fix: check for return value of asprintf

in case of failure, free buffer and log error

Signed-off-by: Ulrich Weber <ulrich.weber@gmail.com>

src/config.c

@@ -369,7 +369,7 @@ static const char *config_def_app_version(void)
 	char *version;
 
 	uname(&uts);
-	asprintf(&version, "Cisco Systems VPN Client %s:%s", VERSION, uts.sysname);
+	ASPRINTF(&version, "Cisco Systems VPN Client %s:%s", VERSION, uts.sysname);
 	return version;
 }
 
@@ -686,7 +686,7 @@ static char *get_config_filename(const char *name, int add_dot_conf)
 {
 	char *realname;
 
-	asprintf(&realname, "%s%s%s", strchr(name, '/') ? "" : "/etc/vpnc/", name, add_dot_conf ? ".conf" : "");
+	ASPRINTF(&realname, "%s%s%s", strchr(name, '/') ? "" : "/etc/vpnc/", name, add_dot_conf ? ".conf" : "");
 	return realname;
 }
 
@@ -1019,14 +1019,14 @@ void do_config(int argc, char **argv)
 			printf("Enter IPSec ID for %s: ", config[CONFIG_IPSEC_GATEWAY]);
 			break;
 		case CONFIG_IPSEC_SECRET:
-			asprintf(&prompt, "Enter IPSec secret for %s@%s: ",
+			ASPRINTF(&prompt, "Enter IPSec secret for %s@%s: ",
 					 config[CONFIG_IPSEC_ID], config[CONFIG_IPSEC_GATEWAY]);
 			break;
 		case CONFIG_XAUTH_USERNAME:
 			printf("Enter username for %s: ", config[CONFIG_IPSEC_GATEWAY]);
 			break;
 		case CONFIG_XAUTH_PASSWORD:
-			asprintf(&prompt, "Enter password for %s@%s: ",
+			ASPRINTF(&prompt, "Enter password for %s@%s: ",
 					 config[CONFIG_XAUTH_USERNAME],
 					 config[CONFIG_IPSEC_GATEWAY]);
 			break;

src/vpnc.c

@@ -373,7 +373,7 @@ static void setup_tunnel(struct sa_block *s)
 		}
 		if (mtu > 0) {
 			char *strbuf;
-			asprintf(&strbuf, "%d", mtu);
+			ASPRINTF(&strbuf, "%d", mtu);
 			setenv("INTERNAL_IP4_MTU", strbuf, 1);
 			free(strbuf);
 		}
@@ -983,7 +983,7 @@ static int do_config_to_env(struct sa_block *s, struct isakmp_attribute *a)
 			else {
 				uint32_t netaddr = s->our_address.s_addr & ((struct in_addr *)(a->u.lots.data))->s_addr;
 				addenv_ipv4("INTERNAL_IP4_NETMASK", a->u.lots.data);
-				asprintf(&strbuf, "%d", mask_to_masklen(*((struct in_addr *)a->u.lots.data)));
+				ASPRINTF(&strbuf, "%d", mask_to_masklen(*((struct in_addr *)a->u.lots.data)));
 				setenv("INTERNAL_IP4_NETMASKLEN", strbuf, 1);
 				free(strbuf);
 				addenv_ipv4("INTERNAL_IP4_NETADDR",  (uint8_t *)&netaddr);
@@ -1060,47 +1060,47 @@ static int do_config_to_env(struct sa_block *s, struct isakmp_attribute *a)
 			}
 
 			DEBUG(2, printf("got %d acls for split include\n", a->u.acl.count));
-			asprintf(&strbuf, "%d", a->u.acl.count);
+			ASPRINTF(&strbuf, "%d", a->u.acl.count);
 			setenv("CISCO_SPLIT_INC", strbuf, 1);
 			free(strbuf);
 
 			for (i = 0; i < a->u.acl.count; i++) {
 				DEBUG(2, printf("acl %d: ", i));
 				/* NOTE: inet_ntoa returns one static buffer */
 
-				asprintf(&strbuf, "CISCO_SPLIT_INC_%d_ADDR", i);
-				asprintf(&strbuf2, "%s", inet_ntoa(a->u.acl.acl_ent[i].addr));
+				ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_ADDR", i);
+				ASPRINTF(&strbuf2, "%s", inet_ntoa(a->u.acl.acl_ent[i].addr));
 				DEBUG(2, printf("addr: %s/", strbuf2));
 				setenv(strbuf, strbuf2, 1);
 				free(strbuf); free(strbuf2);
 
-				asprintf(&strbuf, "CISCO_SPLIT_INC_%d_MASK", i);
-				asprintf(&strbuf2, "%s", inet_ntoa(a->u.acl.acl_ent[i].mask));
+				ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_MASK", i);
+				ASPRINTF(&strbuf2, "%s", inet_ntoa(a->u.acl.acl_ent[i].mask));
 				DEBUG(2, printf("%s ", strbuf2));
 				setenv(strbuf, strbuf2, 1);
 				free(strbuf); free(strbuf2);
 
 				/* this is just here because ip route does not accept netmasks */
-				asprintf(&strbuf, "CISCO_SPLIT_INC_%d_MASKLEN", i);
-				asprintf(&strbuf2, "%d", mask_to_masklen(a->u.acl.acl_ent[i].mask));
+				ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_MASKLEN", i);
+				ASPRINTF(&strbuf2, "%d", mask_to_masklen(a->u.acl.acl_ent[i].mask));
 				DEBUG(2, printf("(%s), ", strbuf2));
 				setenv(strbuf, strbuf2, 1);
 				free(strbuf); free(strbuf2);
 
-				asprintf(&strbuf, "CISCO_SPLIT_INC_%d_PROTOCOL", i);
-				asprintf(&strbuf2, "%hu", a->u.acl.acl_ent[i].protocol);
+				ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_PROTOCOL", i);
+				ASPRINTF(&strbuf2, "%hu", a->u.acl.acl_ent[i].protocol);
 				DEBUG(2, printf("protocol: %s, ", strbuf2));
 				setenv(strbuf, strbuf2, 1);
 				free(strbuf); free(strbuf2);
 
-				asprintf(&strbuf, "CISCO_SPLIT_INC_%d_SPORT", i);
-				asprintf(&strbuf2, "%hu", a->u.acl.acl_ent[i].sport);
+				ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_SPORT", i);
+				ASPRINTF(&strbuf2, "%hu", a->u.acl.acl_ent[i].sport);
 				DEBUG(2, printf("sport: %s, ", strbuf2));
 				setenv(strbuf, strbuf2, 1);
 				free(strbuf); free(strbuf2);
 
-				asprintf(&strbuf, "CISCO_SPLIT_INC_%d_DPORT", i);
-				asprintf(&strbuf2, "%hu", a->u.acl.acl_ent[i].dport);
+				ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_DPORT", i);
+				ASPRINTF(&strbuf2, "%hu", a->u.acl.acl_ent[i].dport);
 				DEBUG(2, printf("dport: %s\n", strbuf2));
 				setenv(strbuf, strbuf2, 1);
 				free(strbuf); free(strbuf2);
@@ -2378,7 +2378,7 @@ static int do_phase2_xauth(struct sa_block *s)
 				} else if (seen_answer || passwd_used || config[CONFIG_XAUTH_INTERACTIVE]) {
 					char *pass, *prompt = NULL;
 
-					asprintf(&prompt, "%s for VPN %s@%s: ",
+					ASPRINTF(&prompt, "%s for VPN %s@%s: ",
 							 (ap->type == ISAKMP_XAUTH_06_ATTRIB_ANSWER) ?
 							 "Answer" :
 							 (ap->type == ISAKMP_XAUTH_06_ATTRIB_USER_PASSWORD) ?

src/vpnc.h

@@ -11,12 +11,15 @@
 #define VPNC_VPNC_H
 
 #include "tunip.h"
+#include "syslog.h"
 
 void process_late_ike(struct sa_block *s, uint8_t *r_packet, ssize_t r_length);
 void keepalive_ike(struct sa_block *s);
 void dpd_ike(struct sa_block *s);
 void print_vid(const unsigned char *vid, uint16_t len);
 void rekey_phase1(struct sa_block *s);
 
+#define ASPRINTF(strp, ...)	if (asprintf(strp, __VA_ARGS__) < 0) \
+	{ if (**strp) { free(*strp);} logmsg(LOG_ERR, "Failed to call asprintf() at %s:%d", __FILE__, __LINE__);}
 
 #endif /* VPNC_VPNC_H */