about summary refs log tree commit diff
path: root/nis
diff options
context:
space:
mode:
Diffstat (limited to 'nis')
-rw-r--r--nis/nis_removemember.c7
-rw-r--r--nis/nis_subr.c41
-rw-r--r--nis/nis_table.c25
3 files changed, 51 insertions, 22 deletions
diff --git a/nis/nis_removemember.c b/nis/nis_removemember.c
index 930ca4311f..b9e27ab48c 100644
--- a/nis/nis_removemember.c
+++ b/nis/nis_removemember.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1997, 1998, 1999 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 1998, 1999, 2004 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
 
@@ -17,6 +17,7 @@
    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
    02111-1307 USA.  */
 
+#include <assert.h>
 #include <string.h>
 #include <rpcsvc/nis.h>
 
@@ -87,6 +88,10 @@ nis_removemember (const_nis_name member, const_nis_name group)
 	    }
 	}
       free (NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val);
+      assert (k <= NIS_RES_OBJECT(res)->GR_data.gr_members.gr_members_len);
+      /* This realloc() call always decreases the size.  This cannot
+	 fail.  We still have the test but do not recover memory
+	 (i.e., we overwrite the input pointer).  */
       newmem = realloc (newmem, k * sizeof (char*));
       if (newmem == NULL)
 	return NIS_NOMEMORY;
diff --git a/nis/nis_subr.c b/nis/nis_subr.c
index 47a22e38c1..78e58aeba9 100644
--- a/nis/nis_subr.c
+++ b/nis/nis_subr.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1997, 1999, 2000 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 1999, 2000, 2004 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
 
@@ -117,8 +117,11 @@ nis_getnames (const_nis_name name)
 {
   nis_name *getnames = NULL;
   char local_domain[NIS_MAXNAMELEN + 1];
-  char *path, *cp;
-  int count, pos, have_point;
+  char *path;
+  char *cp;
+  int count;
+  int pos = 0;
+  int have_point;
   char *saveptr;
 
   strncpy (local_domain, nis_local_directory (), NIS_MAXNAMELEN);
@@ -133,7 +136,13 @@ nis_getnames (const_nis_name name)
   if (name[strlen (name) - 1] == '.')
     {
       if ((getnames[0] = strdup (name)) == NULL)
-	return NULL;
+	{
+	free_null:
+	  while (pos-- > 0)
+	    free (getnames[pos]);
+	  free (getnames);
+	  return NULL;
+	}
 
       getnames[1] = NULL;
 
@@ -149,8 +158,6 @@ nis_getnames (const_nis_name name)
 
   have_point = (strchr (name, '.') != NULL);
 
-  pos = 0;
-
   cp = __strtok_r (path, ":", &saveptr);
   while (cp)
     {
@@ -164,14 +171,16 @@ nis_getnames (const_nis_name name)
 	      if (pos >= count)
 		{
 		  count += 5;
-		  getnames = realloc (getnames, (count + 1) * sizeof (char *));
-		  if (__builtin_expect (getnames == NULL, 0))
-		    return NULL;
+		  nis_name *newp = realloc (getnames,
+					    (count + 1) * sizeof (char *));
+		  if (__builtin_expect (newp == NULL, 0))
+		    goto free_null;
+		  getnames = newp;
 		}
 	      tmp = malloc (strlen (cptr) + strlen (local_domain) +
 			    strlen (name) + 2);
 	      if (__builtin_expect (tmp == NULL, 0))
-		return NULL;
+		goto free_null;
 
 	      getnames[pos] = tmp;
 	      tmp = stpcpy (tmp, name);
@@ -201,7 +210,7 @@ nis_getnames (const_nis_name name)
 
 	      tmp = malloc (cplen + strlen (local_domain) + strlen (name) + 2);
 	      if (__builtin_expect (tmp == NULL, 0))
-		return NULL;
+		goto free_null;
 
 	      p = __stpcpy (tmp, name);
 	      *p++ = '.';
@@ -217,7 +226,7 @@ nis_getnames (const_nis_name name)
 
 	      tmp = malloc (cplen + strlen (name) + 2);
 	      if (__builtin_expect (tmp == NULL, 0))
-		return NULL;
+		goto free_null;
 
 	      p = __stpcpy (tmp, name);
 	      *p++ = '.';
@@ -227,9 +236,11 @@ nis_getnames (const_nis_name name)
 	  if (pos >= count)
 	    {
 	      count += 5;
-	      getnames = realloc (getnames, (count + 1) * sizeof (char *));
-	      if (__builtin_expect (getnames == NULL, 0))
-		return NULL;
+	      nis_name *newp = realloc (getnames,
+					(count + 1) * sizeof (char *));
+	      if (__builtin_expect (newp == NULL, 0))
+		goto free_null;
+	      getnames = newp;
 	    }
 	  getnames[pos] = tmp;
 	  ++pos;
diff --git a/nis/nis_table.c b/nis/nis_table.c
index 6c4fb839fc..746444c311 100644
--- a/nis/nis_table.c
+++ b/nis/nis_table.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1997, 1998, 1999, 2003 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 1998, 1999, 2003, 2004 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1997.
 
@@ -54,7 +54,7 @@ __create_ib_request (const_nis_name name, unsigned int flags)
       return NULL;
     }
 
-  /* Check if we have an entry of "[key=value,],bar". If, remove the "," */
+  /* Check if we have an entry of "[key=value,],bar".  If, remove the "," */
   if (ibreq->ibr_name[-1] == ',')
     ibreq->ibr_name[-1] = '\0';
   else
@@ -62,7 +62,17 @@ __create_ib_request (const_nis_name name, unsigned int flags)
   ibreq->ibr_name += 2;
   ibreq->ibr_name = strdup (ibreq->ibr_name);
   if (ibreq->ibr_name == NULL)
-    return NULL;
+    {
+    free_null:
+      while (search_len-- > 0)
+	{
+	  free (search_val[search_len].zattr_ndx);
+	  free (search_val[search_len].zattr_val.zattr_val_val);
+	}
+      free (search_val);
+      nis_free_request (ibreq);
+      return NULL;
+    }
 
   ++cptr; /* Remove "[" */
 
@@ -86,16 +96,19 @@ __create_ib_request (const_nis_name name, unsigned int flags)
           size += 1;
           search_val = realloc (search_val, size * sizeof (nis_attr));
 	  if (search_val == NULL)
-	    return NULL;
+	    goto free_null;
 	}
       search_val[search_len].zattr_ndx = strdup (key);
       if ((search_val[search_len].zattr_ndx) == NULL)
-	return NULL;
+	goto free_null;
 
       search_val[search_len].zattr_val.zattr_val_len = strlen (val) + 1;
       search_val[search_len].zattr_val.zattr_val_val = strdup (val);
       if (search_val[search_len].zattr_val.zattr_val_val == NULL)
-	return NULL;
+	{
+	  free (search_val[search_len].zattr_ndx);
+	  goto free_null;
+	}
 
       ++search_len;
     }