Check all oc_text_buf for errors (e.g. out-of-memory) before using their contents

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/auth-globalprotect.c b/auth-globalprotect.c
index d3799d6b89fade371bad71f1780ef520493f8a05..4ef37f7fe8442b230031b239b8cd2eaf24145879 100644 (file)
--- a/auth-globalprotect.c
+++ b/auth-globalprotect.c
@@ -161,8 +161,7 @@ static int parse_login_xml(struct openconnect_info *vpninfo, xmlNode *xml_node)
 
        vpninfo->cookie = cookie->data;
        cookie->data = NULL;
-       buf_free(cookie);
-       return 0;
+       return buf_free(cookie);
 
 err_out:
        free(value);
@@ -269,9 +268,14 @@ gateways:
        }
 
        buf_append(buf, "  </ServerList>\n</GPPortal>\n");
-       if (vpninfo->write_new_config && !buf_error(buf))
-               result = vpninfo->write_new_config(vpninfo->cbdata, buf->data, buf->pos);
-       buf_free(buf);
+       if (vpninfo->write_new_config) {
+               result = buf_error(buf);
+               if (!result)
+                       result = vpninfo->write_new_config(vpninfo->cbdata, buf->data, buf->pos);
+               buf_free(buf);
+               if (result)
+                       goto out;
+       }
 
        /* process static auth form to select gateway */
        result = process_auth_form(vpninfo, &form);
@@ -342,6 +346,8 @@ static int gpst_login(struct openconnect_info *vpninfo, int portal)
                if (auth_id)
                        append_opt(request_body, "inputStr", form->auth_id);
                append_form_opts(vpninfo, form, request_body);
+               if ((result = buf_error(request_body)))
+                       goto out;
 
                orig_path = vpninfo->urlpath;
                vpninfo->urlpath = strdup(portal ? "global-protect/getconfig.esp" : "ssl-vpn/login.esp");
@@ -423,6 +429,8 @@ int gpst_bye(struct openconnect_info *vpninfo, const char *reason)
         */
        append_opt(request_body, "computer", vpninfo->localname);
        buf_append(request_body, "&%s", vpninfo->cookie);
+       if ((result = buf_error(request_body)))
+               goto out;
 
        /* We need to close and reopen the HTTPS connection (to kill
         * the tunnel session) and submit a new HTTPS request to
@@ -445,6 +453,7 @@ int gpst_bye(struct openconnect_info *vpninfo, const char *reason)
        else
                vpn_progress(vpninfo, PRG_INFO, _("Logout successful\n"));
 
+out:
        buf_free(request_body);
        free(xml_buf);
        return result;

diff --git a/gpst.c b/gpst.c
index 6ce4ef1c926371a0d8409491f43c023cd5d560dc..c69d9462d1b4bba6cd10ad6cb743f5a98047e30f 100644 (file)
--- a/gpst.c
+++ b/gpst.c
@@ -561,6 +561,8 @@ static int gpst_get_config(struct openconnect_info *vpninfo)
                filter_opts(request_body, vpninfo->cookie, "preferred-ip", 0);
        } else
                buf_append(request_body, "&%s", vpninfo->cookie);
+       if ((result = buf_error(request_body)))
+               goto out;
 
        orig_path = vpninfo->urlpath;
        vpninfo->urlpath = strdup("ssl-vpn/getconfig.esp");
@@ -620,6 +622,7 @@ static int gpst_connect(struct openconnect_info *vpninfo)
 {
        int ret;
        struct oc_text_buf *reqbuf;
+       const char start_tunnel[12] = "START_TUNNEL"; /* NOT zero-terminated */
        char buf[256];
 
        /* Connect to SSL VPN tunnel */
@@ -634,31 +637,33 @@ static int gpst_connect(struct openconnect_info *vpninfo)
        buf_append(reqbuf, "GET %s?", vpninfo->urlpath);
        filter_opts(reqbuf, vpninfo->cookie, "user,authcookie", 1);
        buf_append(reqbuf, " HTTP/1.1\r\n\r\n");
+       if ((ret = buf_error(reqbuf)))
+               goto out;
 
        if (vpninfo->dump_http_traffic)
                dump_buf(vpninfo, '>', reqbuf->data);
 
        vpninfo->ssl_write(vpninfo, reqbuf->data, reqbuf->pos);
-       buf_free(reqbuf);
 
        if ((ret = vpninfo->ssl_read(vpninfo, buf, 12)) < 0) {
                if (ret == -EINTR)
-                       return ret;
+                       goto out;
                vpn_progress(vpninfo, PRG_ERR,
                             _("Error fetching GET-tunnel HTTPS response.\n"));
-               return -EINVAL;
+               ret = -EINVAL;
+               goto out;
        }
 
-       if (!strncmp(buf, "START_TUNNEL", 12)) {
+       if (!strncmp(buf, start_tunnel, sizeof(start_tunnel))) {
                ret = 0;
        } else if (ret==0) {
                vpn_progress(vpninfo, PRG_ERR,
                             _("Gateway disconnected immediately after GET-tunnel request.\n"));
                ret = -EPIPE;
        } else {
-               if (ret==12) {
-                       ret = vpninfo->ssl_gets(vpninfo, buf+12, 244);
-                       ret = (ret>0 ? ret : 0) + 12;
+               if (ret==sizeof(start_tunnel)) {
+                       ret = vpninfo->ssl_gets(vpninfo, buf+sizeof(start_tunnel), sizeof(buf)-sizeof(start_tunnel));
+                       ret = (ret>0 ? ret : 0) + sizeof(start_tunnel);
                }
                vpn_progress(vpninfo, PRG_ERR,
                             _("Got inappropriate HTTP GET-tunnel response: %.*s\n"), ret, buf);
@@ -676,6 +681,8 @@ static int gpst_connect(struct openconnect_info *vpninfo)
                        vpninfo->proto->udp_close(vpninfo);
        }
 
+out:
+       buf_free(reqbuf);
        return ret;
 }
 
@@ -736,12 +743,15 @@ static int build_csd_token(struct openconnect_info *vpninfo)
        buf = buf_alloc();
        append_opt(buf, "computer", vpninfo->localname);
        filter_opts(buf, vpninfo->cookie, "authcookie,preferred-ip", 0);
+       if (buf_error(buf))
+               goto out;
 
        /* save as csd_token */
        openconnect_md5(md5, buf->data, buf->pos);
        for (i=0; i < MD5_SIZE; i++)
                sprintf(&vpninfo->csd_token[i*2], "%02x", md5[i]);
 
+out:
        return buf_free(buf);
 }
 
@@ -769,6 +779,8 @@ static int check_or_submit_hip_report(struct openconnect_info *vpninfo, const ch
                        goto out;
                append_opt(request_body, "md5", vpninfo->csd_token);
        }
+       if ((result = buf_error(request_body)))
+               goto out;
 
        orig_path = vpninfo->urlpath;
        vpninfo->urlpath = strdup(report ? "ssl-vpn/hipreport.esp" : "ssl-vpn/hipreportcheck.esp");