From patchwork Mon Oct 12 12:37:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380886 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=rchXUCgp; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytH2yJzz9sTv for ; Mon, 12 Oct 2020 23:39:35 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=R96rwJhYSPaSdST3kknpPP2jRLcje6srH/r68ifHDQE=; b=rchXUCgpvI3lVvy+u/Fth8x6m FPHt9ga/gmeupuNrpuOTgHFXXiex+8hOfytXk2ekrZWObPMx43nR+jk6Ne9BZ1IiSWEhRsrpV2Bbg 9u7DWELn+SYZJCv2sDvk1y2odtaXXp3Ikik57DV4MHW5+ADrH/HgZRL3dgRoGhII20nxHXrCMimv+ hYdYpgXoldSW1yrpR+PT4pONwdPsbHtb8QoxILfqYNWCEINFM46BrC5cMWdKLZ+cG9j6XZJMpn5P1 RpNVzZ2xmrgwCd0j8yQo3dwjAulyFjIEE4k0/SCVnRmMKnN2dib4fdCbFkvYlgn9yMZ0MevGSYlQ8 DhEtSE2Aw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx59-0002qz-Mx; Mon, 12 Oct 2020 12:37:39 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx4z-0002lx-B5 for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:31 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 9D87E35DC; Mon, 12 Oct 2020 14:37:25 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id c44aff45; Mon, 12 Oct 2020 14:37:08 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 02/12] Fix possible NULL dereference Date: Mon, 12 Oct 2020 14:37:08 +0200 Message-Id: <20201012123718.25623-3-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083729_571117_CEF06D44 X-CRM114-Status: GOOD ( 17.67 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Fixes following issue as reported by GCC-10 static analyzer: multipart_parser.c: In function ‘multipart_parser_init’: multipart_parser.c:88:22: error: dereference of possibly-NULL ‘p’ [CWE-690] [-Werror=analyzer-possible-null-dereference] 88 | p->boundary_length = strlen(boundary); | ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~ ‘multipart_parser_init’: events 1-2 | | 83 | multipart_parser* p = malloc(sizeof(multipart_parser) + | | ^~~~~~~~~~~~~~~~ | | | | | (1) this call could return NULL |...... | 88 | p->boundary_length = strlen(boundary); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) ‘p’ could be NULL: unchecked value from (1) Signed-off-by: Petr Štetiar --- multipart_parser.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/multipart_parser.c b/multipart_parser.c index ee82c82c8bfa..f1e1f38e1d71 100644 --- a/multipart_parser.c +++ b/multipart_parser.c @@ -84,6 +84,9 @@ multipart_parser* multipart_parser_init strlen(boundary) + strlen(boundary) + 9); + if (!p) + return NULL; + strcpy(p->multipart_boundary, boundary); p->boundary_length = strlen(boundary);