Add sanity check for a couple malloc() and make code more resilient

Author: victorhora

CHANGES

@@ -1,6 +1,8 @@
 DD MMM YYYY - 2.9.3 - To be released
 ------------------------------------
 
+ * Add sanity check for a couple malloc() and make code more resilient
+   [Issue #979 - @dogbert2, @victorhora, @zimmerl]
  * Fix NetBSD build by renaming the hmac function to avoid conflicts
    [Issue #1241 - @victorhora, @joerg, @sevan]
  * IIS: Windows build, fix duplicate YAJL dir in script

apache2/msc_remote_rules.c

@@ -312,6 +312,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
         struct curl_slist *headers_chunk = NULL;
 #ifdef WIN32
         char *buf = malloc(sizeof(TCHAR) * (2048 + 1));
+       if (buf == NULL) { /* malloc failed... */
+           *error_msg = apr_psprintf(mp, "Unable to allocate memory");
+           ret = -2;
+           goto failed;    
+       }    
         char *ptr = NULL;
         DWORD res_len;
 #endif

apache2/msc_util.c

@@ -2779,20 +2779,29 @@ int ip_tree_from_param(apr_pool_t *mp,
 }
 
 #ifdef WITH_CURL
-size_t msc_curl_write_memory_cb(void *contents, size_t size,
-        size_t nmemb, void *userp)
+size_t msc_curl_write_memory_cb(apr_pool_t *mp, void *contents, size_t size,
+        size_t nmemb, void *userp, char **error_msg)
 {
     size_t realsize = size * nmemb;
     struct msc_curl_memory_buffer_t *mem = (struct msc_curl_memory_buffer_t *)userp;
 
     if (mem->size == 0)
     {
         mem->memory = malloc(realsize + 1);
+        if (mem->memory == NULL) {
+            *error_msg = apr_psprintf(mp, "Unable to allocate buffer for mem->memory");
+            return 0;
+        }
         memset(mem->memory, '\0', sizeof(realsize + 1));
     }
     else
     {
-        mem->memory = realloc(mem->memory, mem->size + realsize + 1);
+        void *tmp;
+        tmp = mem->memory;
+        tmp = realloc(mem->memory, mem->size + realsize + 1);
+        if (tmp != NULL) {
+            mem->memory = tmp;
+        }
         memset(mem->memory + mem->size, '\0', sizeof(realsize + 1));
     }
 

apache2/msc_util.h

@@ -166,8 +166,8 @@ int ip_tree_from_uri(TreeRoot **rtree, char *uri,
 
 int read_line(char *buff, int size, FILE *fp);
 
-size_t msc_curl_write_memory_cb(void *contents, size_t size,
-    size_t nmemb, void *userp);
+size_t msc_curl_write_memory_cb(apr_pool_t *mp, void *contents, size_t size,
+    size_t nmemb, void *userp, char **error_msg);
 
 struct msc_curl_memory_buffer_t
 {