From 8d5131a1860db8244695b10120fe545cccbb5ffb Mon Sep 17 00:00:00 2001 From: brenosilva Date: Thu, 16 Aug 2012 18:26:20 +0000 Subject: [PATCH] Fixed some dereferenced pointers --- apache2/msc_crypt.c | 17 +++++++++++------ apache2/re_operators.c | 10 +++++----- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/apache2/msc_crypt.c b/apache2/msc_crypt.c index c96d16b9..8b0b1ffa 100644 --- a/apache2/msc_crypt.c +++ b/apache2/msc_crypt.c @@ -124,7 +124,7 @@ char *normalize_path(modsec_rec *msr, char *input) { * \retval seed random seed */ unsigned long prng() { - short num_matrix1[10], num_matrix2[10]; + short num_matrix1[10] = {0}, num_matrix2[10] = {0}; unsigned long num, num1, num2; short n, *p; unsigned short seed_num = 0; @@ -395,10 +395,11 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { if (s == NULL) return -1; s->name = apr_pstrdup(msr->mp, "MSC_PCRE_LIMITS_EXCEEDED"); + if (s->name == NULL) return -1; s->name_len = strlen(s->name); s->value = apr_pstrdup(msr->mp, "1"); + if (s->value == NULL) return -1; s->value_len = 1; - if ((s->name == NULL)||(s->value == NULL)) return -1; apr_table_setn(msr->tx_vars, s->name, (void *)s); error_msg = apr_psprintf(msr->mp, @@ -449,10 +450,11 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { if (s == NULL) return -1; s->name = apr_pstrdup(msr->mp, "MSC_PCRE_LIMITS_EXCEEDED"); + if (s->name == NULL) return -1; s->name_len = strlen(s->name); s->value = apr_pstrdup(msr->mp, "1"); + if (s->value == NULL) return -1; s->value_len = 1; - if ((s->name == NULL)||(s->value == NULL)) return -1; apr_table_setn(msr->tx_vars, s->name, (void *)s); error_msg = apr_psprintf(msr->mp, @@ -503,10 +505,11 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { if (s == NULL) return -1; s->name = apr_pstrdup(msr->mp, "MSC_PCRE_LIMITS_EXCEEDED"); + if (s->name == NULL) return -1; s->name_len = strlen(s->name); s->value = apr_pstrdup(msr->mp, "1"); + if (s->value == NULL) return -1; s->value_len = 1; - if ((s->name == NULL)||(s->value == NULL)) return -1; apr_table_setn(msr->tx_vars, s->name, (void *)s); error_msg = apr_psprintf(msr->mp, @@ -557,10 +560,11 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { if (s == NULL) return -1; s->name = apr_pstrdup(msr->mp, "MSC_PCRE_LIMITS_EXCEEDED"); + if (s->name == NULL) return -1; s->name_len = strlen(s->name); s->value = apr_pstrdup(msr->mp, "1"); + if (s->value == NULL) return -1; s->value_len = 1; - if ((s->name == NULL)||(s->value == NULL)) return -1; apr_table_setn(msr->tx_vars, s->name, (void *)s); error_msg = apr_psprintf(msr->mp, @@ -611,10 +615,11 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { if (s == NULL) return -1; s->name = apr_pstrdup(msr->mp, "MSC_PCRE_LIMITS_EXCEEDED"); + if (s->name == NULL) return -1; s->name_len = strlen(s->name); s->value = apr_pstrdup(msr->mp, "1"); + if (s->value == NULL) return -1; s->value_len = 1; - if ((s->name == NULL)||(s->value == NULL)) return -1; apr_table_setn(msr->tx_vars, s->name, (void *)s); error_msg = apr_psprintf(msr->mp, diff --git a/apache2/re_operators.c b/apache2/re_operators.c index 01f6b545..3f1f2310 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -1285,15 +1285,15 @@ static int msre_op_pm_param_init(msre_rule *rule, char **error_msg) { static int msre_op_pmFromFile_param_init(msre_rule *rule, char **error_msg) { char errstr[1024]; char buf[HUGE_STRING_LEN + 1]; - char *fn; - char *next; - char *start; - char *end; + char *fn = NULL; + char *next = NULL; + char *start = NULL; + char *end = NULL; const char *rulefile_path; char *processed = NULL; unsigned short int op_len; apr_status_t rc; - apr_file_t *fd; + apr_file_t *fd = NULL; ACMP *p; if ((rule->op_param == NULL)||(strlen(rule->op_param) == 0)) {