Fix potential memory leaks and crashes.

src/core/auth.c

@@ -355,25 +355,46 @@ int acl_is_user_denied(struct acl_handle* handle, const char* data)
 
 int acl_user_ban_nick(struct acl_handle* handle, const char* nick)
 {
+	char* data = 0;
 	struct hub_user_access_info* info = hub_malloc_zero(sizeof(struct hub_user_access_info));
+
 	if (!info)
 	{
 		LOG_ERROR("ACL error: Out of memory!");
 		return -1;
 	}
-	list_append(handle->users_banned, hub_strdup(nick));
+
+	data = hub_strdup(nick);
+	if (!data)
+	{
+		LOG_ERROR("ACL error: Out of memory!");
+		hub_free(info);
+		return -1;
+	}
+
+	list_append(handle->users_banned, data);
 	return 0;
 }
 
 int acl_user_ban_cid(struct acl_handle* handle, const char* cid)
 {
+	char* data;
 	struct hub_user_access_info* info = hub_malloc_zero(sizeof(struct hub_user_access_info));
 	if (!info)
 	{
 		LOG_ERROR("ACL error: Out of memory!");
 		return -1;
 	}
-	list_append(handle->cids, hub_strdup(cid));
+
+	data = hub_strdup(cid);
+	if (!data)
+	{
+		LOG_ERROR("ACL error: Out of memory!");
+		hub_free(info);
+		return -1;
+	}
+
+	list_append(handle->cids, data);
 	return 0;
 }
 
@@ -431,12 +452,12 @@ int acl_is_ip_nat_override(struct acl_handle* handle, const char* ip_address)
  */
 const char* acl_password_generate_challenge(struct acl_handle* acl, struct hub_user* user)
 {
-	char buf[32];
+	char buf[64];
 	uint64_t tiger_res[3];
 	static char tiger_buf[MAX_CID_LEN+1];
 
 	// FIXME: Generate a better nonce scheme.
-	snprintf(buf, 32, "%p%d%d", user, (int) user->id.sid, (int) user->connection->sd);
+	snprintf(buf, 64, "%p%d%d", user, (int) user->id.sid, (int) user->connection->sd);
 
 	tiger((uint64_t*) buf, strlen(buf), (uint64_t*) tiger_res);
 	base32_encode((unsigned char*) tiger_res, TIGERSIZE, tiger_buf);

src/core/commands.c

@@ -77,7 +77,7 @@ static struct hub_command* command_create(const char* message)
 	}
 
 	char* prefix = list_get_first(cmd->args);
-	if (prefix[0] && prefix[1])
+	if (prefix && prefix[0] && prefix[1])
 	{
 		cmd->prefix = hub_strdup(&prefix[1]);
 		cmd->prefix_len = strlen(cmd->prefix);
@@ -235,6 +235,9 @@ static int command_uptime(struct hub_info* hub, struct hub_user* user, struct hu
 static int command_kick(struct hub_info* hub, struct hub_user* user, struct hub_command* cmd)
 {
 	char* nick = list_get_first(cmd->args);
+	if (!nick)
+		return -1; // FIXME: bad syntax.
+
 	struct hub_user* target = uman_get_user_by_nick(hub, nick);
 	
 	if (!target)
@@ -250,6 +253,9 @@ static int command_kick(struct hub_info* hub, struct hub_user* user, struct hub_
 static int command_ban(struct hub_info* hub, struct hub_user* user, struct hub_command* cmd)
 {
 	char* nick = list_get_first(cmd->args);
+	if (!nick)
+		return -1; // FIXME: bad syntax.
+
 	struct hub_user* target = uman_get_user_by_nick(hub, nick);
 
 	if (!target)
@@ -299,6 +305,9 @@ static int command_getip(struct hub_info* hub, struct hub_user* user, struct hub
 	char tmp[128];
 
 	char* nick = list_get_first(cmd->args);
+	if (!nick);
+		return -1; // FIXME: bad syntax/OOM
+
 	struct hub_user* target = uman_get_user_by_nick(hub, nick);
 
 	if (!target)
@@ -316,11 +325,17 @@ static int command_whoip(struct hub_info* hub, struct hub_user* user, struct hub
 	struct hub_user* u;
 	int ret = 0;
 
+	if (!address)
+		return -1; // FIXME: bad syntax.
+
 	ret = ip_convert_address_to_range(address, &range);
 	if (!ret)
 		return command_status(hub, user, cmd, "Invalid IP address/range/mask");
 
 	users = (struct linked_list*) list_create();
+	if (!users)
+		return -1; // FIXME: OOM
+
 	ret = uman_get_user_by_addr(hub, users, &range);
 
 	if (!ret)
@@ -333,6 +348,12 @@ static int command_whoip(struct hub_info* hub, struct hub_user* user, struct hub
 	snprintf(tmp, 128, "*** %s: Found %d match%s:", cmd->prefix, ret, ((ret != 1) ? "es" : ""));
 
 	char* buffer = hub_malloc(((MAX_NICK_LEN + INET6_ADDRSTRLEN + 5) * ret) + strlen(tmp) + 3);
+	if (!buffer)
+	{
+		list_destroy(users);
+		return -1; // FIXME: OOM
+	}
+
 	buffer[0] = 0;
 	strcat(buffer, tmp);
 	strcat(buffer, "\n");
@@ -350,6 +371,7 @@ static int command_whoip(struct hub_info* hub, struct hub_user* user, struct hub
 
 	send_message(hub, user, buffer);
 	hub_free(buffer);
+	list_destroy(users);
 	return 0;
 }
 

src/core/hub.c

@@ -102,6 +102,7 @@ int hub_handle_support(struct hub_info* hub, struct hub_user* u, struct adc_mess
 	if (hub->status == hub_status_disabled && u->state == state_protocol)
 	{
 		on_login_failure(hub, u, status_msg_hub_disabled);
+		hub_free(arg);
 		return -1;
 	}
 

src/core/inf.c

@@ -46,8 +46,11 @@ static int set_feature_cast_supports(struct hub_user* u, struct adc_message* cmd
 	if (adc_msg_has_named_argument(cmd, ADC_INF_FLAG_SUPPORT))
 	{
 		tmp = adc_msg_get_named_argument(cmd, ADC_INF_FLAG_SUPPORT);
+		if (!tmp)
+			return -1; // FIXME: OOM
+
 		user_clear_feature_cast_support(u);
-		
+
 		it = tmp;
 		while (strlen(it) > 4)
 		{

src/core/netevent.c

@@ -111,7 +111,6 @@ int handle_net_read(struct hub_user* user)
 					if (hub_handle_message(g_hub, user, start, (pos - start)) == -1)
 					{
 							return quit_protocol_error;
-							break;
 					}
 				}
 			}

src/core/route.c

@@ -86,7 +86,7 @@ static inline int check_send_queue(struct hub_info* hub, struct hub_user* user,
 		return -1;
 	}
 
-	if (user->send_queue->size > get_max_send_queue_soft(hub) && msg->priority < 0)
+	if (user->send_queue->size > get_max_send_queue_soft(hub))
 	{
 		LOG_WARN("send queue soft overflowed.");
 		return 0;

src/core/usermanager.c

@@ -101,9 +101,10 @@ int uman_init(struct hub_info* hub)
 	if (!users->list)
 	{
 		list_destroy(users->list);
+		hub_free(users);
 		return -1;
 	}
-	
+
 	hub->users = users;
 
 #ifdef USERMANAGER_TIMER