From dc04446f0ea4c62854e130072eb580c361a6fd40 Mon Sep 17 00:00:00 2001 From: SudeepRed Date: Tue, 21 Mar 2023 14:18:11 +0530 Subject: [PATCH] [#190][#312] malloc NULL error handling & calloc(3) --- src/admin.c | 8 +- src/cli.c | 7 +- src/libpgagroal/configuration.c | 29 ++++-- src/libpgagroal/logging.c | 8 +- src/libpgagroal/management.c | 36 +++++-- src/libpgagroal/memory.c | 7 +- src/libpgagroal/message.c | 160 ++++++++++++++++++++++++++------ src/libpgagroal/network.c | 16 +++- src/libpgagroal/pool.c | 6 +- src/libpgagroal/prometheus.c | 8 +- src/libpgagroal/security.c | 138 +++++++++++++-------------- src/libpgagroal/utils.c | 28 ++---- src/main.c | 16 +++- 13 files changed, 307 insertions(+), 160 deletions(-) diff --git a/src/admin.c b/src/admin.c index 10e05cbc..43a0073d 100644 --- a/src/admin.c +++ b/src/admin.c @@ -916,8 +916,12 @@ generate_password(int pwd_length) s = pwd_length + 1; - pwd = malloc(s); - memset(pwd, 0, s); + pwd = calloc(1, s); + if (pwd == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while generating password"); + return NULL; + } srand((unsigned)time(&t)); diff --git a/src/cli.c b/src/cli.c index 98d21660..faf5cc10 100644 --- a/src/cli.c +++ b/src/cli.c @@ -845,8 +845,11 @@ config_get(SSL* ssl, int socket, char* config_key, bool verbose) } else { - buffer = malloc(MISC_LENGTH); - memset(buffer, 0, MISC_LENGTH); + buffer = calloc(1, MISC_LENGTH); + if (buffer == NULL) + { + goto error; + } if (pgagroal_management_read_config_get(socket, &buffer)) { free(buffer); diff --git a/src/libpgagroal/configuration.c b/src/libpgagroal/configuration.c index 455dc541..6775fd71 100644 --- a/src/libpgagroal/configuration.c +++ b/src/libpgagroal/configuration.c @@ -2050,8 +2050,11 @@ extract_key_value(char* str, char** key, char** value) if (c < length) { - k = malloc(c + 1); - memset(k, 0, c + 1); + k = calloc(1, c + 1); + if (k == NULL) + { + goto error; + } memcpy(k, str, c); *key = k; @@ -2105,8 +2108,11 @@ extract_key_value(char* str, char** key, char** value) if (c <= length) { - v = malloc((c - offset) + 1); - memset(v, 0, (c - offset) + 1); + v = calloc(1, (c - offset) + 1); + if (v == NULL) + { + goto error; + } memcpy(v, str + offset, (c - offset)); *value = v; return 0; @@ -2202,8 +2208,11 @@ as_logging_level(char* str) if (strlen(str) > strlen("debug")) { size = strlen(str) - strlen("debug"); - debug_value = (char*)malloc(size + 1); - memset(debug_value, 0, size + 1); + debug_value = (char*)calloc(1, size + 1); + if (debug_value == NULL) + { + return PGAGROAL_LOGGING_LEVEL_FATAL; + } memcpy(debug_value, str + 5, size); if (as_int(debug_value, &debug_level)) { @@ -2501,8 +2510,11 @@ extract_value(char* str, int offset, char** value) { to = offset; - v = malloc(to - from + 1); - memset(v, 0, to - from + 1); + v = calloc(1, to - from + 1); + if (v == NULL) + { + return -1; + } memcpy(v, str + from, to - from); *value = v; @@ -2629,7 +2641,6 @@ transfer_configuration(struct configuration* config, struct configuration* reloa // changes the pgagroal-cli probably will not be able to connect in any case! restart_string("unix_socket_dir", config->unix_socket_dir, reload->unix_socket_dir, false); - /* su_connection */ /* states */ diff --git a/src/libpgagroal/logging.c b/src/libpgagroal/logging.c index 9859bb8b..6f0be7be 100644 --- a/src/libpgagroal/logging.c +++ b/src/libpgagroal/logging.c @@ -402,7 +402,9 @@ pgagroal_log_line(int level, char* file, int line, char* fmt, ...) atomic_store(&config->log_lock, STATE_FREE); } else - SLEEP_AND_GOTO(1000000L,retry) + { + SLEEP_AND_GOTO(1000000L, retry) + } } } @@ -488,6 +490,8 @@ pgagroal_log_mem(void* data, size_t size) atomic_store(&config->log_lock, STATE_FREE); } else - SLEEP_AND_GOTO(1000000L,retry) + { + SLEEP_AND_GOTO(1000000L, retry) + } } } diff --git a/src/libpgagroal/management.c b/src/libpgagroal/management.c index 14e2fe4f..9f8707a6 100644 --- a/src/libpgagroal/management.c +++ b/src/libpgagroal/management.c @@ -108,8 +108,11 @@ pgagroal_management_read_payload(int socket, signed char id, int* payload_i, cha iov[0].iov_base = &buf2[0]; iov[0].iov_len = sizeof(buf2); - cmptr = malloc(CMSG_SPACE(sizeof(int))); - memset(cmptr, 0, CMSG_SPACE(sizeof(int))); + cmptr = calloc(1, CMSG_SPACE(sizeof(int))); + if (cmptr == NULL) + { + goto error; + } cmptr->cmsg_len = CMSG_LEN(sizeof(int)); cmptr->cmsg_level = SOL_SOCKET; cmptr->cmsg_type = SCM_RIGHTS; @@ -148,8 +151,11 @@ pgagroal_management_read_payload(int socket, signed char id, int* payload_i, cha } size = pgagroal_read_int32(&buf4); - s = malloc(size + 1); - memset(s, 0, size + 1); + s = calloc(1, size + 1); + if (s == NULL) + { + goto error; + } if (read_complete(NULL, socket, s, size)) { goto error; @@ -174,8 +180,11 @@ pgagroal_management_read_payload(int socket, signed char id, int* payload_i, cha } *payload_i = pgagroal_read_int32(&buf4); - s = malloc(*payload_i + 1); - memset(s, 0, *payload_i + 1); + s = calloc(1, *payload_i + 1); + if (s == NULL) + { + goto error; + } if (read_complete(NULL, socket, s, *payload_i)) { goto error; @@ -184,8 +193,11 @@ pgagroal_management_read_payload(int socket, signed char id, int* payload_i, cha break; case MANAGEMENT_RESET_SERVER: case MANAGEMENT_SWITCH_TO: - s = malloc(MISC_LENGTH); - memset(s, 0, MISC_LENGTH); + s = calloc(1, MISC_LENGTH); + if (s == NULL) + { + goto error; + } if (read_complete(NULL, socket, s, MISC_LENGTH)) { goto error; @@ -250,8 +262,12 @@ pgagroal_management_transfer_connection(int32_t slot) iov[0].iov_base = &buf2[0]; iov[0].iov_len = sizeof(buf2); - cmptr = malloc(CMSG_SPACE(sizeof(int))); - memset(cmptr, 0, CMSG_SPACE(sizeof(int))); + cmptr = calloc(1, CMSG_SPACE(sizeof(int))); + if (cmptr == NULL) + { + goto error; + } + cmptr->cmsg_level = SOL_SOCKET; cmptr->cmsg_type = SCM_RIGHTS; cmptr->cmsg_len = CMSG_LEN(sizeof(int)); diff --git a/src/libpgagroal/memory.c b/src/libpgagroal/memory.c index 52516693..25c231c5 100644 --- a/src/libpgagroal/memory.c +++ b/src/libpgagroal/memory.c @@ -71,21 +71,18 @@ pgagroal_memory_size(size_t size) { pgagroal_memory_destroy(); - message = (struct message*)malloc(sizeof(struct message)); + message = (struct message*)calloc(1, sizeof(struct message)); if (message == NULL) { goto error; } - data = malloc(size); + data = calloc(1, size); if (data == NULL) { goto error; } - memset(message, 0, sizeof(struct message)); - memset(data, 0, size); - message->kind = 0; message->length = 0; message->max_length = size; diff --git a/src/libpgagroal/message.c b/src/libpgagroal/message.c index 04c787bc..548bf29d 100644 --- a/src/libpgagroal/message.c +++ b/src/libpgagroal/message.c @@ -111,7 +111,18 @@ pgagroal_create_message(void* data, ssize_t length, struct message** msg) struct message* copy = NULL; copy = (struct message*)malloc(sizeof(struct message)); + if (copy == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating message"); + return MESSAGE_STATUS_ERROR; + } copy->data = malloc(length); + if (copy->data == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating message"); + free(copy); + return MESSAGE_STATUS_ERROR; + } copy->kind = pgagroal_read_byte(data); copy->length = length; @@ -140,7 +151,19 @@ pgagroal_copy_message(struct message* msg) #endif copy = (struct message*)malloc(sizeof(struct message)); + if (copy == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while copying message"); + return NULL; + } + copy->data = malloc(msg->length); + if (copy->data == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while copying message"); + free(copy); + return NULL; + } copy->kind = msg->kind; copy->length = msg->length; @@ -714,9 +737,18 @@ pgagroal_create_auth_password_response(char* password, struct message** msg) size = 6 + strlen(password); m = (struct message*)malloc(sizeof(struct message)); - m->data = malloc(size); - - memset(m->data, 0, size); + if (m == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_password_response"); + return MESSAGE_STATUS_ERROR; + } + m->data = calloc(1, size); + if (m->data == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_password_response"); + free(m); + return MESSAGE_STATUS_ERROR; + } m->kind = 'p'; m->length = size; @@ -768,9 +800,18 @@ pgagroal_create_auth_md5_response(char* md5, struct message** msg) size = 1 + 4 + strlen(md5) + 1; m = (struct message*)malloc(sizeof(struct message)); - m->data = malloc(size); - - memset(m->data, 0, size); + if (m == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_md5_response"); + return MESSAGE_STATUS_ERROR; + } + m->data = calloc(1, size); + if (m->data == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_md5_response"); + free(m); + return MESSAGE_STATUS_ERROR; + } m->kind = 'p'; m->length = size; @@ -819,9 +860,18 @@ pgagroal_create_auth_scram256_response(char* nounce, struct message** msg) size = 1 + 4 + 13 + 4 + 9 + strlen(nounce); m = (struct message*)malloc(sizeof(struct message)); - m->data = malloc(size); - - memset(m->data, 0, size); + if (m == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_scram256_response"); + return MESSAGE_STATUS_ERROR; + } + m->data = calloc(1, size); + if (m->data == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_scram256_response"); + free(m); + return MESSAGE_STATUS_ERROR; + } m->kind = 'p'; m->length = size; @@ -846,9 +896,19 @@ pgagroal_create_auth_scram256_continue(char* cn, char* sn, char* salt, struct me size = 1 + 4 + 4 + 2 + strlen(cn) + strlen(sn) + 3 + strlen(salt) + 7; m = (struct message*)malloc(sizeof(struct message)); - m->data = malloc(size); + if (m == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_scram256_continue"); + return MESSAGE_STATUS_ERROR; + } + m->data = calloc(1, size); - memset(m->data, 0, size); + if (m->data == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_scram256_continue"); + free(m); + return MESSAGE_STATUS_ERROR; + } m->kind = 'R'; m->length = size; @@ -877,9 +937,19 @@ pgagroal_create_auth_scram256_continue_response(char* wp, char* p, struct messag size = 1 + 4 + strlen(wp) + 3 + strlen(p); m = (struct message*)malloc(sizeof(struct message)); - m->data = malloc(size); + if (m == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_scram256_continue_response"); + return MESSAGE_STATUS_ERROR; + } - memset(m->data, 0, size); + m->data = calloc(1, size); + if (m->data == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_scram256_continue_response"); + free(m); + return MESSAGE_STATUS_ERROR; + } m->kind = 'p'; m->length = size; @@ -904,9 +974,18 @@ pgagroal_create_auth_scram256_final(char* ss, struct message** msg) size = 1 + 4 + 4 + 2 + strlen(ss); m = (struct message*)malloc(sizeof(struct message)); - m->data = malloc(size); - - memset(m->data, 0, size); + if (m == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_scram256_final"); + return MESSAGE_STATUS_ERROR; + } + m->data = calloc(1, size); + if (m->data == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating auth_scram256_final"); + free(m); + return MESSAGE_STATUS_ERROR; + } m->kind = 'R'; m->length = size; @@ -956,9 +1035,18 @@ pgagroal_create_ssl_message(struct message** msg) size = 8; m = (struct message*)malloc(sizeof(struct message)); - m->data = malloc(size); - - memset(m->data, 0, size); + if (m == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating ssl_message"); + return MESSAGE_STATUS_ERROR; + } + m->data = calloc(1, size); + if (m->data == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating ssl_message"); + free(m); + return MESSAGE_STATUS_ERROR; + } m->kind = 0; m->length = size; @@ -984,9 +1072,18 @@ pgagroal_create_startup_message(char* username, char* database, struct message** size = 4 + 4 + 4 + 1 + us + 1 + 8 + 1 + ds + 1 + 17 + 9 + 1; m = (struct message*)malloc(sizeof(struct message)); - m->data = malloc(size); - - memset(m->data, 0, size); + if (m == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating startup_message"); + return MESSAGE_STATUS_ERROR; + } + m->data = calloc(1, size); + if (m->data == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating startup_message"); + free(m); + return MESSAGE_STATUS_ERROR; + } m->kind = 0; m->length = size; @@ -1014,9 +1111,18 @@ pgagroal_create_cancel_request_message(int pid, int secret, struct message** msg size = 16; m = (struct message*)malloc(sizeof(struct message)); - m->data = malloc(size); - - memset(m->data, 0, size); + if (m == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating cancel_request_message"); + return MESSAGE_STATUS_ERROR; + } + m->data = calloc(1, size); + if (m == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating cancel_request_message"); + free(m); + return MESSAGE_STATUS_ERROR; + } m->kind = 0; m->length = size; @@ -1275,7 +1381,7 @@ ssl_read_message(SSL* ssl, int timeout, struct message** msg) err = SSL_get_error(ssl, numbytes); switch (err) { - case SSL_ERROR_NONE: + case SSL_ERROR_NONE: break; case SSL_ERROR_ZERO_RETURN: if (timeout > 0) @@ -1371,7 +1477,7 @@ ssl_write_message(SSL* ssl, struct message* msg) switch (err) { - case SSL_ERROR_NONE: + case SSL_ERROR_NONE: break; case SSL_ERROR_ZERO_RETURN: case SSL_ERROR_WANT_READ: diff --git a/src/libpgagroal/network.c b/src/libpgagroal/network.c index 7379c78c..4e0b7f11 100644 --- a/src/libpgagroal/network.c +++ b/src/libpgagroal/network.c @@ -570,8 +570,12 @@ bind_host(const char* hostname, int port, int** fds, int* length) index = 0; size = 0; - sport = malloc(5); - memset(sport, 0, 5); + sport = calloc(1, 5); + if (sport == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while binding host"); + return 1; + } sprintf(sport, "%d", port); /* Find all SOCK_STREAM addresses */ @@ -594,8 +598,12 @@ bind_host(const char* hostname, int port, int** fds, int* length) size++; } - result = malloc(size * sizeof(int)); - memset(result, 0, size * sizeof(int)); + result = calloc(1, size * sizeof(int)); + if (sport == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while binding host"); + return 1; + } /* Loop through all the results and bind to the first we can */ for (addr = servinfo; addr != NULL; addr = addr->ai_next) diff --git a/src/libpgagroal/pool.c b/src/libpgagroal/pool.c index d606ecfd..47bd0d9c 100644 --- a/src/libpgagroal/pool.c +++ b/src/libpgagroal/pool.c @@ -330,8 +330,10 @@ pgagroal_get_connection(char* username, char* database, bool reuse, bool transac } } else - /* Sleep for 1000 nanos */ - SLEEP_AND_GOTO(1000L,start) + /* Sleep for 1000 nanos */ + { + SLEEP_AND_GOTO(1000L, start) + } } } diff --git a/src/libpgagroal/prometheus.c b/src/libpgagroal/prometheus.c index 305fa181..b0d7d714 100644 --- a/src/libpgagroal/prometheus.c +++ b/src/libpgagroal/prometheus.c @@ -2066,8 +2066,12 @@ send_chunk(int client_fd, char* data) memset(&msg, 0, sizeof(struct message)); - m = malloc(20); - memset(m, 0, 20); + m = calloc(1, 20); + if (m == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while binding host"); + return MESSAGE_STATUS_ERROR; + } sprintf(m, "%lX\r\n", strlen(data)); diff --git a/src/libpgagroal/security.c b/src/libpgagroal/security.c index 39a7d02c..5859c848 100644 --- a/src/libpgagroal/security.c +++ b/src/libpgagroal/security.c @@ -1655,8 +1655,10 @@ client_password(SSL* c_ssl, int client_fd, char* username, char* password, int s if (difftime(time(NULL), start_time) < config->authentication_timeout) { if (pgagroal_socket_isvalid(client_fd)) - /* Sleep for 100ms */ - SLEEP_AND_GOTO(100000000L,retry) + /* Sleep for 100ms */ + { + SLEEP_AND_GOTO(100000000L, retry) + } } } @@ -1737,8 +1739,10 @@ client_md5(SSL* c_ssl, int client_fd, char* username, char* password, int slot) if (difftime(time(NULL), start_time) < config->authentication_timeout) { if (pgagroal_socket_isvalid(client_fd)) - /* Sleep for 100ms */ - SLEEP_AND_GOTO(100000000L,retry) + /* Sleep for 100ms */ + { + SLEEP_AND_GOTO(100000000L, retry) + } } } @@ -1754,8 +1758,7 @@ client_md5(SSL* c_ssl, int client_fd, char* username, char* password, int slot) } size = strlen(username) + strlen(password) + 1; - pwdusr = malloc(size); - memset(pwdusr, 0, size); + pwdusr = calloc(1, size); snprintf(pwdusr, size, "%s%s", password, username); @@ -1764,8 +1767,7 @@ client_md5(SSL* c_ssl, int client_fd, char* username, char* password, int slot) goto error; } - md5_req = malloc(36); - memset(md5_req, 0, 36); + md5_req = calloc(1, 36); memcpy(md5_req, shadow, 32); memcpy(md5_req + 32, &salt[0], 4); @@ -1864,8 +1866,10 @@ client_scram256(SSL* c_ssl, int client_fd, char* username, char* password, int s if (difftime(time(NULL), start_time) < config->authentication_timeout) { if (pgagroal_socket_isvalid(client_fd)) - /* Sleep for 100ms */ - SLEEP_AND_GOTO(100000000L,retry) + /* Sleep for 100ms */ + { + SLEEP_AND_GOTO(100000000L, retry) + } } } @@ -1880,8 +1884,8 @@ client_scram256(SSL* c_ssl, int client_fd, char* username, char* password, int s pgagroal_socket_nonblocking(client_fd, false); } - client_first_message_bare = malloc(msg->length - 25); - memset(client_first_message_bare, 0, msg->length - 25); + client_first_message_bare = calloc(1, msg->length - 25); + memcpy(client_first_message_bare, msg->data + 26, msg->length - 26); get_scram_attribute('r', (char*)msg->data + 26, msg->length - 26, &client_nounce); @@ -1889,8 +1893,8 @@ client_scram256(SSL* c_ssl, int client_fd, char* username, char* password, int s generate_salt(&salt, &salt_length); pgagroal_base64_encode(salt, salt_length, &base64_salt); - server_first_message = malloc(89); - memset(server_first_message, 0, 89); + server_first_message = calloc(1, 89); + snprintf(server_first_message, 89, "r=%s%s,s=%s,i=4096", client_nounce, server_nounce, base64_salt); status = pgagroal_create_auth_scram256_continue(client_nounce, server_nounce, base64_salt, &msg); @@ -1919,8 +1923,8 @@ client_scram256(SSL* c_ssl, int client_fd, char* username, char* password, int s get_scram_attribute('p', (char*)msg->data + 5, msg->length - 5, &base64_client_proof); pgagroal_base64_decode(base64_client_proof, strlen(base64_client_proof), &client_proof_received, &client_proof_received_length); - client_final_message_without_proof = malloc(58); - memset(client_final_message_without_proof, 0, 58); + client_final_message_without_proof = calloc(1, 58); + memcpy(client_final_message_without_proof, msg->data + 5, 57); sasl_prep(password, &password_prep); @@ -2049,18 +2053,30 @@ client_ok(SSL* c_ssl, int client_fd, int slot) { size = config->connections[slot].security_lengths[0]; data = malloc(size); + if (data == NULL) + { + goto error; + } memcpy(data, config->connections[slot].security_messages[0], size); } else if (config->connections[slot].has_security == SECURITY_PASSWORD || config->connections[slot].has_security == SECURITY_MD5) { size = config->connections[slot].security_lengths[2]; data = malloc(size); + if (data == NULL) + { + goto error; + } memcpy(data, config->connections[slot].security_messages[2], size); } else if (config->connections[slot].has_security == SECURITY_SCRAM256) { size = config->connections[slot].security_lengths[4] - 55; data = malloc(size); + if (data == NULL) + { + goto error; + } memcpy(data, config->connections[slot].security_messages[4] + 55, size); } else @@ -2499,8 +2515,7 @@ server_md5(char* username, char* password, int slot, SSL* server_ssl) } size = strlen(username) + strlen(password) + 1; - pwdusr = malloc(size); - memset(pwdusr, 0, size); + pwdusr = calloc(1, size); snprintf(pwdusr, size, "%s%s", password, username); @@ -2509,8 +2524,8 @@ server_md5(char* username, char* password, int slot, SSL* server_ssl) goto error; } - md5_req = malloc(36); - memset(md5_req, 0, 36); + md5_req = calloc(1, 36); + memcpy(md5_req, shadow, 32); memcpy(md5_req + 32, salt, 4); @@ -3133,8 +3148,7 @@ get_salt(void* data, char** salt) { char* result; - result = malloc(4); - memset(result, 0, 4); + result = calloc(1, 4); memcpy(result, data + 9, 4); @@ -3270,10 +3284,7 @@ pgagroal_md5(char* str, int length, char** md5) unsigned char digest[16]; char* out; - out = malloc(33); - - memset(out, 0, 33); - + out = calloc(1, 33); MD5_Init(&c); MD5_Update(&c, str, length); MD5_Final(digest, &c); @@ -3456,8 +3467,7 @@ aes_encrypt(char* plaintext, unsigned char* key, unsigned char* iv, char** ciphe } size = strlen(plaintext) + EVP_CIPHER_block_size(EVP_aes_256_cbc()); - ct = malloc(size); - memset(ct, 0, size); + ct = calloc(1, size); if (EVP_EncryptUpdate(ctx, ct, &length, @@ -3513,8 +3523,7 @@ aes_decrypt(char* ciphertext, int ciphertext_length, unsigned char* key, unsigne } size = ciphertext_length + EVP_CIPHER_block_size(EVP_aes_256_cbc()); - pt = malloc(size); - memset(pt, 0, size); + pt = calloc(1, size); if (EVP_DecryptUpdate(ctx, (unsigned char*)pt, &length, @@ -3626,8 +3635,7 @@ get_scram_attribute(char attribute, char* input, size_t size, char** value) match[0] = attribute; match[1] = '='; - dup = (char*)malloc(size + 1); - memset(dup, 0, size + 1); + dup = (char*)calloc(1, size + 1); memcpy(dup, input, size); ptr = strtok(dup, ","); @@ -3636,8 +3644,7 @@ get_scram_attribute(char attribute, char* input, size_t size, char** value) if (!strncmp(ptr, &match[0], 2)) { token_size = strlen(ptr) - 1; - result = malloc(token_size); - memset(result, 0, token_size); + result = calloc(1, token_size); memcpy(result, ptr + 2, token_size); goto done; } @@ -3708,11 +3715,9 @@ client_proof(char* password, char* salt, int salt_length, int iterations, goto error; } - c_s = malloc(size); - memset(c_s, 0, size); + c_s = calloc(1, size); - r = malloc(size); - memset(r, 0, size); + r = calloc(1, size); /* Client signature: HMAC(StoredKey, AuthMessage) */ if (HMAC_Init_ex(ctx, s_k, s_k_length, EVP_sha256(), NULL) != 1) @@ -3828,12 +3833,10 @@ verify_client_proof(char* s_key, int s_key_length, /* goto error; */ /* } */ - c_k = malloc(size); - memset(c_k, 0, size); + c_k = calloc(1, size); c_k_length = size; - c_s = malloc(size); - memset(c_s, 0, size); + c_s = calloc(1, size); /* Client signature: HMAC(StoredKey, AuthMessage) */ if (HMAC_Init_ex(ctx, s_key, s_key_length, EVP_sha256(), NULL) != 1) @@ -3952,8 +3955,7 @@ salted_password(char* password, char* salt, int salt_length, int iterations, uns one = 1; } - r = malloc(size); - memset(r, 0, size); + r = calloc(1, size); /* SaltedPassword: Hi(Normalize(password), salt, iterations) */ if (HMAC_Init_ex(ctx, password, password_length, EVP_sha256(), NULL) != 1) @@ -4057,8 +4059,7 @@ salted_password_key(unsigned char* salted_password, int salted_password_length, goto error; } - r = malloc(size); - memset(r, 0, size); + r = calloc(1, size); /* HMAC(SaltedPassword, Key) */ if (HMAC_Init_ex(ctx, salted_password, salted_password_length, EVP_sha256(), NULL) != 1) @@ -4123,8 +4124,7 @@ stored_key(unsigned char* client_key, int client_key_length, unsigned char** res goto error; } - r = malloc(size); - memset(r, 0, size); + r = calloc(1, size); /* StoredKey: H(ClientKey) */ if (EVP_DigestInit_ex(ctx, EVP_sha256(), NULL) != 1) @@ -4177,8 +4177,7 @@ generate_salt(char** salt, int* size) unsigned char* r = NULL; int result; - r = malloc(s); - memset(r, 0, s); + r = calloc(1, s); result = RAND_bytes(r, s); if (result != 1) @@ -4239,8 +4238,7 @@ server_signature(char* password, char* salt, int salt_length, int iterations, goto error; } - r = malloc(size); - memset(r, 0, size); + r = calloc(1, size); if (password != NULL) { @@ -4970,8 +4968,7 @@ auth_query_server_md5(struct message* startup_response_msg, char* username, char } size = strlen(username) + strlen(password) + 1; - pwdusr = malloc(size); - memset(pwdusr, 0, size); + pwdusr = calloc(1, size); snprintf(pwdusr, size, "%s%s", password, username); @@ -4980,8 +4977,7 @@ auth_query_server_md5(struct message* startup_response_msg, char* username, char goto error; } - md5_req = malloc(36); - memset(md5_req, 0, 36); + md5_req = calloc(1, 36); memcpy(md5_req, shadow, 32); memcpy(md5_req + 32, salt, 4); @@ -5300,10 +5296,9 @@ auth_query_get_password(int socket, SSL* server_ssl, char* username, char* datab *password = NULL; size = 53 + strlen(username); - aq = malloc(size); + aq = calloc(1, size); memset(&qmsg, 0, sizeof(struct message)); - memset(aq, 0, size); pgagroal_write_byte(aq, 'Q'); pgagroal_write_int32(aq + 1, size - 1); @@ -5333,8 +5328,7 @@ auth_query_get_password(int socket, SSL* server_ssl, char* username, char* datab } result_size = dmsg->length - 11 + 1; - result = (char*)malloc(result_size); - memset(result, 0, result_size); + result = (char*)calloc(1, result_size); memcpy(result, dmsg->data + 11, dmsg->length - 11); *password = result; @@ -5406,8 +5400,10 @@ auth_query_client_md5(SSL* c_ssl, int client_fd, char* username, char* hash, int if (difftime(time(NULL), start_time) < config->authentication_timeout) { if (pgagroal_socket_isvalid(client_fd)) - /* Sleep for 100ms */ - SLEEP_AND_GOTO(100000000L,retry) + /* Sleep for 100ms */ + { + SLEEP_AND_GOTO(100000000L, retry) + } } } @@ -5422,8 +5418,7 @@ auth_query_client_md5(SSL* c_ssl, int client_fd, char* username, char* hash, int pgagroal_socket_nonblocking(client_fd, false); } - md5_req = malloc(36); - memset(md5_req, 0, 36); + md5_req = calloc(1, 36); memcpy(md5_req, hash + 3, 32); memcpy(md5_req + 32, &salt[0], 4); @@ -5524,8 +5519,10 @@ auth_query_client_scram256(SSL* c_ssl, int client_fd, char* username, char* shad if (difftime(time(NULL), start_time) < config->authentication_timeout) { if (pgagroal_socket_isvalid(client_fd)) - /* Sleep for 100ms */ - SLEEP_AND_GOTO(100000000L,retry) + /* Sleep for 100ms */ + { + SLEEP_AND_GOTO(100000000L, retry) + } } } @@ -5572,15 +5569,13 @@ auth_query_client_scram256(SSL* c_ssl, int client_fd, char* username, char* shad } /* Start the flow */ - client_first_message_bare = malloc(msg->length - 25); - memset(client_first_message_bare, 0, msg->length - 25); + client_first_message_bare = calloc(1, msg->length - 25); memcpy(client_first_message_bare, msg->data + 26, msg->length - 26); get_scram_attribute('r', (char*)msg->data + 26, msg->length - 26, &client_nounce); generate_nounce(&server_nounce); - server_first_message = malloc(89); - memset(server_first_message, 0, 89); + server_first_message = calloc(1, 89); snprintf(server_first_message, 89, "r=%s%s,s=%s,i=%d", client_nounce, server_nounce, base64_salt, iterations); status = pgagroal_create_auth_scram256_continue(client_nounce, server_nounce, base64_salt, &sasl_continue); @@ -5604,8 +5599,7 @@ auth_query_client_scram256(SSL* c_ssl, int client_fd, char* username, char* shad get_scram_attribute('p', (char*)msg->data + 5, msg->length - 5, &base64_client_proof); pgagroal_base64_decode(base64_client_proof, strlen(base64_client_proof), &client_proof_received, &client_proof_received_length); - client_final_message_without_proof = malloc(58); - memset(client_final_message_without_proof, 0, 58); + client_final_message_without_proof = calloc(1, 58); memcpy(client_final_message_without_proof, msg->data + 5, 57); if (verify_client_proof(stored_key, stored_key_length, diff --git a/src/libpgagroal/utils.c b/src/libpgagroal/utils.c index c3498c3a..061bde27 100644 --- a/src/libpgagroal/utils.c +++ b/src/libpgagroal/utils.c @@ -108,8 +108,7 @@ pgagroal_extract_username_database(struct message* msg, char** username, char** end++; if (c == 0) { - array[counter] = (char*)malloc(end - start); - memset(array[counter], 0, end - start); + array[counter] = (char*)calloc(1, end - start); memcpy(array[counter], msg->data + start, end - start); start = end; @@ -122,8 +121,7 @@ pgagroal_extract_username_database(struct message* msg, char** username, char** if (!strcmp(array[i], "user")) { size = strlen(array[i + 1]) + 1; - un = malloc(size); - memset(un, 0, size); + un = calloc(1, size); memcpy(un, array[i + 1], size); *username = un; @@ -131,8 +129,7 @@ pgagroal_extract_username_database(struct message* msg, char** username, char** else if (!strcmp(array[i], "database")) { size = strlen(array[i + 1]) + 1; - db = malloc(size); - memset(db, 0, size); + db = calloc(1, size); memcpy(db, array[i + 1], size); *database = db; @@ -140,8 +137,7 @@ pgagroal_extract_username_database(struct message* msg, char** username, char** else if (!strcmp(array[i], "application_name")) { size = strlen(array[i + 1]) + 1; - an = malloc(size); - memset(an, 0, size); + an = calloc(1, size); memcpy(an, array[i + 1], size); *appname = an; @@ -230,8 +226,7 @@ pgagroal_extract_error_message(struct message* msg, char** error) if (type == 'M') { - result = (char*)malloc(strlen(s) + 1); - memset(result, 0, strlen(s) + 1); + result = (char*)calloc(1, strlen(s) + 1); memcpy(result, s, strlen(s)); *error = result; @@ -616,8 +611,7 @@ pgagroal_get_password(void) tcsetattr(STDIN_FILENO, TCSANOW, &oldt); - result = malloc(strlen(p) + 1); - memset(result, 0, strlen(p) + 1); + result = calloc(1, strlen(p) + 1); memcpy(result, &p, strlen(p)); @@ -653,8 +647,7 @@ pgagroal_base64_encode(char* raw, int raw_length, char** encoded) BUF_MEM_grow(mem_bio_mem_ptr, (*mem_bio_mem_ptr).length + 1); (*mem_bio_mem_ptr).data[(*mem_bio_mem_ptr).length] = '\0'; - r = malloc(strlen((*mem_bio_mem_ptr).data) + 1); - memset(r, 0, strlen((*mem_bio_mem_ptr).data) + 1); + r = calloc(1, strlen((*mem_bio_mem_ptr).data) + 1); memcpy(r, (*mem_bio_mem_ptr).data, strlen((*mem_bio_mem_ptr).data)); BUF_MEM_free(mem_bio_mem_ptr); @@ -685,8 +678,7 @@ pgagroal_base64_decode(char* encoded, size_t encoded_length, char** raw, int* ra } size = (encoded_length * 3) / 4 + 1; - decoded = malloc(size); - memset(decoded, 0, size); + decoded = calloc(1, size); b64_bio = BIO_new(BIO_f_base64()); mem_bio = BIO_new(BIO_s_mem()); @@ -751,14 +743,12 @@ pgagroal_set_proc_title(int argc, char** argv, char* s1, char* s2) for (int i = 0; env[i] != NULL; i++) { size = strlen(env[i]); - environ[i] = (char*)malloc(size + 1); + environ[i] = (char*)calloc(1, size + 1); if (environ[i] == NULL) { return; } - - memset(environ[i], 0, size + 1); memcpy(environ[i], env[i], size); } environ[es] = NULL; diff --git a/src/main.c b/src/main.c index 49908307..3c75e89b 100644 --- a/src/main.c +++ b/src/main.c @@ -1293,8 +1293,12 @@ accept_main_cb(struct ev_loop* loop, struct ev_io* watcher, int revents) } else { - char* addr = malloc(strlen(address) + 1); - memset(addr, 0, strlen(address) + 1); + char* addr = calloc(1, strlen(address) + 1); + if (addr == NULL) + { + pgagroal_log_fatal("Cannot allocate memory for client address"); + return; + } memcpy(addr, address, strlen(address)); ev_loop_fork(loop); @@ -1695,8 +1699,12 @@ accept_management_cb(struct ev_loop* loop, struct ev_io* watcher, int revents) if (!fork()) { - char* addr = malloc(strlen(address) + 1); - memset(addr, 0, strlen(address) + 1); + char* addr = calloc(1, strlen(address) + 1); + if (addr == NULL) + { + pgagroal_log_fatal("Couldn't allocate address"); + return; + } memcpy(addr, address, strlen(address)); ev_loop_fork(loop);