Commit a65ce7b1 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

check for NULL returns from strdup() - reported by Jim Meyering 

also prevent buffer overflow on MSDOS when you do for example -O on a url
with a file name part longer than PATH_MAX letters
parent 2249c12a

src/main.c

+21 −8
Original line number Diff line number Diff line
@@ -4285,10 +4285,16 @@ operate(struct Configurable *config, int argc, argv_item_t argv[]) 
              /* This is for DOS, and then we do some major replacing of

                 bad characters in the file name before using it */

              char file1[PATH_MAX];



              if(strlen(outfile) >= PATH_MAX)

                outfile[PATH_MAX-1]=0; /* cut it */

              strcpy(file1, msdosify(outfile));

              free(outfile);



              outfile = strdup(rename_if_dos_device_name(file1));

              if(!outfile) {

                res = CURLE_OUT_OF_MEMORY;

                break;

              }

            }

#endif /* MSDOS */

          }
@@ -5146,12 +5152,19 @@ static char *my_get_line(FILE *fp) 
   do {

     if (NULL == fgets(buf, sizeof(buf), fp))

       break;

     if (NULL == retval)

     if (NULL == retval) {

       retval = strdup(buf);

       if(!retval)

         return NULL;

     }

     else {

       if (NULL == (retval = realloc(retval,

                                     strlen(retval) + strlen(buf) + 1)))

         break;

       char *ptr;

       ptr = realloc(retval, strlen(retval) + strlen(buf) + 1);

       if (NULL == ptr) {

         free(retval);

         return NULL;

       }

       retval = ptr;

       strcat(retval, buf);

     }

   }