kylefang/react-native
1
0
Fork 0
mirror of https://github.com/zhigang1992/react-native.git synced 2026-04-24 04:16:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Check return code from malloc (#20173)

Browse Source 
Summary:
Calls abort() in cases where malloc returns NULL.

Checking the return value from malloc is good practice and is
required to pass a [Veracode security scan](https://www.veracode.com/). This will let
developers who are required to submit their software to Veracode
use React Native.
Pull Request resolved: https://github.com/facebook/react-native/pull/20173

Differential Revision: D9235096

Pulled By: hramos

fbshipit-source-id: 9fdc97f9e84f8d4d91ae59242093907f7a81d286
This commit is contained in:
Steven Cable
2018-08-08 18:24:47 -07:00
committed by Facebook Github Bot
parent 03663491c6
commit b21d4914de
5 changed files with 40 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Libraries/Network/RCTNetworking.mm
View File

@@ -50,6 +50,12 @@ static NSString *RCTGenerateFormBoundary()
const char *boundaryChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.";
char *bytes = (char*)malloc(boundaryLength);
if (!bytes) {
// CWE - 391 : Unchecked error condition
// https://www.cvedetails.com/cwe-details/391/Unchecked-Error-Condition.html
// https://eli.thegreenplace.net/2009/10/30/handling-out-of-memory-conditions-in-c
abort();
}
size_t charCount = strlen(boundaryChars);
for (int i = 0; i < boundaryLength; i++) {
bytes[i] = boundaryChars[arc4random_uniform((u_int32_t)charCount)];