X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=alloc.c;h=8e6a7e2623af006a7d6e8d7ca226934d130777cc;hb=432c6675f9328fcc59cf9b4ee37a44ca6e2be6ed;hp=ed872b9852472ded2689bb22fe021c6ebefb3af1;hpb=ca3ab12a66fc683cabf546fd405cfbf39ef9fb6f;p=debian%2Fsudo

diff --git a/alloc.c b/alloc.c
index ed872b9..8e6a7e2 100644
--- a/alloc.c
+++ b/alloc.c
@@ -1,38 +1,25 @@
 /*
- * Copyright (c) 1999-2002 Todd C. Miller <Todd.Miller@courtesan.com>
- * All rights reserved.
+ * Copyright (c) 1999-2005, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
- *
- * 4. Products derived from this software may not be called "Sudo" nor
- *    may "Sudo" appear in their names without specific prior written
- *    permission from the author.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
  */
 
-#include "config.h"
+#include <config.h>
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -47,37 +34,70 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
-# ifdef HAVE_STRINGS_H
-#  include <strings.h>
-# endif
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
 #endif /* HAVE_STRING_H */
 #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
 # include <malloc.h>
 #endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
 
 #include "sudo.h"
 
-#ifndef lint
-static const char rcsid[] = "$Sudo: alloc.c,v 1.11 2002/01/09 16:56:04 millert Exp $";
-#endif /* lint */
-
-extern char **Argv;		/* from sudo.c */
+/*
+ * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
+ * could be signed (as it is on SunOS 4.x).  This just means that
+ * emalloc2() and erealloc3() cannot allocate huge amounts on such a
+ * platform but that is OK since sudo doesn't need to do so anyway.
+ */
+#ifndef SIZE_MAX
+# ifdef SIZE_T_MAX
+#  define SIZE_MAX	SIZE_T_MAX
+# else
+#  define SIZE_MAX	INT_MAX
+# endif /* SIZE_T_MAX */
+#endif /* SIZE_MAX */
 
 /*
  * emalloc() calls the system malloc(3) and exits with an error if
  * malloc(3) fails.
  */
-VOID *
+void *
 emalloc(size)
     size_t size;
 {
-    VOID *ptr;
+    void *ptr;
 
-    if ((ptr = (VOID *) malloc(size)) == NULL) {
-	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
-	exit(1);
-    }
+    if (size == 0)
+	errorx(1, "internal error, tried to emalloc(0)");
+
+    if ((ptr = malloc(size)) == NULL)
+	errorx(1, "unable to allocate memory");
+    return(ptr);
+}
+
+/*
+ * emalloc2() allocates nmemb * size bytes and exits with an error
+ * if overflow would occur or if the system malloc(3) fails.
+ */
+void *
+emalloc2(nmemb, size)
+    size_t nmemb;
+    size_t size;
+{
+    void *ptr;
+
+    if (nmemb == 0 || size == 0)
+	errorx(1, "internal error, tried to emalloc2(0)");
+    if (nmemb > SIZE_MAX / size)
+	errorx(1, "internal error, emalloc2() overflow");
+
+    size *= nmemb;
+    if ((ptr = malloc(size)) == NULL)
+	errorx(1, "unable to allocate memory");
     return(ptr);
 }
 
@@ -86,17 +106,43 @@ emalloc(size)
  * realloc(3) fails.  You can call erealloc() with a NULL pointer even
  * if the system realloc(3) does not support this.
  */
-VOID *
+void *
 erealloc(ptr, size)
-    VOID *ptr;
+    void *ptr;
     size_t size;
 {
 
-    ptr = ptr ? (VOID *) realloc(ptr, size) : (VOID *) malloc(size);
-    if (ptr == NULL) {
-	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
-	exit(1);
-    }
+    if (size == 0)
+	errorx(1, "internal error, tried to erealloc(0)");
+
+    ptr = ptr ? realloc(ptr, size) : malloc(size);
+    if (ptr == NULL)
+	errorx(1, "unable to allocate memory");
+    return(ptr);
+}
+
+/*
+ * erealloc3() realloc(3)s nmemb * size bytes and exits with an error
+ * if overflow would occur or if the system malloc(3)/realloc(3) fails.
+ * You can call erealloc() with a NULL pointer even if the system realloc(3)
+ * does not support this.
+ */
+void *
+erealloc3(ptr, nmemb, size)
+    void *ptr;
+    size_t nmemb;
+    size_t size;
+{
+
+    if (nmemb == 0 || size == 0)
+	errorx(1, "internal error, tried to erealloc3(0)");
+    if (nmemb > SIZE_MAX / size)
+	errorx(1, "internal error, erealloc3() overflow");
+
+    size *= nmemb;
+    ptr = ptr ? realloc(ptr, size) : malloc(size);
+    if (ptr == NULL)
+	errorx(1, "unable to allocate memory");
     return(ptr);
 }
 
@@ -109,10 +155,12 @@ estrdup(src)
     const char *src;
 {
     char *dst = NULL;
+    size_t size;
 
     if (src != NULL) {
-	dst = (char *) emalloc(strlen(src) + 1);
-	(void) strcpy(dst, src);
+	size = strlen(src) + 1;
+	dst = (char *) emalloc(size);
+	(void) memcpy(dst, src, size);
     }
     return(dst);
 }
@@ -125,7 +173,9 @@ int
 #ifdef __STDC__
 easprintf(char **ret, const char *fmt, ...)
 #else
-easprintf(va_alist)
+easprintf(ret, fmt, va_alist)
+    char **ret;
+    const char *fmt;
     va_dcl
 #endif
 {
@@ -134,20 +184,13 @@ easprintf(va_alist)
 #ifdef __STDC__
     va_start(ap, fmt);
 #else
-    char **ret;
-    const char *fmt;
-
     va_start(ap);
-    ret = va_arg(ap, char **);
-    fmt = va_arg(ap, const char *);
 #endif
     len = vasprintf(ret, fmt, ap);
     va_end(ap);
 
-    if (len == -1) {
-	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
-	exit(1);
-    }
+    if (len == -1)
+	errorx(1, "unable to allocate memory");
     return(len);
 }
 
@@ -163,9 +206,18 @@ evasprintf(ret, format, args)
 {
     int len;
 
-    if ((len = vasprintf(ret, format, args)) == -1) {
-	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
-	exit(1);
-    }
+    if ((len = vasprintf(ret, format, args)) == -1)
+	errorx(1, "unable to allocate memory");
     return(len);
 }
+
+/*
+ * Wrapper for free(3) so we can depend on C89 semantics.
+ */
+void
+efree(ptr)
+    void *ptr;
+{
+    if (ptr != NULL)
+	free(ptr);
+}