commit 09794a6ba1a870ffa57a6e0ab87f578948f1ffed
author Anton Moryakov <ant.v.moryakov@gmail.com> Fri Feb 07 01:01:23 2025 +0300
committer Tom Rini <trini@konsulko.com> Tue Feb 11 08:17:23 2025 -0600
tree e138100fc9bd9b63bcaae69140443d2d8b0e84c2
parent 7f82174d8c35d4bd1fba8a420a7307361cbd0ab3

common: Add NULL checks for xrealloc in make_string cli_hush.c

- Check return value of xrealloc for NULL.
- Free allocated memory and return NULL if xrealloc fails.
- Prevent NULL pointer dereference in strlen and strcat.

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>

common/cli_hush.c

diff --git a/common/cli_hush.c b/common/cli_hush.c
index a6a8edc..9f437ae 100644
--- a/common/cli_hush.c
+++ b/common/cli_hush.c
@@ -3626,7 +3626,13 @@
 		noeval = 1;
 	for (n = 0; inp[n]; n++) {
 		p = insert_var_value_sub(inp[n], noeval);
-		str = xrealloc(str, (len + strlen(p) + (2 * nonnull[n])));
+		char *new_str = xrealloc(str, (len + strlen(p) + (2 * nonnull[n])));
+		if (!new_str) {
+			free(str);
+			if (p != inp[n]) free(p);
+			return NULL;
+		}
+		str = new_str;
 		if (n) {
 			strcat(str, " ");
 		} else {