Changeset 3537

Show
Ignore:
Timestamp:
08/15/08 21:00:22 (4 months ago)
Author:
dgollub
Message:

1. The OSyncMessage reply should be checked for null in

opensync_client.c. This patch does that.

2. opensync_client_proxy.c has error_free_message and

error_free_context reversed. So when error_free_context is called
the null message pointer will be dereferenced. Causing a segfault.

3. opensync_queue.c might accidentally dereferenced a null errormsg.

4. In opensync_serializer.c auth is checked when *auth was the pointer

that was actually given the allocated authentication object. Change
the check to *auth.

5. At line 210 of opensync_merger.c new_node is checked for null. Then

at line 213 new_node is dereferenced to get the doc pointer for
the destination doc. Remove call (and commented out call).

6. In opensync_xml.c at line 219 the two pointers are compared. But at

line 223 they are checked for null. Since strcmp will dereference
both pointers to compare their strings this would cause a segfault.
Move the pointer test to before the strcmp.

7. osyncplugin.c checks a pointer but only reports it. So if it is

indeed null a later action might dereference it. The fix is to
error out after reporting.

Signed-off-by: Erik Hovland <erik@…>
Tested-by: Daniel Gollub <dgollub@…>
Acked-by: Daniel Gollub <dgollub@…>

Location:
trunk
Files:
7 modified

Legend:

Unmodified
Added
Removed

  • trunk/opensync/client/opensync_client.c

    r3508 r3537  
    115115        if (!osync_error_is_set(&error)) { 
    116116                reply = osync_message_new_reply(message, &locerror); 
     117                if (!reply) 
     118                        goto error; 
     119 
    117120                //Send connect specific reply data 
    118121                osync_message_write_int(reply, slowsync); 
     
    302305        if (!osync_error_is_set(&error)) { 
    303306                reply = osync_message_new_reply(message, &locerror); 
     307                if (!reply) 
     308                        goto error; 
     309 
    304310                //Send get_changes specific reply data 
    305311                osync_message_write_string(reply, osync_change_get_uid(baton->change)); 
     
    346352        if (!osync_error_is_set(&error)) { 
    347353                reply = osync_message_new_reply(message, &locerror); 
     354                if (!reply) 
     355                        goto error; 
     356 
    348357                //Send get_changes specific reply data 
    349358                osync_message_write_string(reply, osync_change_get_uid(baton->change)); 

  • trunk/opensync/client/opensync_client_proxy.c

    r3508 r3537  
    12761276        return TRUE; 
    12771277 
     1278error_free_message: 
     1279        osync_message_unref(message); 
    12781280error_free_context: 
    12791281        g_free(ctx); 
    1280 error_free_message: 
    1281         osync_message_unref(message); 
    12821282error: 
    12831283        osync_trace(TRACE_EXIT_ERROR, "%s: %s", __func__, osync_error_print(error)); 
     
    13201320        return TRUE; 
    13211321 
     1322error_free_message: 
     1323        osync_message_unref(message); 
    13221324error_free_context: 
    13231325        g_free(ctx); 
    1324 error_free_message: 
    1325         osync_message_unref(message); 
    13261326error: 
    13271327        osync_trace(TRACE_EXIT_ERROR, "%s: %s", __func__, osync_error_print(error)); 
     
    13641364        return TRUE; 
    13651365 
     1366error_free_message: 
     1367        osync_message_unref(message); 
    13661368error_free_context: 
    13671369        g_free(ctx); 
    1368 error_free_message: 
    1369         osync_message_unref(message); 
    13701370error: 
    13711371        osync_trace(TRACE_EXIT_ERROR, "%s: %s", __func__, osync_error_print(error)); 
     
    14101410        return TRUE; 
    14111411 
     1412error_free_message: 
     1413        osync_message_unref(message); 
    14121414error_free_context: 
    14131415        g_free(ctx); 
    1414 error_free_message: 
    1415         osync_message_unref(message); 
    14161416error: 
    14171417        osync_trace(TRACE_EXIT_ERROR, "%s: %s", __func__, osync_error_print(error)); 
     
    14541454        return TRUE; 
    14551455 
     1456error_free_message: 
     1457        osync_message_unref(message); 
    14561458error_free_context: 
    14571459        g_free(ctx); 
    1458 error_free_message: 
    1459         osync_message_unref(message); 
    14601460error: 
    14611461        osync_trace(TRACE_EXIT_ERROR, "%s: %s", __func__, osync_error_print(error)); 
     
    14981498        return TRUE; 
    14991499 
     1500error_free_message: 
     1501        osync_message_unref(message); 
    15001502error_free_context: 
    15011503        g_free(ctx); 
    1502 error_free_message: 
    1503         osync_message_unref(message); 
    15041504error: 
    15051505        osync_trace(TRACE_EXIT_ERROR, "%s: %s", __func__, osync_error_print(error)); 

  • trunk/opensync/ipc/opensync_queue.c

    r3305 r3537  
    137137 
    138138                        pending->callback(errormsg, pending->user_data); 
    139                         osync_message_unref(errormsg); 
     139                        if (errormsg != NULL) 
     140                                osync_message_unref(errormsg); 
    140141 
    141142                        // TODO: Refcounting for OSyncPendingMessage 

  • trunk/opensync/ipc/opensync_serializer.c

    r3506 r3537  
    11651165 
    11661166        *auth = osync_plugin_authentication_new(error); 
    1167         if (!auth) 
     1167        if (!*auth) 
    11681168                goto error; 
    11691169 

  • trunk/opensync/merger/opensync_merger.c

    r3365 r3537  
    211211                                                        for(tmp=list; tmp != NULL; tmp = g_slist_next(tmp)) { 
    212212                                                                xmlUnlinkNode(tmp->data); 
    213                                                                 xmlDOMWrapAdoptNode(NULL, ((xmlNodePtr)tmp->data)->doc, tmp->data, new_node->doc, new_par_node, 0); 
    214                                                                 //xmlAddChild(new_par_node, tmp->data); 
    215213                                                        } 
    216214                                                }else{ 

  • trunk/opensync/opensync_xml.c

    r3207 r3537  
    217217                                goto next; 
    218218                        } 
     219                        if (!leftcontent || !rightcontent) { 
     220                                osync_trace(TRACE_EXIT, "%s: One is empty", __func__); 
     221                                return FALSE; 
     222                        } 
    219223                        if (!strcmp(leftcontent, rightcontent)) { 
    220224                                g_free(rightcontent); 
    221225                                goto next; 
    222                         } 
    223                         if (!leftcontent || !rightcontent) { 
    224                                 osync_trace(TRACE_EXIT, "%s: One is empty", __func__); 
    225                                 return FALSE; 
    226226                        } 
    227227                        g_free(rightcontent); 

  • trunk/tools/osyncplugin.c

    r3526 r3537  
    10581058        assert(cmd); 
    10591059 
    1060         if (cmd->cmd != CMD_INITIALIZE && *plugin_data == NULL) 
     1060        if (cmd->cmd != CMD_INITIALIZE && *plugin_data == NULL) { 
    10611061                fprintf(stderr, "WARNING: Got Plugin initialized? plugin_data is NULL.\n"); 
     1062                goto error; 
     1063        } 
    10621064 
    10631065