From 827334870da4f223710c5c768d472ec13cf631fb Mon Sep 17 00:00:00 2001 From: Jim Warner Date: Fri, 2 Dec 2011 17:17:02 -0600 Subject: [PATCH] library: exploit enhanced library memory allocation provisions There were numerous library memory allocation inconsistencies. Some were checked for failure and others were not. All library source modules were modified to utilize the alloc.h memory rouines which are consistent in dealing with errors. --- proc/devname.c | 3 ++- proc/ksym.c | 21 +++++---------------- proc/pwcache.c | 2 +- proc/readproc.c | 28 ++++++++++++---------------- proc/slab.c | 5 ++--- proc/sysinfo.c | 7 ++++--- 6 files changed, 26 insertions(+), 40 deletions(-) diff --git a/proc/devname.c b/proc/devname.c index 32ad9540..6e8d2863 100644 --- a/proc/devname.c +++ b/proc/devname.c @@ -18,6 +18,7 @@ #include #include "version.h" #include "devname.h" +#include "alloc.h" // This is the buffer size for a tty name. Any path is legal, // which makes PAGE_SIZE appropriate (see kernel source), but @@ -75,7 +76,7 @@ static void load_drivers(void){ end = strchr(p, ' '); if(!end) continue; len = end - p; - tmn = calloc(1, sizeof(tty_map_node)); + tmn = xcalloc(sizeof(tty_map_node)); tmn->next = tty_map; tty_map = tmn; /* if we have a devfs type name such as /dev/tts/%d then strip the %d but diff --git a/proc/ksym.c b/proc/ksym.c index 2e5379f6..1e10f72f 100644 --- a/proc/ksym.c +++ b/proc/ksym.c @@ -20,6 +20,7 @@ #include #include #include "procps.h" +#include "alloc.h" #include "version.h" #include "sysinfo.h" /* smp_num_cpus */ #include "wchan.h" // to verify prototypes @@ -230,8 +231,7 @@ static void read_file(const char *restrict filename, char **bufp, unsigned *rest unsigned room = *roomp; if(!room) goto hell; /* failed before */ - if(!buf) buf = malloc(room); - if(!buf) goto hell; + if(!buf) buf = xmalloc(room); open_again: fd = open(filename, O_RDONLY|O_NOCTTY|O_NONBLOCK); if(fd<0){ @@ -257,8 +257,7 @@ open_again: total += done; /* more to go, but no room in buffer */ room *= 2; - tmp = realloc(buf, room); - if(!tmp) goto hell; + tmp = xrealloc(buf, room); buf = tmp; continue; } @@ -296,8 +295,7 @@ static int parse_ksyms(void) { for(;;){ void *vp; idx_room *= 2; - vp = realloc(ksyms_index, sizeof(symb)*idx_room); - if(!vp) goto bad_alloc; + vp = xrealloc(ksyms_index, sizeof(symb)*idx_room); ksyms_index = vp; bypass: for(;;){ @@ -317,10 +315,6 @@ bypass: } } - if(0){ -bad_alloc: - fprintf(stderr, "Warning: not enough memory available\n"); - } if(0){ bad_parse: fprintf(stderr, "Warning: "KSYMS_FILENAME" not normal\n"); @@ -367,8 +361,7 @@ static int sysmap_mmap(const char *restrict const filename, message_fn message) for(;;){ void *vp; sysmap_room *= 2; - vp = realloc(sysmap_index, sizeof(symb)*sysmap_room); - if(!vp) goto bad_alloc; + vp = xrealloc(sysmap_index, sizeof(symb)*sysmap_room); sysmap_index = vp; for(;;){ char *vstart; @@ -434,10 +427,6 @@ bad_version: message("Warning: %s has an incorrect kernel version.\n", filename); } if(0){ -bad_alloc: - message("Warning: not enough memory available\n"); - } - if(0){ bad_parse: message("Warning: %s not parseable as a System.map\n", filename); } diff --git a/proc/pwcache.c b/proc/pwcache.c index ab7e5281..4b6c455b 100644 --- a/proc/pwcache.c +++ b/proc/pwcache.c @@ -65,7 +65,7 @@ char *group_from_gid(gid_t gid) { return((*g)->name); g = &(*g)->next; } - *g = (struct grpbuf *) malloc(sizeof(struct grpbuf)); + *g = (struct grpbuf *) xmalloc(sizeof(struct grpbuf)); (*g)->gid = gid; gr = getgrgid(gid); if (!gr || strlen(gr->gr_name) >= P_G_SZ) diff --git a/proc/readproc.c b/proc/readproc.c index 45ec4150..0a59f54a 100644 --- a/proc/readproc.c +++ b/proc/readproc.c @@ -345,7 +345,7 @@ ENTER(0x220); if (' ' == P->supgid[j]) P->supgid[j] = ','; } else - P->supgid = strdup("-"); + P->supgid = xstrdup("-"); continue; } case_CapBnd: @@ -402,7 +402,7 @@ static void supgrps_from_supgids (proc_t *p) { int t; if (!p->supgid || '-' == *p->supgid) { - p->supgrp = strdup("-"); + p->supgrp = xstrdup("-"); return; } s = p->supgid; @@ -410,7 +410,7 @@ static void supgrps_from_supgids (proc_t *p) { do { if (',' == *s) ++s; g = group_from_gid((uid_t)strtol(s, &s, 10)); - p->supgrp = realloc(p->supgrp, P_G_SZ+t+2); + p->supgrp = xrealloc(p->supgrp, P_G_SZ+t+2); t += snprintf(p->supgrp+t, P_G_SZ+2, "%s%s", t ? "," : "", g); } while (*s); } @@ -620,7 +620,7 @@ static char** vectorize_this_str (const char* src) { tot = strlen(src) + 1; // prep for our vectors adj = (pSZ-1) - ((tot + pSZ-1) & (pSZ-1)); // calc alignment bytes - cpy = xcalloc(NULL, tot + adj + (2 * pSZ)); // get new larger buffer + cpy = xcalloc(tot + adj + (2 * pSZ)); // get new larger buffer snprintf(cpy, tot, "%s", src); // duplicate their string vec = (char**)(cpy + tot + adj); // prep pointer to pointers *vec = cpy; // point 1st vector to string @@ -1012,7 +1012,7 @@ proc_t* readproc(PROCTAB *restrict const PT, proc_t *restrict p) { // } saved_p = p; - if(!p) p = xcalloc(NULL, sizeof *p); + if(!p) p = xcalloc(sizeof *p); else free_acquired(p, 1); for(;;){ @@ -1041,7 +1041,7 @@ proc_t* readtask(PROCTAB *restrict const PT, const proc_t *restrict const p, pro proc_t *saved_t; saved_t = t; - if(!t) t = xcalloc(NULL, sizeof *t); + if(!t) t = xcalloc(sizeof *t); else free_acquired(t, 1); // 1. got to fake a thread for old kernels @@ -1098,7 +1098,7 @@ extern proc_t* readeither (PROCTAB *restrict const PT, proc_t *restrict x) { proc_t *saved_x, *ret; saved_x = x; - if (!x) x = xcalloc(NULL, sizeof(*x)); + if (!x) x = xcalloc(sizeof(*x)); else free_acquired(x,1); if (new_p) goto next_task; @@ -1257,15 +1257,13 @@ proc_data_t *readproctab2(int(*want_proc)(proc_t *buf), int(*want_task)(proc_t * if(n_alloc == n_used){ //proc_t *old = data; n_alloc = n_alloc*5/4+30; // grow by over 25% - data = realloc(data,sizeof(proc_t)*n_alloc); - //if(!data) return NULL; + data = xrealloc(data,sizeof(proc_t)*n_alloc); memset(data+n_used, 0, sizeof(proc_t)*(n_alloc-n_used)); } if(n_proc_alloc == n_proc){ //proc_t **old = ptab; n_proc_alloc = n_proc_alloc*5/4+30; // grow by over 25% - ptab = realloc(ptab,sizeof(proc_t*)*n_proc_alloc); - //if(!ptab) return NULL; + ptab = xrealloc(ptab,sizeof(proc_t*)*n_proc_alloc); } tmp = readproc_direct(PT, data+n_used); if(!tmp) break; @@ -1277,17 +1275,15 @@ proc_data_t *readproctab2(int(*want_proc)(proc_t *buf), int(*want_task)(proc_t * if(n_alloc == n_used){ proc_t *old = data; n_alloc = n_alloc*5/4+30; // grow by over 25% - data = realloc(data,sizeof(proc_t)*n_alloc); + data = xrealloc(data,sizeof(proc_t)*n_alloc); // have to move tmp too tmp = data+(tmp-old); - //if(!data) return NULL; memset(data+n_used+1, 0, sizeof(proc_t)*(n_alloc-(n_used+1))); } if(n_task_alloc == n_task){ //proc_t **old = ttab; n_task_alloc = n_task_alloc*5/4+1; // grow by over 25% - ttab = realloc(ttab,sizeof(proc_t*)*n_task_alloc); - //if(!ttab) return NULL; + ttab = xrealloc(ttab,sizeof(proc_t*)*n_task_alloc); } t = readtask_direct(PT, tmp, data+n_used); if(!t) break; @@ -1325,7 +1321,7 @@ proc_data_t *readproctab3 (int(*want_task)(proc_t *buf), PROCTAB *restrict const for (;;) { if (n_alloc == n_used) { n_alloc = n_alloc*5/4+30; // grow by over 25% - tab = realloc(tab,sizeof(proc_t*)*n_alloc); + tab = xrealloc(tab,sizeof(proc_t*)*n_alloc); } // let this next guy allocate the necessary proc_t storage // (or recycle it) since he can't tolerate realloc relocations diff --git a/proc/slab.c b/proc/slab.c index d53b327d..ca41bf9e 100644 --- a/proc/slab.c +++ b/proc/slab.c @@ -18,6 +18,7 @@ #include "slab.h" #include "procps.h" +#include "alloc.h" #define SLABINFO_LINE_LEN 2048 #define SLABINFO_VER_LEN 100 @@ -41,9 +42,7 @@ static struct slab_info *get_slabnode(void) node = free_index; free_index = free_index->next; } else { - node = malloc(sizeof(struct slab_info)); - if (!node) - perror("malloc"); + node = xmalloc(sizeof(struct slab_info)); } return node; diff --git a/proc/sysinfo.c b/proc/sysinfo.c index 8e3ea19d..ee5f16fe 100644 --- a/proc/sysinfo.c +++ b/proc/sysinfo.c @@ -17,6 +17,7 @@ #include #include +#include "alloc.h" #include "version.h" #include "sysinfo.h" /* include self to verify prototypes */ @@ -870,7 +871,7 @@ unsigned int getdiskstat(struct disk_stat **disks, struct partition_stat **parti } fields = sscanf(buff, " %*d %*d %15s %*u %*u %*u %*u %*u %*u %*u %*u %*u %*u %u", devname, &dummy); if (fields == 2 && is_disk(devname)){ - (*disks) = realloc(*disks, (cDisk+1)*sizeof(struct disk_stat)); + (*disks) = xrealloc(*disks, (cDisk+1)*sizeof(struct disk_stat)); sscanf(buff, " %*d %*d %15s %u %u %llu %u %u %u %llu %u %u %u %u", //&disk_major, //&disk_minor, @@ -890,7 +891,7 @@ unsigned int getdiskstat(struct disk_stat **disks, struct partition_stat **parti (*disks)[cDisk].partitions=0; cDisk++; }else{ - (*partitions) = realloc(*partitions, (cPartition+1)*sizeof(struct partition_stat)); + (*partitions) = xrealloc(*partitions, (cPartition+1)*sizeof(struct partition_stat)); fflush(stdout); sscanf(buff, (fields == 2) ? " %*d %*d %15s %u %*u %llu %*u %u %*u %llu %*u %*u %*u %*u" @@ -924,7 +925,7 @@ unsigned int getslabinfo (struct slab_cache **slab){ while (fgets(buff,BUFFSIZE-1,fd)){ if(!memcmp("slabinfo - version:",buff,19)) continue; // skip header if(*buff == '#') continue; // skip comments - (*slab) = realloc(*slab, (cSlab+1)*sizeof(struct slab_cache)); + (*slab) = xrealloc(*slab, (cSlab+1)*sizeof(struct slab_cache)); sscanf(buff, "%47s %u %u %u %u", // allow 47; max seen is 24 (*slab)[cSlab].name, &(*slab)[cSlab].active_objs,