[PATCH 12/10] Check all oc_text_buf for errors (e.g. out-of-memory) before using their contents

Daniel Lenski dlenski at gmail.com
Fri Jan 12 18:18:07 PST 2018 

Signed-off-by: Daniel Lenski <dlenski at gmail.com>
---
 auth-globalprotect.c | 19 ++++++++++++++-----
 gpst.c               | 26 +++++++++++++++++++-------
 2 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/auth-globalprotect.c b/auth-globalprotect.c
index d3799d6..4ef37f7 100644
--- a/auth-globalprotect.c
+++ b/auth-globalprotect.c
@@ -161,8 +161,7 @@ static int parse_login_xml(struct openconnect_info *vpninfo, xmlNode *xml_node)
 
 	vpninfo->cookie = cookie->data;
 	cookie->data = NULL;
-	buf_free(cookie);
-	return 0;
+	return buf_free(cookie);
 
 err_out:
 	free(value);
@@ -269,9 +268,14 @@ gateways:
 	}
 
 	buf_append(buf, "  </ServerList>\n</GPPortal>\n");
-	if (vpninfo->write_new_config && !buf_error(buf))
-		result = vpninfo->write_new_config(vpninfo->cbdata, buf->data, buf->pos);
-	buf_free(buf);
+	if (vpninfo->write_new_config) {
+		result = buf_error(buf);
+		if (!result)
+			result = vpninfo->write_new_config(vpninfo->cbdata, buf->data, buf->pos);
+		buf_free(buf);
+		if (result)
+			goto out;
+	}
 
 	/* process static auth form to select gateway */
 	result = process_auth_form(vpninfo, &form);
@@ -342,6 +346,8 @@ static int gpst_login(struct openconnect_info *vpninfo, int portal)
 		if (auth_id)
 			append_opt(request_body, "inputStr", form->auth_id);
 		append_form_opts(vpninfo, form, request_body);
+		if ((result = buf_error(request_body)))
+			goto out;
 
 		orig_path = vpninfo->urlpath;
 		vpninfo->urlpath = strdup(portal ? "global-protect/getconfig.esp" : "ssl-vpn/login.esp");
@@ -423,6 +429,8 @@ int gpst_bye(struct openconnect_info *vpninfo, const char *reason)
 	 */
 	append_opt(request_body, "computer", vpninfo->localname);
 	buf_append(request_body, "&%s", vpninfo->cookie);
+	if ((result = buf_error(request_body)))
+		goto out;
 
 	/* We need to close and reopen the HTTPS connection (to kill
 	 * the tunnel session) and submit a new HTTPS request to
@@ -445,6 +453,7 @@ int gpst_bye(struct openconnect_info *vpninfo, const char *reason)
 	else
 		vpn_progress(vpninfo, PRG_INFO, _("Logout successful\n"));
 
+out:
 	buf_free(request_body);
 	free(xml_buf);
 	return result;
diff --git a/gpst.c b/gpst.c
index 68b94f7..0428dbd 100644
--- a/gpst.c
+++ b/gpst.c
@@ -573,6 +573,8 @@ static int gpst_get_config(struct openconnect_info *vpninfo)
 		filter_opts(request_body, vpninfo->cookie, "preferred-ip", 0);
 	} else
 		buf_append(request_body, "&%s", vpninfo->cookie);
+	if ((result = buf_error(request_body)))
+		goto out;
 
 	orig_path = vpninfo->urlpath;
 	vpninfo->urlpath = strdup("ssl-vpn/getconfig.esp");
@@ -632,6 +634,7 @@ static int gpst_connect(struct openconnect_info *vpninfo)
 {
 	int ret;
 	struct oc_text_buf *reqbuf;
+	const char start_tunnel[12] = "START_TUNNEL"; /* NOT zero-terminated */
 	char buf[256];
 
 	/* Connect to SSL VPN tunnel */
@@ -646,31 +649,33 @@ static int gpst_connect(struct openconnect_info *vpninfo)
 	buf_append(reqbuf, "GET %s?", vpninfo->urlpath);
 	filter_opts(reqbuf, vpninfo->cookie, "user,authcookie", 1);
 	buf_append(reqbuf, " HTTP/1.1\r\n\r\n");
+	if ((ret = buf_error(reqbuf)))
+		goto out;
 
 	if (vpninfo->dump_http_traffic)
 		dump_buf(vpninfo, '>', reqbuf->data);
 
 	vpninfo->ssl_write(vpninfo, reqbuf->data, reqbuf->pos);
-	buf_free(reqbuf);
 
 	if ((ret = vpninfo->ssl_read(vpninfo, buf, 12)) < 0) {
 		if (ret == -EINTR)
-			return ret;
+			goto out;
 		vpn_progress(vpninfo, PRG_ERR,
 		             _("Error fetching GET-tunnel HTTPS response.\n"));
-		return -EINVAL;
+		ret = -EINVAL;
+		goto out;
 	}
 
-	if (!strncmp(buf, "START_TUNNEL", 12)) {
+	if (!strncmp(buf, start_tunnel, sizeof(start_tunnel))) {
 		ret = 0;
 	} else if (ret==0) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("Gateway disconnected immediately after GET-tunnel request.\n"));
 		ret = -EPIPE;
 	} else {
-		if (ret==12) {
-			ret = vpninfo->ssl_gets(vpninfo, buf+12, 244);
-			ret = (ret>0 ? ret : 0) + 12;
+		if (ret==sizeof(start_tunnel)) {
+			ret = vpninfo->ssl_gets(vpninfo, buf+sizeof(start_tunnel), sizeof(buf)-sizeof(start_tunnel));
+			ret = (ret>0 ? ret : 0) + sizeof(start_tunnel);
 		}
 		vpn_progress(vpninfo, PRG_ERR,
 		             _("Got inappropriate HTTP GET-tunnel response: %.*s\n"), ret, buf);
@@ -688,6 +693,8 @@ static int gpst_connect(struct openconnect_info *vpninfo)
 			vpninfo->proto->udp_close(vpninfo);
 	}
 
+out:
+	buf_free(reqbuf);
 	return ret;
 }
 
@@ -748,12 +755,15 @@ static int build_csd_token(struct openconnect_info *vpninfo)
 	buf = buf_alloc();
 	append_opt(buf, "computer", vpninfo->localname);
 	filter_opts(buf, vpninfo->cookie, "authcookie,preferred-ip", 0);
+	if (buf_error(buf))
+		goto out;
 
 	/* save as csd_token */
 	openconnect_md5(md5, buf->data, buf->pos);
 	for (i=0; i < MD5_SIZE; i++)
 		sprintf(&vpninfo->csd_token[i*2], "%02x", md5[i]);
 
+out:
 	return buf_free(buf);
 }
 
@@ -781,6 +791,8 @@ static int check_or_submit_hip_report(struct openconnect_info *vpninfo, const ch
 			goto out;
 		append_opt(request_body, "md5", vpninfo->csd_token);
 	}
+	if ((result = buf_error(request_body)))
+		goto out;
 
 	orig_path = vpninfo->urlpath;
 	vpninfo->urlpath = strdup(report ? "ssl-vpn/hipreport.esp" : "ssl-vpn/hipreportcheck.esp");
-- 
2.7.4

More information about the openconnect-devel mailing list