commit 97f695d099e60121700d47512172f1d6839dfb2a Author: David Sommerseth <dazo@users.sourceforge.net> Date: Fri Oct 19 18:24:18 2012 +0200 sqlite3: Improve error handling if memory alloc fails for SQL query string Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> (cherry picked from commit 2613675111387fb0753d31be74b5e0a362389ef8) diff --git a/database/sqlite/sqlite.c b/database/sqlite/sqlite.c index 0f4e0e6..a17f4b0 100644 --- a/database/sqlite/sqlite.c +++ b/database/sqlite/sqlite.c @@ -70,7 +70,7 @@ static void _sqlite_set_error(dbresult *dbres, ErrorSeverity sev, const char *qu dbres->errSeverity = sev; dbres->errMsg = strdup(errbuf); - dbres->query = strdup(query); + dbres->query = strdup_nullsafe(query); } /** @@ -327,7 +327,7 @@ void sqlite_log_error(eurephiaCTX *ctx, dbresult *dbres) { if( dbres->status != dbSUCCESS ) { eurephia_log(ctx, LOG_ERROR, 4, "SQL Error: %s", dbres->errMsg); } - DEBUG(ctx, 33, "SQL Query: %s", dbres->query); + DEBUG(ctx, 33, "SQL Query: %s", (dbres->query != NULL ? dbres->query : "(None)")); } @@ -397,6 +397,12 @@ dbresult *sqlite_query(eurephiaCTX *ctx, const char *fmt, ... ) { sql = sqlite3_vmprintf(fmt, ap); va_end(ap); + if( sql == NULL ) { + _sqlite_set_error(dbres, sevPANIC, NULL, "Could not allocate memory for SQL query string"); + goto exit; + } + + if( ctx->dbc == NULL ) { _sqlite_set_error(dbres, sevPANIC, sql, "No open database connection to perfom SQL query to"); goto exit; commit 493604d52b466fa7d8444582f547b229710f1dd4 Author: David Sommerseth <dazo@users.sourceforge.net> Date: Thu Oct 11 02:01:08 2012 +0200 eurephia-auth: Fixed a double-free situation with dev-type is not obvious If OpenVPN is configured with a unkown --dev name and --dev-type is used, eurephia would in some specific situations double-free a memory region keeping the dev-type information. GETENV_*() functions returns a pointer to a buffer which is supposed to be free'd, but pointers returned by eGet_value() should not be free'd. And in the error situation if dev-type is not forced or detected, the memory allocated by GETENV_DEVNAME() was not properly free'd. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> (cherry picked from commit 00bd0ac4cc901004aeaf4548813bb465bce5243f) diff --git a/plugin/eurephia-auth.c b/plugin/eurephia-auth.c index 41822d7..97fb38f 100644 --- a/plugin/eurephia-auth.c +++ b/plugin/eurephia-auth.c @@ -135,8 +135,6 @@ static inline int detect_tunnel_type(eurephiaCTX *ctx, const char const *env[]) "Unkown openvpn_devtype configuration value: '%s'. " "Will try to auto-detect the type for the %s device.", devtype, devname); - free_nullsafe(ctx, devtype); - } else { ctx->tuntype = tuntype; forced = 1; @@ -151,6 +149,7 @@ static inline int detect_tunnel_type(eurephiaCTX *ctx, const char const *env[]) ctx->tuntype = tuntype; goto success; } + free_nullsafe(ctx, devtype); // If no 'dev_type', try to guess the dev-type based on the dev name tuntype = conv_str2tuntype(devname); @@ -165,6 +164,7 @@ static inline int detect_tunnel_type(eurephiaCTX *ctx, const char const *env[]) "You need to force the tunnel device type setting the 'openvpn_devtype' " "configuration value.", devname); + free_nullsafe(ctx, devname); return 0; success: @@ -172,7 +172,6 @@ static inline int detect_tunnel_type(eurephiaCTX *ctx, const char const *env[]) "OpenVPN device type is %s %s on the %s device.", (forced ? "forced to" : "detected as"), (tuntype == tuntype_TUN ? "TUN" : "TAP"), devname); - free_nullsafe(ctx, devtype); free_nullsafe(ctx, devname); return 1; }