Nmap Development mailing list archives

Add sanity checks for malloc()/realloc() in intf-win32.c for NMAP-7.xx

From: Bill Parker <wp02855 () gmail com>
Date: Sat, 9 Jan 2016 13:35:53 -0800

Hello All,

In reviewing source code in NMAP-7.xx, there is a call to malloc() and
realloc() in intf-win32.c which are not checked for a return value of
NULL, indicating failure.  The patch file below should address/correct
these issues:

--- intf-win32.c.orig   2016-01-09 10:03:08.914746228 -0800
+++ intf-win32.c        2016-01-09 10:03:29.937418102 -0800
@@ -94,9 +94,17 @@
                        ifc->max *= 2;
                        ifc->idx = realloc(ifc->idx,
                            sizeof(ifc->idx[0]) * ifc->max);
+                       if (ifc->idx == NULL) {
+                               fprintf(stderr, "Unable to reallocate
memory for ifc->idx in function _ifcombo_add...\n");
+                           return;
+                       }
                } else {
                        ifc->max = 8;
                        ifc->idx = malloc(sizeof(ifc->idx[0]) * ifc->max);
+                       if (ifc->idx == NULL) {
+                               fprintf(stderr, "Unable to allocate memory
for ifc->idx in function _ifcombo_add...\n");
+                               return;
+                       }
                }
        }
        ifc->idx[ifc->cnt].ipv4 = ipv4_idx;
I am attaching the patch file to this bug report...

Bill Parker (wp02855 () gmail com)

Attachment: intf-win32.c.patch
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Add sanity checks for malloc()/realloc() in intf-win32.c for NMAP-7.xx Bill Parker (Jan 11)