloc_zero(sizeof(struct hub_user*) * pool->max); + if (!pool->map) + { + hub_free(pool); + return 0; + } pool->map[0] = (struct hub_user*) pool; /* hack to reserve the first sid. */ #ifdef DEBUG_SID diff --git a/src/core/auth.c b/src/core/auth.c index ca5c950..2465560 100644 --- a/src/core/auth.c +++ b/src/core/auth.c @@ -355,25 +355,46 @@ int acl_is_user_denied(struct acl_handle* handle, const char* data) int acl_user_ban_nick(struct acl_handle* handle, const char* nick) { + char* data = 0; struct hub_user_access_info* info = hub_malloc_zero(sizeof(struct hub_user_access_info)); + if (!info) { LOG_ERROR("ACL error: Out of memory!"); return -1; } - list_append(handle->users_banned, hub_strdup(nick)); + + data = hub_strdup(nick); + if (!data) + { + LOG_ERROR("ACL error: Out of memory!"); + hub_free(info); + return -1; + } + + list_append(handle->users_banned, data); return 0; } int acl_user_ban_cid(struct acl_handle* handle, const char* cid) { + char* data; struct hub_user_access_info* info = hub_malloc_zero(sizeof(struct hub_user_access_info)); if (!info) { LOG_ERROR("ACL error: Out of memory!"); return -1; } - list_append(handle->cids, hub_strdup(cid)); + + data = hub_strdup(cid); + if (!data) + { + LOG_ERROR("ACL error: Out of memory!"); + hub_free(info); + return -1; + } + + list_append(handle->cids, data); return 0; } @@ -431,12 +452,12 @@ int acl_is_ip_nat_override(struct acl_handle* handle, const char* ip_address) */ const char* acl_password_generate_challenge(struct acl_handle* acl, struct hub_user* user) { - char buf[32]; + char buf[64]; uint64_t tiger_res[3]; static char tiger_buf[MAX_CID_LEN+1]; // FIXME: Generate a better nonce scheme. - snprintf(buf, 32, "%p%d%d", user, (int) user->id.sid, (int) user->connection->sd); + snprintf(buf, 64, "%p%d%d", user, (int) user->id.sid, (int) user->connection->sd); tiger((uint64_t*) buf, strlen(buf), (uint64_t*) tiger_res); base32_encode((unsigned char*) tiger_res, TIGERSIZE, tiger_buf); diff --git a/src/core/commands.c b/src/core/commands.c index f328fb6..c4096b1 100644 --- a/src/core/commands.c +++ b/src/core/commands.c @@ -77,7 +77,7 @@ static struct hub_command* command_create(const char* message) } char* prefix = list_get_first(cmd->args); - if (prefix[0] && prefix[1]) + if (prefix && prefix[0] && prefix[1]) { cmd->prefix = hub_strdup(&prefix[1]); cmd->prefix_len = strlen(cmd->prefix); @@ -235,6 +235,9 @@ static int command_uptime(struct hub_info* hub, struct hub_user* user, struct hu static int command_kick(struct hub_info* hub, struct hub_user* user, struct hub_command* cmd) { char* nick = list_get_first(cmd->args); + if (!nick) + return -1; // FIXME: bad syntax. + struct hub_user* target = uman_get_user_by_nick(hub, nick); if (!target) @@ -250,6 +253,9 @@ static int command_kick(struct hub_info* hub, struct hub_user* user, struct hub_ static int command_ban(struct hub_info* hub, struct hub_user* user, struct hub_command* cmd) { char* nick = list_get_first(cmd->args); + if (!nick) + return -1; // FIXME: bad syntax. + struct hub_user* target = uman_get_user_by_nick(hub, nick); if (!target) @@ -299,6 +305,9 @@ static int command_getip(struct hub_info* hub, struct hub_user* user, struct hub char tmp[128]; char* nick = list_get_first(cmd->args); + if (!nick); + return -1; // FIXME: bad syntax/OOM + struct hub_user* target = uman_get_user_by_nick(hub, nick); if (!target) @@ -316,11 +325,17 @@ static int command_whoip(struct hub_info* hub, struct hub_user* user, struct hub struct hub_user* u; int ret = 0; + if (!address) + return -1; // FIXME: bad syntax. + ret = ip_convert_address_to_range(address, &range); if (!ret) return command_status(hub, user, cmd, "Invalid IP address/range/mask"); users = (struct linked_list*) list_create(); + if (!users) + return -1; // FIXME: OOM + ret = uman_get_user_by_addr(hub, users, &range); if (!ret) @@ -333,6 +348,12 @@ static int command_whoip(struct hub_info* hub, struct hub_user* user, struct hub snprintf(tmp, 128, "*** %s: Found %d match%s:", cmd->prefix, ret, ((ret != 1) ? "es" : "")); char* buffer = hub_malloc(((MAX_NICK_LEN + INET6_ADDRSTRLEN + 5) * ret) + strlen(tmp) + 3); + if (!buffer) + { + list_destroy(users); + return -1; // FIXME: OOM + } + buffer[0] = 0; strcat(buffer, tmp); strcat(buffer, "\n"); @@ -350,6 +371,7 @@ static int command_whoip(struct hub_info* hub, struct hub_user* user, struct hub send_message(hub, user, buffer); hub_free(buffer); + list_destroy(users); return 0; } diff --git a/src/core/hub.c b/src/core/hub.c index 313a196..a8501c9 100644 --- a/src/core/hub.c +++ b/src/core/hub.c @@ -102,6 +102,7 @@ int hub_handle_support(struct hub_info* hub, struct hub_user* u, struct adc_mess if (hub->status == hub_status_disabled && u->state == state_protocol) { on_login_failure(hub, u, status_msg_hub_disabled); + hub_free(arg); return -1; } diff --git a/src/core/inf.c b/src/core/inf.c index 7c2142d..044bac2 100644 --- a/src/core/inf.c +++ b/src/core/inf.c @@ -46,8 +46,11 @@ static int set_feature_cast_supports(struct hub_user* u, struct adc_message* cmd if (adc_msg_has_named_argument(cmd, ADC_INF_FLAG_SUPPORT)) { tmp = adc_msg_get_named_argument(cmd, ADC_INF_FLAG_SUPPORT); + if (!tmp) + return -1; // FIXME: OOM + user_clear_feature_cast_support(u); - + it = tmp; while (strlen(it) > 4) { diff --git a/src/core/netevent.c b/src/core/netevent.c index af343a0..4aa2736 100644 --- a/src/core/netevent.c +++ b/src/core/netevent.c @@ -111,7 +111,6 @@ int handle_net_read(struct hub_user* user) if (hub_handle_message(g_hub, user, start, (pos - start)) == -1) { return quit_protocol_error; - break; } } } diff --git a/src/core/route.c b/src/core/route.c index cc17301..d2ebd7a 100644 --- a/src/core/route.c +++ b/src/core/route.c @@ -86,7 +86,7 @@ static inline int check_send_queue(struct hub_info* hub, struct hub_user* user, return -1; } - if (user->send_queue->size > get_max_send_queue_soft(hub) && msg->priority < 0) + if (user->send_queue->size > get_max_send_queue_soft(hub)) { LOG_WARN("send queue soft overflowed."); return 0; diff --git a/src/core/usermanager.c b/src/core/usermanager.c index 63e206f..1d992c6 100644 --- a/src/core/usermanager.c +++ b/src/core/usermanager.c @@ -101,9 +101,10 @@ int uman_init(struct hub_info* hub) if (!users->list) { list_destroy(users->list); + hub_free(users); return -1; } - + hub->users = users; #ifdef USERMANAGER_TIMER diff --git a/src/network/network.c b/src/network/network.c index 614e5da..773885a 100644 --- a/src/network/network.c +++ b/src/network/network.c @@ -303,7 +303,7 @@ int net_close(int fd) } else { - if (fd != -1) + if (ret != -1) { net_stats_add_error(); } @@ -474,6 +474,7 @@ int net_socket_create(int af, int type, int protocol) if (sd == -1) { net_error_out(sd, "net_socket_create"); + return -1; } #ifdef SOCK_DUAL_STACK_OPT diff --git a/src/util/list.c b/src/util/list.c index 08d18c9..801c6fa 100644 --- a/src/util/list.c +++ b/src/util/list.c @@ -54,6 +54,11 @@ void list_clear(struct linked_list* list, void (*free_handle)(void* ptr)) void list_append(struct linked_list* list, void* data_ptr) { struct node* new_node = (struct node*) hub_malloc_zero(sizeof(struct node)); + if (!new_node) + { + LOG_FATAL("Unable to allocate memory"); + return; + } new_node->ptr = data_ptr; if (list->last) diff --git a/src/util/tiger.c b/src/util/tiger.c index db82d2e..ee1e288 100644 --- a/src/util/tiger.c +++ b/src/util/tiger.c @@ -47,10 +47,13 @@ extern uint64_t tiger_sboxes[4*256]; ROUND(b, c, a, x7, mul) void tiger_compress(uint64_t* str, uint64_t state[3]) { - uint64_t a, b, c, swap; + uint64_t a, b, c; uint64_t x0, x1, x2, x3, x4, x5, x6, x7; uint64_t aa, bb, cc; +#if PASSES > 3 + uint64_t swap; size_t pass_no; +#endif a = state[0]; b = state[1]; c = state[2]; @@ -107,7 +110,8 @@ void tiger_compress(uint64_t* str, uint64_t state[3]) { x7 -= x6 ^ 0x0123456789ABCDEFULL; PASS(b, c, a, 9); - + +#if PASSES > 3 for (pass_no = 3; pass_no < PASSES; pass_no++) { x0 -= x7 ^ 0xA5A5A5A5A5A5A5A5ULL; @@ -134,7 +138,8 @@ void tiger_compress(uint64_t* str, uint64_t state[3]) { c = b; b = swap; } - +#endif + a ^= aa; b -= bb; c += cc;