diff -rup hurd.orig/daemons/ChangeLog hurd/daemons/ChangeLog --- hurd.orig/daemons/ChangeLog Wed Jul 25 01:49:59 2001 +++ hurd/daemons/ChangeLog Mon Jul 30 20:16:45 2001 @@ -1,3 +1,8 @@ +2001-07-30 Igor Khavkine + + * getty.c: Added checks for validity of malloc'ed memory. + * runttys.c: Same as above. + 2001-06-08 Roland McGrath * rc.sh: Start /hurd/mach-defpager before swapon. diff -rup hurd.orig/daemons/getty.c hurd/daemons/getty.c --- hurd.orig/daemons/getty.c Tue Sep 28 10:17:25 1999 +++ hurd/daemons/getty.c Tue Jul 31 22:53:36 2001 @@ -51,6 +51,12 @@ print_banner (int fd, char *ttyname) cc = asprintf (&s, "\r\n\n%s %s (%s) (%s)\r\n\n", u.sysname, u.release, hostname ?: "?", basename (ttyname)); + if (! s) + { + syslog (LOG_ERR, "Insufficient memory"); + closelog (); + exit (1); + } write (fd, s, cc); } @@ -77,6 +83,11 @@ main (int argc, char **argv) tt = getttynam (argv[2]); asprintf (&ttyname, "%s/%s", _PATH_DEV, argv[2]); + if (! ttyname) { + syslog (LOG_ERR, "Insufficient memory"); + closelog (); + exit (1); + } chown (ttyname, 0, 0); chmod (ttyname, 0600); diff -rup hurd.orig/daemons/runttys.c hurd/daemons/runttys.c --- hurd.orig/daemons/runttys.c Sun Sep 19 15:43:31 1999 +++ hurd/daemons/runttys.c Tue Jul 31 22:55:41 2001 @@ -93,6 +93,8 @@ setup_terminal (struct terminal *t, stru argz_create_sep (line, ' ', &argz, &len); argc = argz_count (argz, len); argv = malloc (argc * sizeof (char *)); + if (! argv) + error (1, errno, "malloc"); argz_extract (argz, len, argv); return argv; } @@ -117,6 +119,8 @@ add_terminal (struct ttyent *tt) if (nttys >= ttyslen) { ttys = realloc (ttys, (ttyslen * 2) * sizeof (struct ttyent)); + if (! ttys) + error (1, errno, "malloc"); memset (&ttys[nttys], 0, ttyslen); ttyslen *= 2; } @@ -125,6 +129,8 @@ add_terminal (struct ttyent *tt) nttys++; t->name = strdup (tt->ty_name); + if (! t->name) + error (1, errno, "malloc"); setup_terminal (t, tt); if (t->getty_argv) @@ -143,6 +149,8 @@ init_ttys (void) nttys = 0; ttys = calloc (ttyslen, sizeof (struct ttyent)); + if (! ttys) + error (1, errno, "calloc"); if (!setttyent ()) { diff -rup hurd.orig/defpager/ChangeLog hurd/defpager/ChangeLog --- hurd.orig/defpager/ChangeLog Sat Jul 3 19:48:14 1999 +++ hurd/defpager/ChangeLog Mon Jul 30 20:19:04 2001 @@ -1,3 +1,10 @@ +2001-07-30 Igor Khavkine + + * backing.c: Added check for validity of malloc'ed memory. + + * defpager.c (expand_map): Fix variable name so this code + would compile (if ever needed to). + 1999-07-03 Thomas Bushnell, BSG * defpager.c (pager_read_page): Use munmap instead of diff -rup hurd.orig/defpager/backing.c hurd/defpager/backing.c --- hurd.orig/defpager/backing.c Fri Oct 25 21:07:58 1996 +++ hurd/defpager/backing.c Tue Jul 31 22:51:43 2001 @@ -50,6 +50,8 @@ init_backing (char *name) bmap_len = backing_store->size / vm_page_size / NBBY; bmap = malloc (bmap_len); + if (! bmap) + return ENOMEM; for (i = 0; i < bmap_len; i++) bmap[i] = 0xff; bmap_rotor = bmap; diff -rup hurd.orig/defpager/defpager.c hurd/defpager/defpager.c --- hurd.orig/defpager/defpager.c Sat Jul 3 19:48:14 1999 +++ hurd/defpager/defpager.c Mon Jul 30 10:33:33 2001 @@ -31,10 +31,10 @@ struct user_pager_info off_t *map; }; -/* Expand the P->map as necessary to handle an incoming request of the - page at ADDR. */ +/* Expand the PAGER->map as necessary to handle an incoming request of the + page at PAGE. */ static inline void -expand_map (struct user_pager_info *p, vm_offset_t addr) +expand_map (struct user_pager_info *pager, vm_offset_t page) { /* See if this is beyond the current extent */ if (page >= pager->size) diff -rup hurd.orig/exec/ChangeLog hurd/exec/ChangeLog --- hurd.orig/exec/ChangeLog Wed Jul 25 01:49:59 2001 +++ hurd/exec/ChangeLog Mon Jul 30 20:19:55 2001 @@ -1,3 +1,7 @@ +2001-07-30 Igor Khavkine + + * exec.c: Added check for validity of malloc'ed memory. + 2001-04-01 Neal H Walfield * main.c (S_exec_init): Use iohelp_create_empty_iouser. diff -rup hurd.orig/ext2fs/ChangeLog hurd/ext2fs/ChangeLog --- hurd.orig/ext2fs/ChangeLog Wed Jul 25 01:49:59 2001 +++ hurd/ext2fs/ChangeLog Tue Jul 31 01:03:20 2001 @@ -1,3 +1,8 @@ +2001-07-31 Igor Khavkine + + * dir.c: Added checks for validity of malloc'ed memory. + * pager.c: Same as above. + 2001-06-09 Mark Kettenis * inode.c (diskfs_set_statfs): If number of free blocks is less diff -rup hurd.orig/ext2fs/dir.c hurd/ext2fs/dir.c --- hurd.orig/ext2fs/dir.c Wed Apr 25 13:36:48 2001 +++ hurd/ext2fs/dir.c Tue Jul 31 23:10:31 2001 @@ -485,8 +485,13 @@ dirscanblock (vm_address_t blockaddr, st down how many entries there were. */ if (!dp->dn->dirents) { - dp->dn->dirents = malloc ((dp->dn_stat.st_size / DIRBLKSIZ) + void *new_dirents; + new_dirents = malloc ((dp->dn_stat.st_size / DIRBLKSIZ) * sizeof (int)); + if (!new_dirents) + return ENOMEM; + else + dp->dn->dirents = new_dirents; for (i = 0; i < dp->dn_stat.st_size/DIRBLKSIZ; i++) dp->dn->dirents[i] = -1; } @@ -665,9 +670,14 @@ diskfs_direnter_hard (struct node *dp, c anything at all. */ if (dp->dn->dirents) { - dp->dn->dirents = realloc (dp->dn->dirents, + void *new_dirents; + new_dirents = realloc (dp->dn->dirents, (dp->dn_stat.st_size / DIRBLKSIZ * sizeof (int))); + if (!new_dirents) + return ENOMEM; + else + dp->dn->dirents = new_dirents; for (i = oldsize / DIRBLKSIZ; i < dp->dn_stat.st_size / DIRBLKSIZ; i++) @@ -884,6 +894,8 @@ diskfs_get_directs (struct node *dp, if (!dp->dn->dirents) { dp->dn->dirents = malloc (nblks * sizeof (int)); + if (!dp->dn->dirents) + return ENOMEM; for (i = 0; i < nblks; i++) dp->dn->dirents[i] = -1; } diff -rup hurd.orig/ext2fs/pager.c hurd/ext2fs/pager.c --- hurd.orig/ext2fs/pager.c Wed Apr 25 13:36:48 2001 +++ hurd/ext2fs/pager.c Tue Jul 31 23:11:07 2001 @@ -812,6 +812,11 @@ diskfs_get_filemap (struct node *node, v { struct user_pager_info *upi = malloc (sizeof (struct user_pager_info)); + if (!upi) + { + spin_unlock (&node_to_page_lock); + return MACH_PORT_NULL; + } upi->type = FILE_DATA; upi->node = node; upi->max_prot = 0; diff -rup hurd.orig/hostmux/ChangeLog hurd/hostmux/ChangeLog --- hurd.orig/hostmux/ChangeLog Wed Apr 25 13:36:48 2001 +++ hurd/hostmux/ChangeLog Tue Jul 31 01:26:34 2001 @@ -1,3 +1,7 @@ +2001-07-31 Igor Khavkine + + * mux.c: Added checks for validity of malloc'ed memory. + 2001-02-12 Marcus Brinkmann * hostmux.c: Include . Add global variable diff -rup hurd.orig/hostmux/mux.c hurd/hostmux/mux.c --- hurd.orig/hostmux/mux.c Sun Jul 11 15:40:34 1999 +++ hurd/hostmux/mux.c Tue Jul 31 23:12:24 2001 @@ -287,6 +287,11 @@ lookup_hostent (struct hostmux *mux, con nm->canon = nm->name; else nm->canon = strdup (he->h_name); + if (!nm->name || !nm->cannon) + { + free_name (nm); + return ENOMEM; + } err = create_host_node (mux, nm, node); if (err) diff -rup hurd.orig/isofs/ChangeLog hurd/isofs/ChangeLog --- hurd.orig/isofs/ChangeLog Wed Jul 25 01:49:59 2001 +++ hurd/isofs/ChangeLog Tue Jul 31 23:42:00 2001 @@ -1,3 +1,7 @@ +2001-07-31 Igor Khavkine + + * pager.c: Added checks for validity of malloc'ed memory + 2001-04-30 Marcus Brinkmann * rr.c (rrip_work): In the MATCH_NAME case, free NMBUF if it is non-zero diff -rup hurd.orig/isofs/pager.c hurd/isofs/pager.c --- hurd.orig/isofs/pager.c Wed Apr 25 13:36:48 2001 +++ hurd/isofs/pager.c Tue Jul 31 23:24:03 2001 @@ -165,6 +165,11 @@ diskfs_get_filemap (struct node *np, vm_ if (!np->dn->fileinfo) { upi = malloc (sizeof (struct user_pager_info)); + if (! upi) + { + spin_unlock (&node2pagelock); + return MACH_PORT_NULL; + } upi->type = FILE_DATA; upi->np = np; diskfs_nref_light (np); diff -rup hurd.orig/init/ChangeLog hurd/init/ChangeLog --- hurd.orig/init/ChangeLog Wed Jul 25 01:49:59 2001 +++ hurd/init/ChangeLog Tue Jul 31 23:43:13 2001 @@ -1,3 +1,8 @@ +2001-07-31 Igor Khavkine + + * init.c: Added checks for validity of malloc'ed memory. + * ttys.c: Same as above. + 2001-07-02 Roland McGrath * init.c (reboot_system): Don't pass null pointer to RPC out param. diff -rup hurd.orig/init/init.c hurd/init/init.c --- hurd.orig/init/init.c Wed Jul 25 01:49:59 2001 +++ hurd/init/init.c Tue Jul 31 23:33:47 2001 @@ -1682,17 +1682,24 @@ S_startup_request_notification (mach_por { struct ntfy_task *nt; - request_dead_name (notify); - /* Note that the ntfy_tasks list is kept in inverse order of the calls; this is important. We need later notification requests to get executed first. */ nt = malloc (sizeof (struct ntfy_task)); + if (! nt) + return ENOMEM; nt->notify_port = notify; nt->next = ntfy_tasks; ntfy_tasks = nt; - nt->name = malloc (strlen (name) + 1); - strcpy (nt->name, name); + nt->name = strdup (name); + if (! nt->name) + { + free (nt); + return ENOMEM; + } + + request_dead_name (notify); + return 0; } diff -rup hurd.orig/init/ttys.c hurd/init/ttys.c --- hurd.orig/init/ttys.c Mon Jun 14 20:36:07 1999 +++ hurd/init/ttys.c Tue Jul 31 23:38:24 2001 @@ -104,6 +104,8 @@ add_terminal (struct ttyent *tt) if (nttys >= ttyslen) { ttys = realloc (ttys, (ttyslen * 2) * sizeof (struct ttyent)); + if (! ttys) + error (1, errno, "realloc"); bzero (&ttys[nttys], ttyslen); ttyslen *= 2; } @@ -111,8 +113,9 @@ add_terminal (struct ttyent *tt) t = &ttys[nttys]; nttys++; - t->name = malloc (strlen (tt->ty_name) + 1); - strcpy (t->name, tt->ty_name); + t->name = strdup (tt->ty_name); + if (! t->name) + error (1, errno, "strdup"); setup_terminal (t, tt); if (t->getty_argz) @@ -131,6 +134,8 @@ init_ttys (void) nttys = 0; ttys = malloc (ttyslen * sizeof (struct ttyent)); + if (! ttys) + error (1, errno, "malloc"); bzero (ttys, ttyslen * sizeof (struct ttyent)); if (!setttyent ()) diff -rup hurd.orig/libdiskfs/ChangeLog hurd/libdiskfs/ChangeLog --- hurd.orig/libdiskfs/ChangeLog Wed Jul 25 01:50:00 2001 +++ hurd/libdiskfs/ChangeLog Wed Aug 1 00:08:57 2001 @@ -1,3 +1,12 @@ +2001-08-01 Igor Khavkine + + * boot-start.c: Added check for validity of malloc'ed memory. + * dir-lookup.c: Same as above. + * file-chg.c: Same as above. + * file-get-trans.c: Same as above. + * init-startup.c: Same as above. + * node-make.c: Same as above. + 2001-06-21 Neal H Walfield * file-getcontrol.c (diskfs_S_file_getcontrol): When checking diff -rup hurd.orig/libdiskfs/boot-start.c hurd/libdiskfs/boot-start.c --- hurd.orig/libdiskfs/boot-start.c Fri Mar 17 12:21:02 2000 +++ hurd/libdiskfs/boot-start.c Tue Jul 31 23:56:20 2001 @@ -237,6 +237,8 @@ diskfs_start_bootstrap () exec_argvlen = asprintf (&exec_argv, "/%s%c%s%c", initname, '\0', diskfs_boot_flags, '\0'); + if (! exec_argv) + assert_perror (ENOMEM); if (initname != default_init) free (initnamebuf); initname = exec_argv + 1; diff -rup hurd.orig/libdiskfs/dir-lookup.c hurd/libdiskfs/dir-lookup.c --- hurd.orig/libdiskfs/dir-lookup.c Wed Jul 25 01:50:00 2001 +++ hurd/libdiskfs/dir-lookup.c Tue Jul 31 23:58:39 2001 @@ -228,12 +228,16 @@ diskfs_S_dir_lookup (struct protid *dirc ? _HURD_CHRDEV : _HURD_BLKDEV), 0, major (node->dn_stat.st_rdev), 0, minor (node->dn_stat.st_rdev)); + if (! *argz) + return ENOMEM; *argz_len = strlen (*argz) + 1; *argz_len += strlen (*argz + *argz_len) + 1; *argz_len += strlen (*argz + *argz_len) + 1; break; case S_IFIFO: asprintf (argz, "%s", _HURD_FIFO); + if (! *argz) + return ENOMEM; *argz_len = strlen (*argz) + 1; break; default: diff -rup hurd.orig/libdiskfs/file-chg.c hurd/libdiskfs/file-chg.c --- hurd.orig/libdiskfs/file-chg.c Mon Aug 10 13:42:35 1998 +++ hurd/libdiskfs/file-chg.c Tue Jul 31 23:59:49 2001 @@ -38,6 +38,11 @@ diskfs_S_file_notice_changes (struct pro return err; } req = malloc (sizeof (struct modreq)); + if (! req) + { + mutex_unlock (&np->lock); + return ENOMEM; + } req->port = notify; req->next = np->filemod_reqs; np->filemod_reqs = req; diff -rup hurd.orig/libdiskfs/file-get-trans.c hurd/libdiskfs/file-get-trans.c --- hurd.orig/libdiskfs/file-get-trans.c Sun Jul 11 01:28:44 1999 +++ hurd/libdiskfs/file-get-trans.c Wed Aug 1 00:01:44 2001 @@ -83,12 +83,17 @@ diskfs_S_file_get_translator (struct pro '\0', (np->dn_stat.st_rdev) & 0377); buflen++; /* terminating nul */ - if (buflen > *translen) - *trans = mmap (0, buflen, PROT_READ|PROT_WRITE, MAP_ANON, 0, 0); - bcopy (buf, *trans, buflen); - free (buf); - *translen = buflen; - error = 0; + if (! buf) + error = ENOMEM; + else + { + if (buflen > *translen) + *trans = mmap (0, buflen, PROT_READ|PROT_WRITE, MAP_ANON, 0, 0); + bcopy (buf, *trans, buflen); + free (buf); + *translen = buflen; + error = 0; + } } else if (S_ISFIFO (np->dn_stat.st_mode)) { diff -rup hurd.orig/libdiskfs/init-startup.c hurd/libdiskfs/init-startup.c --- hurd.orig/libdiskfs/init-startup.c Wed Apr 25 13:36:49 2001 +++ hurd/libdiskfs/init-startup.c Wed Aug 1 00:03:22 2001 @@ -190,6 +190,11 @@ _diskfs_init_completed () ports_port_deref (pi); asprintf (&name, "%s %s", program_invocation_short_name, diskfs_disk_name ?: "-"); + if (! name) + { + err = ENOMEM; + goto errout; + } err = startup_request_notification (init, notify, MACH_MSG_TYPE_COPY_SEND, name); mach_port_deallocate (mach_task_self (), notify); diff -rup hurd.orig/libdiskfs/node-make.c hurd/libdiskfs/node-make.c --- hurd.orig/libdiskfs/node-make.c Mon Aug 10 13:42:39 1998 +++ hurd/libdiskfs/node-make.c Wed Aug 1 00:04:37 2001 @@ -25,6 +25,8 @@ struct node * diskfs_make_node (struct disknode *dn) { struct node *np = malloc (sizeof (struct node)); + if (! np) + return NULL; np->dn = dn; np->dn_set_ctime = 0; diff -rup hurd.orig/libports/ChangeLog hurd/libports/ChangeLog --- hurd.orig/libports/ChangeLog Wed Apr 25 13:38:05 2001 +++ hurd/libports/ChangeLog Wed Aug 1 02:15:52 2001 @@ -1,3 +1,7 @@ +2001-08-01 Igor Khavkine + * bucket-iterate.c: Added check for validity of malloc'ed + memory. + 2001-03-29 Neal H Walfield * claim-right.c (ports_claim_right): Include errno.h and diff -rup hurd.orig/libports/bucket-iterate.c hurd/libports/bucket-iterate.c --- hurd.orig/libports/bucket-iterate.c Sun Feb 28 15:50:37 1999 +++ hurd/libports/bucket-iterate.c Wed Aug 1 02:14:44 2001 @@ -48,6 +48,8 @@ _ports_bucket_class_iterate (struct port if (class == 0 || pi->class == class) { j = malloc (sizeof (struct item)); + if (! j) + return ENOMEM; j->next = list; j->p = pi; list = j; @@ -57,8 +59,11 @@ _ports_bucket_class_iterate (struct port } mutex_lock (&_ports_lock); - ihash_iterate (bucket->htable, enqueue); + err = ihash_iterate (bucket->htable, enqueue); mutex_unlock (&_ports_lock); + + if (err) + return err; err = 0; for (i = list; i; i = nxt) diff -rup hurd.orig/libps/ChangeLog hurd/libps/ChangeLog --- hurd.orig/libps/ChangeLog Wed Apr 25 13:38:05 2001 +++ hurd/libps/ChangeLog Wed Aug 1 02:25:08 2001 @@ -1,3 +1,7 @@ +2001-08-01 Igor Khavkine + + * procstat.c: Added checks for validity of malloc'ed memory. + 2001-03-29 Neal H Walfield * host.c: Fix comments. diff -rup hurd.orig/libps/procstat.c hurd/libps/procstat.c --- hurd.orig/libps/procstat.c Sat Jul 3 19:51:49 1999 +++ hurd/libps/procstat.c Wed Aug 1 02:24:12 2001 @@ -205,6 +205,8 @@ merge_procinfo (struct proc_stat *ps, ps ps->thread_waits = malloc (WAITS_MALLOC_SIZE); ps->thread_waits_len = WAITS_MALLOC_SIZE; ps->thread_waits_vm_alloced = 0; + if (! ps->thread_waits) + return ENOMEM; } new_waits = ps->thread_waits; new_waits_len = ps->thread_waits_len; @@ -920,6 +922,8 @@ proc_stat_set_flags (struct proc_stat *p if (NEED (PSTAT_ARGS, PSTAT_PID)) { char *buf = malloc (100); + if (! buf) + return ENOMEM; ps->args_len = 100; ps->args = buf; if (ps->args) @@ -940,6 +944,8 @@ proc_stat_set_flags (struct proc_stat *p if (NEED (PSTAT_ENV, PSTAT_PID)) { char *buf = malloc (100); + if (! buf) + return ENOMEM; ps->env_len = 100; ps->env = buf; if (ps->env)