From c49d383f99969a98da34accf8666a5f3ae6c98d8 Mon Sep 17 00:00:00 2001
From: Cheyenne Wills <cwills@sinenomine.net>
Date: Fri, 12 Mar 2021 12:29:57 -0700
Subject: [PATCH] bozo: Fix memory leak, check for malloc failures

While reading the BosConfig file, the buffer obtained to hold the notp
(notify) parameter is never freed. Reading the BosConfig is only
done once at bosserver start up, so this is a one-time memory
allocation.

There are no checks for malloc failures.

Release the notp buffer and add checks for memory allocation errors.

Change-Id: Iffcb0db12f983a6a6d6a810a98be30152fa73c89
Reviewed-on: https://gerrit.openafs.org/14551
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
---
 src/bozo/bosserver.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/bozo/bosserver.c b/src/bozo/bosserver.c
index d29fdaa..900412c 100644
--- a/src/bozo/bosserver.c
+++ b/src/bozo/bosserver.c
@@ -352,7 +352,7 @@ ReadBozoFile(char *aname)
     FILE *tfile;
     char tbuffer[BOZO_BSSIZE];
     char *tp;
-    char *instp, *typep, *notifier, *notp;
+    char *instp = NULL, *typep = NULL, *notifier = NULL, *notp = NULL;
     afs_int32 code;
     afs_int32 ktmask, ktday, kthour, ktmin, ktsec;
     afs_int32 i, goal;
@@ -398,8 +398,20 @@ ReadBozoFile(char *aname)
     if (!tfile)
 	return 0;		/* -1 */
     instp = malloc(BOZO_BSSIZE);
+    if (!instp) {
+	code = ENOMEM;
+	goto fail;
+    }
     typep = malloc(BOZO_BSSIZE);
+    if (!typep) {
+	code = ENOMEM;
+	goto fail;
+    }
     notp = malloc(BOZO_BSSIZE);
+    if (!notp) {
+	code = ENOMEM;
+	goto fail;
+    }
     while (1) {
 	/* ok, read lines giving parms and such from the file */
 	tp = fgets(tbuffer, sizeof(tbuffer), tfile);
@@ -486,8 +498,13 @@ ReadBozoFile(char *aname)
 		code = -1;
 		goto fail;	/* no "parm " either */
 	    }
-	    if (!parms[i])	/* make sure there's space */
+	    if (!parms[i]) {	/* make sure there's space */
 		parms[i] = malloc(BOZO_BSSIZE);
+		if (parms[i] == NULL) {
+		    code = ENOMEM;
+		    goto fail;
+		}
+	    }
 	    strcpy(parms[i], tbuffer + 5);	/* remember the parameter for later */
 	    thisparms[i] = parms[i];
 	}
@@ -517,6 +534,8 @@ ReadBozoFile(char *aname)
 	free(instp);
     if (typep)
 	free(typep);
+    if (notp)
+	free(notp);
     for (i = 0; i < MAXPARMS; i++)
 	if (parms[i])
 	    free(parms[i]);
-- 
1.9.4