Browse code

safe-checking of malloc added

Jiri Kuthan authored on 06/12/2001 23:00:24
Showing 3 changed files
... ...
@@ -128,19 +128,18 @@ struct cell*  build_cell( struct sip_msg* p_msg )
128 128
 
129 129
     /* do we have the source for the build process? */
130 130
    if (!p_msg)
131
-      return 0;
131
+      return NULL;
132 132
 
133 133
    /* allocs a new cell */
134 134
    new_cell = (struct cell*)sh_malloc( sizeof( struct cell ) );
135 135
    if  ( !new_cell )
136
-      return 0;
136
+      return NULL;
137 137
 
138 138
    /* filling with 0 */
139 139
    memset( new_cell, 0, sizeof( struct cell ) );
140 140
    /* hash index of the entry */
141 141
    new_cell->hash_index = hash( p_msg->callid->body , get_cseq(p_msg)->number );
142 142
    /* mutex */
143
-   init_cell_lock(  new_cell );
144 143
    /* ref counter is 0 */
145 144
    /* all pointers from timers list tl are NULL */
146 145
    new_cell->wait_tl.payload = new_cell;
... ...
@@ -148,8 +147,11 @@ struct cell*  build_cell( struct sip_msg* p_msg )
148 147
 
149 148
    /* inbound request */
150 149
    /* force parsing all the needed headers*/
151
-   parse_headers(p_msg, HDR_EOH );
150
+   if (parse_headers(p_msg, HDR_EOH )==-1)
151
+	goto error;
152 152
    new_cell->inbound_request =  sip_msg_cloner(p_msg) ;
153
+   if (!new_cell->inbound_request)
154
+	goto error;
153 155
    /* inbound response is NULL*/
154 156
    /* status is 0 */
155 157
    /* tag pointer is NULL */
... ...
@@ -162,7 +164,13 @@ struct cell*  build_cell( struct sip_msg* p_msg )
162 164
    new_cell->T_canceled  = T_UNDEFINED;
163 165
    new_cell->T_canceler  = T_UNDEFINED;
164 166
 
167
+   init_cell_lock(  new_cell );
168
+
165 169
    return new_cell;
170
+
171
+error:
172
+	sh_free(new_cell);
173
+	return NULL;
166 174
 }
167 175
 
168 176
 
... ...
@@ -16,15 +16,22 @@ struct sip_msg* sip_msg_cloner( struct sip_msg *org_msg )
16 16
 
17 17
     /* clones the sip_msg structure */
18 18
     new_msg = (struct sip_msg*)sh_malloc( sizeof( struct sip_msg) );
19
+    if (!new_msg) return NULL;
19 20
     memcpy( new_msg , org_msg , sizeof( struct sip_msg) );
20 21
 
21 22
     /* the original message - orig ( char*  type) */
22 23
     new_msg->orig = (char*)sh_malloc( new_msg->len+1 );
24
+    if (!new_msg->orig) {
25
+	goto error;
26
+    }
23 27
     memcpy( new_msg->orig , org_msg->orig, new_msg->len );
24 28
     new_msg->orig[ new_msg->len ] = 0;
25 29
 
26 30
     /* the scratch pad - buf ( char* type) */
27 31
     new_msg->buf = (char*)sh_malloc( new_msg->len+1 );
32
+    if (!new_msg->buf) {
33
+	goto error;
34
+    }
28 35
     memcpy( new_msg->buf , org_msg->buf, new_msg->len );
29 36
     new_msg->buf[ new_msg->len ] = 0;
30 37
 
... ...
@@ -54,19 +61,33 @@ struct sip_msg* sip_msg_cloner( struct sip_msg *org_msg )
54 61
 	new_msg->first_line.u.reply.reason.s =  translate_pointer( new_msg->buf , org_msg->buf , org_msg->first_line.u.reply.reason.s );
55 62
     }
56 63
 
64
+    /* new_uri  ( str type )*/
65
+    if (!(new_msg->new_uri.s = (char*)sh_malloc( org_msg->new_uri.len )))
66
+	goto error;
67
+    memcpy( new_msg->new_uri.s , org_msg->new_uri.s , org_msg->new_uri.len );
68
+
69
+    /* add_rm ( struct lump* )  -> have to be changed!!!!!!! */
70
+    new_msg->add_rm  = 0;
71
+    /* repl_add_rm ( struct lump* ) -> have to be changed!!!!!!!  */
72
+    new_msg->repl_add_rm  = 0;
73
+
57 74
     /* all the headers */
58 75
     new_msg->via1=0;
59 76
     new_msg->via2=0;
60 77
     for( header = org_msg->headers , last_hdr=0  ;  header ; header=header->next)
61 78
     {
79
+	new_hdr = header_cloner( new_msg , org_msg , header );
80
+	if (!new_hdr) 
81
+		goto error;
62 82
 	switch ( header->type )
63 83
 	{
64 84
 	    case HDR_VIA :
65
-		new_hdr = header_cloner( new_msg , org_msg , header );
66 85
 		if ( !new_msg->via1 )
67 86
 		{
68 87
 		    new_msg->h_via1 = new_hdr;
69 88
 		    new_msg->via1 = via_body_cloner( new_msg->buf , org_msg->buf , (struct via_body*)header->parsed );
89
+		    if (!new_msg->via1) goto hf_error;
90
+		    
70 91
 		    new_hdr->parsed  = (void*)new_msg->via1;
71 92
 		     if ( new_msg->via1->next )
72 93
 		        new_msg->via2 = new_msg->via1->next;
... ...
@@ -78,23 +99,24 @@ struct sip_msg* sip_msg_cloner( struct sip_msg *org_msg )
78 99
 		        new_hdr->parsed = (void*)new_msg->via1->next;
79 100
 		     else{
80 101
 		        new_msg->via2 = via_body_cloner( new_msg->buf , org_msg->buf , (struct via_body*)header->parsed );
102
+			if (!new_msg->via2) goto hf_error;
81 103
 		        new_hdr->parsed  = (void*)new_msg->via2;
82 104
 		     }
83 105
 		}
84 106
 		else if ( new_msg->via2 && new_msg->via1 )
85 107
 		{
86 108
 		    new_hdr->parsed  = new_msg->via1 = via_body_cloner( new_msg->buf , org_msg->buf , (struct via_body*)header->parsed );
109
+		    if (!new_hdr->parsed) goto hf_error;
87 110
 		}
88 111
 		break;
89 112
 	    case HDR_FROM :
90
-		new_hdr = header_cloner( new_msg , org_msg , header );
91 113
 		new_msg->from = new_hdr;
92 114
 		break;
93 115
 	    case HDR_CSEQ :
94
-		new_hdr = header_cloner( new_msg , org_msg , header );
95 116
 		if (header->parsed)
96 117
 		{
97 118
 		  new_hdr->parsed = (void*)sh_malloc( sizeof(struct cseq_body) );
119
+		  if (!new_hdr->parsed) goto hf_error;
98 120
 		  memcpy( new_hdr->parsed , header->parsed , sizeof(struct cseq_body) );
99 121
 		  ((struct cseq_body*)new_hdr->parsed)->number.s = translate_pointer( new_msg->buf , org_msg->buf , ((struct cseq_body*)header->parsed)->number.s );
100 122
 		  ((struct cseq_body*)new_hdr->parsed)->method.s = translate_pointer( new_msg->buf , org_msg->buf , ((struct cseq_body*)header->parsed)->method.s );
... ...
@@ -102,15 +124,12 @@ struct sip_msg* sip_msg_cloner( struct sip_msg *org_msg )
102 124
 		new_msg->cseq = new_hdr;
103 125
 		break;
104 126
 	    case HDR_CALLID :
105
-		new_hdr = header_cloner( new_msg , org_msg , header );
106 127
 		new_msg->callid = new_hdr;
107 128
 		break;
108 129
 	    case HDR_CONTACT :
109
-		new_hdr = header_cloner( new_msg , org_msg , header );
110 130
 		new_msg->contact = new_hdr;
111 131
 		break;
112 132
 	    default :
113
-		new_hdr = header_cloner( new_msg , org_msg , header );
114 133
 		break;
115 134
 	}
116 135
 
... ...
@@ -124,22 +143,14 @@ struct sip_msg* sip_msg_cloner( struct sip_msg *org_msg )
124 143
 	    last_hdr=new_hdr;
125 144
 	    new_msg->headers =new_hdr;
126 145
 	}
146
+    	last_hdr->next = 0;
147
+    	new_msg->last_header = last_hdr;
127 148
     }
128 149
 
129
-    last_hdr->next = 0;
130
-    new_msg->last_header = last_hdr;
131
-
132
-    /* new_uri  ( str type )*/
133
-    new_msg->new_uri.s = (char*)sh_malloc( org_msg->new_uri.len );
134
-    memcpy( new_msg->new_uri.s , org_msg->new_uri.s , org_msg->new_uri.len );
135
-
136
-    /* add_rm ( struct lump* )  -> have to be changed!!!!!!! */
137
-    new_msg->add_rm  = 0;
138
-    /* repl_add_rm ( struct lump* ) -> have to be changed!!!!!!!  */
139
-    new_msg->repl_add_rm  = 0;
140
-
141 150
     return new_msg;
142 151
 
152
+hf_error:
153
+	sh_free( new_hdr );
143 154
 error:
144 155
 	sip_msg_free( new_msg );
145 156
 	sh_free( new_msg );
... ...
@@ -156,6 +167,7 @@ struct via_body* via_body_cloner( char* new_buf , char *org_buf , struct via_bod
156 167
 
157 168
     /* clones the via_body structure */
158 169
     new_via = (struct via_body*)sh_malloc( sizeof( struct via_body) );
170
+    if (!new_via) return NULL;
159 171
     memcpy( new_via , org_via , sizeof( struct via_body) );
160 172
 
161 173
     /* hdr (str type) */
... ...
@@ -175,12 +187,27 @@ struct via_body* via_body_cloner( char* new_buf , char *org_buf , struct via_bod
175 187
     /* comment (str type) */
176 188
     new_via->comment.s = translate_pointer( new_buf , org_buf , org_via->comment.s );
177 189
 
178
-    if ( new_via->param_lst )
190
+    if ( org_via->next ) {
191
+        new_via->next = via_body_cloner( new_buf , org_buf , org_via->next );
192
+	if (!new_via->next)
193
+		goto error;
194
+    }
195
+
196
+    new_via->param_lst = NULL;
197
+    if ( org_via->param_lst )
179 198
     {
180
-       struct via_param *vp, *new_vp, *last_new_vp;
199
+       struct via_param *vp, *new_vp, *last_new_vp, *delete_i, *dummy;
181 200
        for( vp=org_via->param_lst, last_new_vp=0 ; vp ; vp=vp->next )
182 201
        {
183 202
           new_vp = (struct via_param*)sh_malloc(sizeof(struct via_param));
203
+	  if (!new_vp) {
204
+		for (delete_i=new_via->param_lst; delete_i;  ) {
205
+			dummy=delete_i->next;
206
+			sh_free( delete_i );
207
+			delete_i = dummy;
208
+		}
209
+		goto error;
210
+	  }
184 211
           memcpy( new_vp , vp , sizeof(struct via_param));
185 212
           new_vp->name.s = translate_pointer( new_buf , org_buf , vp->name.s );
186 213
           new_vp->value.s = translate_pointer( new_buf , org_buf , vp->value.s );
... ...
@@ -194,15 +221,18 @@ struct via_body* via_body_cloner( char* new_buf , char *org_buf , struct via_bod
194 221
              new_via->param_lst = new_vp;
195 222
 
196 223
           last_new_vp = new_vp;
224
+	  last_new_vp->next = NULL;
197 225
        }
198 226
        new_via->last_param = new_vp;
199 227
     }
200 228
 
201 229
 
202
-    if ( org_via->next )
203
-        new_via->next = via_body_cloner( new_buf , org_buf , org_via->next );
204 230
 
205 231
    return new_via;
232
+
233
+error:
234
+	sh_free(new_via);
235
+	return NULL;
206 236
 }
207 237
 
208 238
 
... ...
@@ -213,6 +243,7 @@ struct hdr_field* header_cloner( struct sip_msg *new_msg , struct sip_msg *org_m
213 243
     struct hdr_field* new_hdr;
214 244
 
215 245
     new_hdr = (struct hdr_field*)sh_malloc( sizeof(struct hdr_field) );
246
+    if (!new_hdr) return NULL;
216 247
     memcpy( new_hdr , org_hdr , sizeof(struct hdr_field) );
217 248
 
218 249
     /* name */
... ...
@@ -625,7 +625,6 @@ int t_send_reply(  struct sip_msg* p_msg , unsigned int code , char * text )
625 625
    T->outbound_response->retr_buffer   = (char*)sh_malloc( len );
626 626
    if (!T->outbound_response->retr_buffer)
627 627
    {
628
-      T->outbound_response->retr_buffer = NULL;
629 628
       LOG(L_ERR, "ERROR: t_send_reply: cannot allocate shmem buffer\n");
630 629
      goto error;
631 630
    }
... ...
@@ -857,18 +856,22 @@ nomatch:
857 856
 int t_store_incoming_reply( struct cell* Trans, unsigned int branch, struct sip_msg* p_msg )
858 857
 {
859 858
    DBG("DEBUG: t_store_incoming_reply: starting [%d]....\n",branch);
860
-   /* if there is a previous reply, replace it */
861
-   if ( Trans->inbound_response[branch] )
862
-      sip_msg_free( Trans->inbound_response[branch] ) ;
863
-   DBG("DEBUG: t_store_incoming_reply: sip_msg_free done....\n");
864 859
    /* force parsing all the needed headers*/
865
-   if ( parse_headers(p_msg, HDR_VIA1|HDR_VIA2|HDR_TO )==-1 ||
866
-        !p_msg->via1 || !p_msg->via2 || !p_msg->to )
860
+   if ( parse_headers(p_msg, HDR_VIA1|HDR_VIA2|HDR_TO|HDR_CSEQ )==-1 ||
861
+        !p_msg->via1 || !p_msg->via2 || !p_msg->to || !p_msg->cseq )
867 862
    {
868 863
       LOG( L_ERR , "ERROR: t_store_incoming_reply: unable to parse headers !\n"  );
869 864
       return -1;
870 865
    }
866
+   /* if there is a previous reply, replace it */
867
+   if ( Trans->inbound_response[branch] ) {
868
+      sip_msg_free( Trans->inbound_response[branch] ) ;
869
+      DBG("DEBUG: t_store_incoming_reply: sip_msg_free done....\n");
870
+   }
871
+
871 872
    Trans->inbound_response[branch] = sip_msg_cloner( p_msg );
873
+   if (!Trans->inbound_response[branch])
874
+	return -1;
872 875
    Trans->status = p_msg->first_line.u.reply.statuscode;
873 876
    DBG("DEBUG: t_store_incoming_reply: reply stored\n");
874 877
    return 1;