[tor-commits] [tor/master] Check tor_vasprintf for error return values.

Tue Oct 22 12:36:42 UTC 2019

commit d91ad5112e91bfed59bebb657feacac64d34494f
Author: Tobias Stoeckmann <tobias at stoeckmann.org>
Date:   Wed Jul 10 20:39:57 2019 +0200

    Check tor_vasprintf for error return values.
    
    In case of error, a negative value will be returned or NULL written into
    first supplied argument.
    
    This patch uses both cases to comply with style in the specific files.
    
    A tor_vasprintf error in process_vprintf would lead to a NULL dereference
    later on in buf_add, because the return value -1 casted to size_t would
    pass an assertion check inside of buf_add.
    
    On the other hand, common systems will fail on such an operation, so it
    is not a huge difference to a simple assertion. Yet it is better to
    properly fail instead of relying on such behaviour on all systems.
    
    Signed-off-by: Tobias Stoeckmann <tobias at stoeckmann.org>
---
 src/feature/control/control_events.c | 5 ++++-
 src/lib/buf/buffers.c                | 1 +
 src/lib/process/process.c            | 1 +
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/feature/control/control_events.c b/src/feature/control/control_events.c
index 82ea94399..00659c047 100644
--- a/src/feature/control/control_events.c
+++ b/src/feature/control/control_events.c
@@ -1653,7 +1653,10 @@ control_event_status(int type, int severity, const char *format, va_list args)
     log_warn(LD_BUG, "Format string too long.");
     return -1;
   }
-  tor_vasprintf(&user_buf, format, args);
+  if (tor_vasprintf(&user_buf, format, args)<0) {
+    log_warn(LD_BUG, "Failed to create user buffer.");
+    return -1;
+  }
 
   send_control_event(type,  "%s %s\r\n", format_buf, user_buf);
   tor_free(user_buf);
diff --git a/src/lib/buf/buffers.c b/src/lib/buf/buffers.c
index 4d026bd37..452bf7437 100644
--- a/src/lib/buf/buffers.c
+++ b/src/lib/buf/buffers.c
@@ -578,6 +578,7 @@ buf_add_vprintf(buf_t *buf, const char *format, va_list args)
   /* XXXX Faster implementations are easy enough, but let's optimize later */
   char *tmp;
   tor_vasprintf(&tmp, format, args);
+  tor_assert(tmp != NULL);
   buf_add(buf, tmp, strlen(tmp));
   tor_free(tmp);
 }
diff --git a/src/lib/process/process.c b/src/lib/process/process.c
index 2194a603f..b01c99992 100644
--- a/src/lib/process/process.c
+++ b/src/lib/process/process.c
@@ -550,6 +550,7 @@ process_vprintf(process_t *process,
   char *data;
 
   size = tor_vasprintf(&data, format, args);
+  tor_assert(data != NULL);
   process_write(process, (uint8_t *)data, size);
   tor_free(data);
 }



