From b566d33d344876392254941d8ef73c848194c432 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@sun.com>
Date: Wed, 17 Jun 2009 15:36:54 -0700
Subject: Fix server name handling in IOError messages during connection setup

 - Don't try to sprintf a NULL string for the server name
 - Initialize the server name pointer in the srv struct sooner,
   so errors during connection initialization can print it instead
   of a null string in the error message

Had to update the error paths that freed the partially constructed
structure, so combined them into a common implmentation via "goto fail".

Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
---
 src/FSOpenServ.c | 78 +++++++++++++++++++++++---------------------------------
 src/FSlibInt.c   |  2 +-
 2 files changed, 33 insertions(+), 47 deletions(-)

diff --git a/src/FSOpenServ.c b/src/FSOpenServ.c
index 3c29ffe..42463f5 100644
--- a/src/FSOpenServ.c
+++ b/src/FSOpenServ.c
@@ -88,8 +88,8 @@ void OutOfMemory(
     FSServer	*svr,
     char	*setup)
 {
-
-    _FSDisconnectServer(svr->trans_conn);
+    if (svr->trans_conn)
+	_FSDisconnectServer(svr->trans_conn);
     _FSFreeServerStructure(svr);
     FSfree(setup);
     errno = ENOMEM;
@@ -108,12 +108,12 @@ FSOpenServer(char *server)
     int         endian;
     fsConnClientPrefix client;
     fsConnSetup prefix;
-    char       *setup;
+    char       *setup = NULL;
     fsConnSetupAccept conn;
-    char       *auth_data;
-    char       *alt_data,
+    char       *auth_data = NULL;
+    char       *alt_data = NULL,
                *ad;
-    AlternateServer *alts;
+    AlternateServer *alts = NULL;
     int         altlen;
     char       *vendor_string;
     unsigned long        setuplength;
@@ -128,9 +128,15 @@ FSOpenServer(char *server)
 	errno = ENOMEM;
 	return (FSServer *) NULL;
     }
+
+    if ((svr->server_name = FSmalloc((unsigned) (strlen(server) + 1)))
+	    == NULL) {
+	goto fail;
+    }
+    (void) strcpy(svr->server_name, server);
+
     if ((svr->trans_conn = _FSConnectServer(server)) == NULL) {
-	FSfree((char *) svr);
-	return (FSServer *) NULL;
+	goto fail;
     }
 
     svr->fd = _FSTransGetConnectionNumber (svr->trans_conn);
@@ -154,29 +160,21 @@ FSOpenServer(char *server)
     if (setuplength > (SIZE_MAX>>2)
 	|| (alt_data = (char *)
 	 (setup = FSmalloc((unsigned) setuplength))) == NULL) {
-	errno = ENOMEM;
-	FSfree((char *) svr);
-	return (FSServer *) NULL;
+	goto fail;
     }
     _FSRead(svr, (char *) alt_data, setuplength);
     ad = alt_data;
 
 #if SIZE_MAX <= UINT_MAX
     if (prefix.num_alternates > SIZE_MAX / sizeof(AlternateServer)) {
-	errno = ENOMEM;
-	FSfree((char *) alt_data);
-	FSfree((char *) svr);
-	return (FSServer *) 0;
+	goto fail;
     }
 #endif
 
     alts = (AlternateServer *)
 	FSmalloc(sizeof(AlternateServer) * prefix.num_alternates);
     if (!alts) {
-	errno = ENOMEM;
-	FSfree((char *) alt_data);
-	FSfree((char *) svr);
-	return (FSServer *) 0;
+	goto fail;
     }
     for (i = 0; i < prefix.num_alternates; i++) {
 	alts[i].subset = (Bool) *ad++;
@@ -186,17 +184,14 @@ FSOpenServer(char *server)
 	    while (--i) {
 		FSfree((char *) alts[i].name);
 	    }
-	    FSfree((char *) alts);
-	    FSfree((char *) alt_data);
-	    FSfree((char *) svr);
-	    errno = ENOMEM;
-	    return (FSServer *) 0;
+	    goto fail;
 	}
 	memmove(alts[i].name, ad, altlen);
 	alts[i].name[altlen] = '\0';
 	ad += altlen + ((4 - (altlen + 2)) & 3);
     }
     FSfree((char *) alt_data);
+    alt_data = NULL;
 
     svr->alternate_servers = alts;
     svr->num_alternates = prefix.num_alternates;
@@ -205,31 +200,21 @@ FSOpenServer(char *server)
     if (setuplength > (SIZE_MAX>>2) 
 	|| (auth_data = (char *)
 	 (setup = FSmalloc((unsigned) setuplength))) == NULL) {
-	errno = ENOMEM;
-	FSfree((char *) alts);
-	FSfree((char *) svr);
-	return (FSServer *) NULL;
+	goto fail;
     }
     _FSRead(svr, (char *) auth_data, setuplength);
 
     if (prefix.status != AuthSuccess) {
 	fprintf(stderr, "%s: connection to \"%s\" refused by server\r\n%s: ",
 		"FSlib", server, "FSlib");
-	FSfree((char *) alts);
-	FSfree((char *) svr);
-	FSfree(setup);
-	return (FSServer *) NULL;
+	goto fail;
     }
     /* get rest */
     _FSRead(svr, (char *) &conn, (long) SIZEOF(fsConnSetupAccept));
 
     if ((vendor_string = (char *)
 	 FSmalloc((unsigned) conn.vendor_len + 1)) == NULL) {
-	errno = ENOMEM;
-	FSfree((char *) auth_data);
-	FSfree((char *) alts);
-	FSfree((char *) svr);
-	return (FSServer *) NULL;
+	goto fail;
     }
     _FSReadPad(svr, (char *) vendor_string, conn.vendor_len);
 
@@ -257,17 +242,9 @@ FSOpenServer(char *server)
     svr->last_request_read = 0;
     svr->last_req = (char *) &_dummy_request;
 
-    if ((svr->server_name = FSmalloc((unsigned) (strlen(server) + 1)))
-	    == NULL) {
-	OutOfMemory(svr, setup);
-	return (FSServer *) NULL;
-    }
-    (void) strcpy(svr->server_name, server);
-
     /* setup the output buffers */
     if ((svr->bufptr = svr->buffer = FSmalloc(BUFSIZE)) == NULL) {
-	OutOfMemory(svr, setup);
-	return (FSServer *) NULL;
+	goto fail;
     }
     svr->bufmax = svr->buffer + BUFSIZE;
 
@@ -276,6 +253,7 @@ FSOpenServer(char *server)
     svr->qlen = 0;
 
     FSfree(setup);
+    setup = NULL;
 
     (void) FSSynchronize(svr, _FSdebug);
 
@@ -283,4 +261,12 @@ FSOpenServer(char *server)
     _FSHeadOfServerList = svr;
 
     return (svr);
+
+  fail: /* Failure: clean up and return null */
+    FSfree((char *) alts);
+    FSfree((char *) alt_data);
+    FSfree((char *) auth_data);
+    OutOfMemory(svr, setup);
+    return (FSServer *) NULL;
+
 }
diff --git a/src/FSlibInt.c b/src/FSlibInt.c
index f947104..3d0675e 100644
--- a/src/FSlibInt.c
+++ b/src/FSlibInt.c
@@ -961,7 +961,7 @@ _FSDefaultIOError(FSServer *svr)
 
 		   errno, _SysErrorMsg(errno),
 #endif
-		   FSServerString(svr));
+		   FSServerString(svr) ? FSServerString(svr) : "");
     (void) fprintf(stderr,
 		   "      after %lu requests (%lu known processed) with %d events remaining.\r\n",
 		   FSNextRequest(svr) - 1, FSLastKnownRequestProcessed(svr),
-- 
cgit v1.2.3