From a445b6ff37ba9df63d0db46ed1a69238ddd32d1a Mon Sep 17 00:00:00 2001
From: Mark Riddoch <mriddoch@ks211278.kimsufi.com>
Date: Thu, 29 Aug 2013 13:34:21 +0200
Subject: [PATCH] Fixes for NULL test for function returns such as malloc() -
 as reported by Coverity

---
 server/core/config.c                    |  3 ++-
 server/core/gwbitmask.c                 | 22 +++++++++++++++++-----
 server/modules/protocol/mysql_backend.c |  3 ++-
 server/modules/protocol/telnetd.c       | 13 +++++++++++--
 4 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/server/core/config.c b/server/core/config.c
index 763137754..ace808efb 100644
--- a/server/core/config.c
+++ b/server/core/config.c
@@ -410,7 +410,8 @@ SERVER			*server;
 				{
 					char *user = config_get_value(obj->parameters, "user");
 					char *auth = config_get_value(obj->parameters, "auth");
-					service_update(service, router, user, auth);
+					if (user && auth)
+						service_update(service, router, user, auth);
 					obj->element = service;
 				}
 				else
diff --git a/server/core/gwbitmask.c b/server/core/gwbitmask.c
index c67cd28c6..b10cb2fb1 100644
--- a/server/core/gwbitmask.c
+++ b/server/core/gwbitmask.c
@@ -48,8 +48,14 @@ void
 bitmask_init(GWBITMASK *bitmask)
 {
 	bitmask->length = BIT_LENGTH_INITIAL;
-	bitmask->bits = malloc(bitmask->length / 8);
-	memset(bitmask->bits, 0, bitmask->length / 8);
+	if ((bitmask->bits = malloc(bitmask->length / 8)) == NULL)
+	{
+		bitmask->length = 0;
+	}
+	else
+	{
+		memset(bitmask->bits, 0, bitmask->length / 8);
+	}
 	spinlock_init(&bitmask->lock);
 }
 
@@ -196,9 +202,15 @@ bitmask_copy(GWBITMASK *dest, GWBITMASK *src)
 	spinlock_acquire(&dest->lock);
 	if (dest->length)
 		free(dest->bits);
-	dest->bits = malloc(src->length / 8);
-	dest->length = src->length;
-	memcpy(dest->bits, src->bits, src->length / 8);
+	if ((dest->bits = malloc(src->length / 8)) == NULL)
+	{
+		dest->length = 0;
+	}
+	else
+	{
+		dest->length = src->length;
+		memcpy(dest->bits, src->bits, src->length / 8);
+	}
 	spinlock_release(&dest->lock);
 	spinlock_release(&src->lock);
 }
diff --git a/server/modules/protocol/mysql_backend.c b/server/modules/protocol/mysql_backend.c
index 54cbbfbf7..01a4dcf36 100644
--- a/server/modules/protocol/mysql_backend.c
+++ b/server/modules/protocol/mysql_backend.c
@@ -564,7 +564,8 @@ static int gw_change_user(DCB *backend, SERVER *server, SESSION *in_session, GWB
 
         // allocate memory for token only if auth_token_len > 0
         if (auth_token_len) {
-                auth_token = (uint8_t *)malloc(auth_token_len);
+                if ((auth_token = (uint8_t *)malloc(auth_token_len)) == NULL)
+			return rv;
                 memcpy(auth_token, client_auth_packet, auth_token_len);
 		client_auth_packet += auth_token_len;
         }
diff --git a/server/modules/protocol/telnetd.c b/server/modules/protocol/telnetd.c
index a646a21d1..53e666e09 100644
--- a/server/modules/protocol/telnetd.c
+++ b/server/modules/protocol/telnetd.c
@@ -257,6 +257,7 @@ telnetd_hangup(DCB *dcb)
  * socket for the protocol.
  *
  * @param dcb	The descriptor control block
+ * @return The number of new connections created
  */
 static int
 telnetd_accept(DCB *dcb)
@@ -275,17 +276,25 @@ int	n_connect = 0;
 		else
 		{
 			atomic_add(&dcb->stats.n_accepts, 1);
-			client = dcb_alloc();
+			if ((client = dcb_alloc()) == NULL)
+			{
+				return n_connect;
+			}
 			client->fd = so;
 			client->remote = strdup(inet_ntoa(addr.sin_addr));
 			memcpy(&client->func, &MyObject, sizeof(GWPROTOCOL));
 			client->session = session_alloc(dcb->session->service, client);
 
 			client->state = DCB_STATE_IDLE;
-			client->protocol = malloc(sizeof(TELNETD));
+			if ((client->protocol = malloc(sizeof(TELNETD))) == NULL)
+			{
+				dcb_free(client);
+				return n_connect;
+			}
 
 			if (poll_add_dcb(client) == -1)
 			{
+				dcb_free(client);
 				return n_connect;
 			}
 			n_connect++;