check smb_buffer_alloc

Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>

src/smb_buffer.c

@@ -30,13 +30,28 @@ void    smb_buffer_init(smb_buffer *buf, void *data, size_t size)
     buf->size = size;
 }
 
-void    smb_buffer_alloc(smb_buffer *buf, size_t size)
+int     smb_buffer_alloc(smb_buffer *buf, size_t size)
 {
     assert(buf != NULL);
 
     buf->data = malloc(size);
-    if (buf->data)
+    if (buf->data) {
         buf->size = size;
+        return (1);
+    } else
+        return (0);
+}
+
+int     smb_buffer_alloca(smb_buffer *buf, size_t size)
+{
+    assert(buf != NULL);
+
+    buf->data = alloca(size);
+    if (buf->data) {
+        buf->size = size;
+        return (1);
+    } else
+        return (0);
 }
 
 void    smb_buffer_free(smb_buffer *buf)

src/smb_buffer.h

@@ -46,17 +46,13 @@ void    smb_buffer_init(smb_buffer *buf, void *data, size_t size);
 /**
  * @brief Allocate a size long memory area and place it in the buffer structure
  */
-void    smb_buffer_alloc(smb_buffer *buf, size_t size);
+int     smb_buffer_alloc(smb_buffer *buf, size_t size);
 
 /**
  * @brief Allocate a size long memory area from the stack and place it in
  *  the buffer structure
  */
-#define smb_buffer_alloca(buf, sz)    \
-  (buf)->data = alloca(sz);           \
-  (buf)->size = sz;                   \
-  assert((buf)->data != NULL);
-
+int    smb_buffer_alloca(smb_buffer *buf, size_t size);
 
 /**
  * @brief Free the data of this buffer if necessary

src/smb_ntlm.c

@@ -129,7 +129,8 @@ uint8_t     *smb_ntlm2_response(smb_ntlmh *hash_v2, uint64_t srv_challenge,
     uint8_t         *response, hmac[16];
 
 
-    smb_buffer_alloca(&data, sizeof(uint64_t) + blob->size);
+    if (smb_buffer_alloca(&data, sizeof(uint64_t) + blob->size) == 0)
+        return NULL;
     memcpy(data.data, (void *)&srv_challenge, sizeof(uint64_t));
     memcpy(data.data + sizeof(uint64_t), blob->data, blob->size);
 
@@ -274,7 +275,8 @@ void        smb_ntlmssp_negotiate(const char *host, const char *domain,
     token->size = sizeof(smb_ntlmssp_nego) + strlen(host) + strlen(domain);
     if (token->size % 2) // Align on Word
         token->size += 1;
-    smb_buffer_alloc(token, token->size);
+    if (smb_buffer_alloc(token, token->size) == 0)
+        return;
     // BDSM_dbg("Token size if %ld\n", token->size);
 
 
@@ -339,7 +341,11 @@ void        smb_ntlmssp_response(uint64_t srv_challenge, uint64_t srv_ts,
                   + 16;     // Session Key
     if (token->size % 2) // Align on Word
         token->size += 1;
-    smb_buffer_alloc(token, token->size);
+    if (smb_buffer_alloc(token, token->size) == 0) {
+        free(lm2);
+        free(ntlm2);
+        return;
+    }
 
     auth = (smb_ntlmssp_auth *)token->data;
     memset(auth, 0, token->size);

src/smb_spnego.c

@@ -202,7 +202,8 @@ static int      challenge(smb_session *s)
 
     // We got the server challenge, yeaaah.
     challenge = (smb_ntlmssp_challenge *)resp_token;
-    smb_buffer_alloc(&s->xsec_target, challenge->tgt_len);
+    if (smb_buffer_alloc(&s->xsec_target, challenge->tgt_len) == 0)
+        return (0);
     memcpy(s->xsec_target.data,
            challenge->data + challenge->tgt_offset - sizeof(smb_ntlmssp_challenge),
            s->xsec_target.size);