source: trunk/src/sh_mem.c@ 463

Last change on this file since 463 was 459, checked in by katerina, 10 years ago

Fix for ticket #360 (free on null pointer).

File size: 10.5 KB
Line 
1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 1999, 2000 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#include "config_xor.h"
21
22#if defined(HAVE_PTHREAD_MUTEX_RECURSIVE)
23#define _XOPEN_SOURCE 500
24#endif
25
26#include <stdio.h>
27#include <stdlib.h>
28#include <string.h>
29#include <sys/types.h>
30#include <unistd.h>
31
32
33#ifdef HAVE_MEMORY_H
34#include <memory.h>
35#endif
36
37#define SH_REAL_SET
38
39#include "samhain.h"
40#include "sh_error.h"
41#include "sh_utils.h"
42#include "sh_mem.h"
43#include "sh_pthread.h"
44
45extern int safe_logger (int thesignal, int method, char * details);
46
47#undef FIL__
48#define FIL__ _("sh_mem.c")
49
50#ifdef MEM_DEBUG
51
52#define CHECKBYTE 0x7F
53
54/* Memory alignment; should be 16 bytes on 64 bit machines.
55 * -> 32 bytes overhead/allocation
56 */
57#define SH_MEMMULT 16
58
59
60typedef struct mem_struct {
61 struct mem_struct *next; /* link to next struct */
62 char * real_address; /* address assigned */
63 char * address; /* address returned */
64 unsigned long size; /* size allocated */
65 char file[20]; /* Allocation file name */
66 int line; /* Allocation line number */
67} memlist_t;
68
69memlist_t * memlist = NULL;
70
71int Free_Count = 0, Alloc_Count = 0;
72int Now_Alloc_Count = 0, Max_Alloc_Count = 0;
73unsigned long Mem_Current = 0, Mem_Max = 0;
74
75#ifdef HAVE_PTHREAD
76SH_MUTEX_RECURSIVE(mutex_mem);
77#endif
78
79/* define MEM_LOG to an absolute filename to enable this */
80#ifdef MEM_LOG
81void sh_mem_dump ()
82{
83 memlist_t * this = memlist;
84 FILE * fd;
85
86 SH_MUTEX_RECURSIVE_INIT(mutex_mem);
87 SH_MUTEX_RECURSIVE_LOCK(mutex_mem);
88
89 fd = fopen(MEM_LOG, "w");
90 if (!fd)
91 {
92 perror(MEM_LOG);
93 _exit(EXIT_FAILURE);
94 }
95
96 while (this != NULL)
97 {
98 fprintf (fd, "## %20s %5d %ld\n", this->file, this->line, this->size);
99 fprintf (fd, "%10p %8ld\n", (void *)this->address, this->size);
100 this = this->next;
101 }
102 sl_fclose(FIL__, __LINE__, fd);
103
104 SH_MUTEX_RECURSIVE_UNLOCK(mutex_mem);
105 _exit(EXIT_SUCCESS);
106}
107#else
108void sh_mem_dump ()
109{
110 return;
111}
112#endif
113
114static memlist_t ** sh_mem_merr_1;
115
116void sh_mem_stat ()
117{
118 memlist_t * this;
119 memlist_t * merrlist = NULL;
120
121 SL_ENTER(_("sh_mem_stat"));
122
123 sh_mem_merr_1 = (memlist_t **) &merrlist;
124
125 if (Alloc_Count == Free_Count)
126 {
127 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MSTAMP,
128 Mem_Max, Mem_Current);
129 SL_RET0(_("sh_mem_stat"));
130 }
131
132 sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, 0, MSG_MSTAMP2,
133 Alloc_Count, Free_Count, Max_Alloc_Count);
134 sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, 0, MSG_MSTAMP,
135 Mem_Max, Mem_Current);
136
137 SH_MUTEX_RECURSIVE_INIT(mutex_mem);
138 SH_MUTEX_RECURSIVE_LOCK(mutex_mem);
139
140 this = memlist;
141
142 while (this != NULL)
143 {
144 memlist_t * merr = calloc(1,sizeof(memlist_t));
145
146 memcpy(merr, this, sizeof(memlist_t));
147 merr->next = merrlist;
148 merrlist = merr;
149
150 this = this->next;
151 }
152
153 SH_MUTEX_RECURSIVE_UNLOCK(mutex_mem);
154
155 while (merrlist != NULL)
156 {
157 memlist_t * tmp = merrlist;
158 merrlist = merrlist->next;
159
160 sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_NOTFREE,
161 tmp->size, tmp->file, tmp->line);
162 free(tmp);
163 }
164
165 SL_RET0(_("sh_mem_stat"));
166}
167
168static memlist_t ** sh_mem_merr_2;
169
170void sh_mem_check ()
171{
172 memlist_t * this;
173 memlist_t * merrlist = NULL;
174 memlist_t * merr;
175 long nerr = 0;
176
177 SL_ENTER(_("sh_mem_check"));
178
179 sh_mem_merr_2 = (memlist_t **) &merrlist;
180
181 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MSTAMP,
182 Mem_Max, Mem_Current);
183
184 SH_MUTEX_RECURSIVE_INIT(mutex_mem);
185 SH_MUTEX_RECURSIVE_LOCK(mutex_mem);
186
187 this = memlist;
188
189 while (this != NULL)
190 {
191 if ( this->address == NULL )
192 {
193 merr = calloc (1,sizeof(memlist_t));
194
195 memcpy(merr, this, sizeof(memlist_t));
196 merr->size = 2;
197
198 merr->next = merrlist;
199 merrlist = merr;
200 ++nerr;
201 }
202 else
203 {
204 if ( this->address[this->size] != CHECKBYTE )
205 {
206 merr = calloc(1, sizeof(memlist_t));
207
208 memcpy(merr, this, sizeof(memlist_t));
209 merr->size = 1;
210
211 merr->next = merrlist;
212 merrlist = merr;
213 ++nerr;
214 }
215 if ( this->real_address[SH_MEMMULT-1] != CHECKBYTE )
216 {
217 merr = calloc(1, sizeof(memlist_t));
218
219 memcpy(merr, this, sizeof(memlist_t));
220 merr->size = 0;
221
222 merr->next = merrlist;
223 merrlist = merr;
224 ++nerr;
225 }
226 }
227 this = this->next;
228 }
229
230
231 SH_MUTEX_RECURSIVE_UNLOCK(mutex_mem);
232
233 while (merrlist != NULL)
234 {
235 memlist_t * tmp = merrlist;
236 merrlist = merrlist->next;
237
238 if (tmp->size == 2)
239 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MNULL,
240 tmp->file, tmp->line, FIL__, __LINE__);
241 if (tmp->size == 1)
242 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MOVER,
243 tmp->file, tmp->line, FIL__, __LINE__);
244 else
245 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MUNDER,
246 tmp->file, tmp->line, FIL__, __LINE__);
247 free(tmp);
248 }
249
250 SL_RET0(_("sh_mem_check"));
251}
252
253void * sh_mem_malloc (size_t size, char * file, int line)
254{
255 void * the_realAddress;
256 void * theAddress;
257 memlist_t * this;
258
259 SL_ENTER(_("sh_mem_malloc"));
260
261 SH_MUTEX_RECURSIVE_INIT(mutex_mem);
262 SH_MUTEX_RECURSIVE_LOCK(mutex_mem);
263
264 the_realAddress = calloc(1,size + 2 * SH_MEMMULT);
265
266 if ( the_realAddress == NULL )
267 {
268 (void) safe_logger (0, 0, NULL);
269
270 /* use _exit() rather than exit() - we malloc() in atexit() functions
271 */
272 _exit (EXIT_FAILURE);
273 }
274
275 /* --- Set check bytes. ---
276 */
277 theAddress = ((char *) the_realAddress + SH_MEMMULT);
278
279 memset(the_realAddress, CHECKBYTE, SH_MEMMULT);
280 memset(theAddress, CHECKBYTE, size + 1);
281 memset(theAddress, 0, 1);
282
283 ++Alloc_Count;
284 ++Now_Alloc_Count;
285
286 if (Max_Alloc_Count < Now_Alloc_Count)
287 Max_Alloc_Count = Now_Alloc_Count;
288
289 Mem_Current += size;
290 Mem_Max = ( (Mem_Current > Mem_Max) ? Mem_Current : Mem_Max);
291
292 this = calloc(1,sizeof(memlist_t));
293
294 if ( this == NULL)
295 {
296 (void) safe_logger(0, 0, NULL);
297
298 _exit(EXIT_FAILURE);
299 }
300 else
301 {
302 /* make list entry */
303
304 this->real_address = the_realAddress;
305 this->address = theAddress;
306 this->size = size;
307 this->line = line;
308 sl_strlcpy(this->file, file, 20);
309
310 this->next = memlist;
311 memlist = this;
312 }
313
314 SH_MUTEX_RECURSIVE_UNLOCK(mutex_mem);
315 SL_RETURN( theAddress, _("sh_mem_malloc"));
316}
317
318static void ** sh_mem_dummy_a;
319static memlist_t ** sh_mem_merr_3;
320
321void sh_mem_free (void * aa, char * file, int line)
322{
323 memlist_t * this;
324 memlist_t * before;
325 memlist_t * merr;
326 memlist_t * merrlist = NULL;
327 unsigned long size = 0;
328 void * a;
329 volatile int flag = 0;
330
331 SL_ENTER(_("sh_mem_free"));
332
333 a = aa;
334 sh_mem_dummy_a = &a;
335 sh_mem_merr_3 = (memlist_t **) &merrlist;
336
337
338 if ( a == NULL )
339 {
340 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MNULL,
341 file, line, FIL__, __LINE__);
342 SL_RET0(_("sh_mem_free"));
343 }
344
345 SH_MUTEX_RECURSIVE_INIT(mutex_mem);
346 SH_MUTEX_RECURSIVE_LOCK(mutex_mem);
347
348 this = memlist;
349 before = memlist;
350
351 /* -- Find record. --
352 */
353 while (this != NULL)
354 {
355 if (this->address == a)
356 break;
357 before = this;
358 this = this->next;
359 }
360
361 if (this == NULL)
362 {
363 flag = 1;
364 goto out;
365 }
366 else
367 {
368 a = this->real_address;
369
370 if ( this->address[this->size] != CHECKBYTE )
371 {
372 merr = calloc(1, sizeof(memlist_t));
373
374 memcpy(merr, this, sizeof(memlist_t));
375 merr->size = 1;
376
377 merr->next = merrlist;
378 merrlist = merr;
379 }
380
381 if ( this->real_address[SH_MEMMULT-1] != CHECKBYTE )
382 {
383 merr = calloc(1,sizeof(memlist_t));
384
385 memcpy(merr, this, sizeof(memlist_t));
386 merr->size = 0;
387
388 merr->next = merrlist;
389 merrlist = merr;
390 }
391
392 size = this->size;
393
394 if (this == memlist)
395 memlist = this->next;
396 else
397 before->next = this->next;
398 }
399
400 free(a);
401 if (this)
402 free(this);
403
404 ++Free_Count;
405 --Now_Alloc_Count;
406
407 Mem_Current -= size;
408 out:
409 ; /* label at end of compound statement */
410 SH_MUTEX_RECURSIVE_UNLOCK(mutex_mem);
411
412 while (merrlist != NULL)
413 {
414 memlist_t * tmp = merrlist;
415 merrlist = merrlist->next;
416
417 if (tmp->size == 1)
418 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MOVER,
419 tmp->file, tmp->line, file, line);
420 else
421 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MUNDER,
422 tmp->file, tmp->line, file, line);
423 free(tmp);
424 }
425
426 if (flag != 0)
427 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MREC,
428 file, line);
429
430 SL_RET0(_("sh_mem_free"));
431}
432
433#else
434
435void sh_mem_free (void * a)
436{
437 SL_ENTER(_("sh_mem_free"));
438
439 if (a)
440 {
441 free(a);
442 }
443 else
444 {
445 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MNULL);
446 SH_ABORT;
447 }
448 SL_RET0(_("sh_mem_free"));
449}
450
451void * sh_mem_malloc (size_t size)
452{
453 void * theAddress;
454
455 SL_ENTER(_("sh_mem_malloc"));
456
457 theAddress = calloc(1,size);
458
459 if ( theAddress != NULL )
460 {
461 SL_RETURN( theAddress, _("sh_mem_malloc"));
462 }
463 else
464 {
465 (void) safe_logger(0, 0, NULL);
466
467 /* use _exit() rather than exit() - we malloc() in atexit()
468 */
469 SH_ABORT;
470 _exit (EXIT_FAILURE);
471 }
472}
473#endif
Note: See TracBrowser for help on using the repository browser.