From cee5f67f2b0c875d69edb3ecc3cea100453cfd41 Mon Sep 17 00:00:00 2001
From: Bastian Dehn <hhaalo@arcor.de>
Date: Sat, 11 Oct 2025 12:36:43 +0200
Subject: [PATCH] fix allocation issues in client

---
 src/kds_s2000w_client.c | 100 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 99 insertions(+), 1 deletion(-)

diff --git a/src/kds_s2000w_client.c b/src/kds_s2000w_client.c
index 605807c..3440145 100644
--- a/src/kds_s2000w_client.c
+++ b/src/kds_s2000w_client.c
@@ -40,8 +40,10 @@ char* _kds_s2000w_client_strdup(const char* str)
 {
 	size_t length = strlen(str) + 1;
 	char* new_str = malloc(sizeof(char) * length);
-	new_str = strncpy(new_str, str, length);
+	if (new_str == NULL)
+		return NULL;
 
+	new_str = strncpy(new_str, str, length);
 	return new_str;
 }
 
@@ -128,6 +130,9 @@ void kds_s2000w_client_init(const char* scanner_url, const char* username, bool
 	curl_global_init(CURL_GLOBAL_ALL);
 	curl = curl_easy_init();
 	errbuf = malloc(CURL_ERROR_SIZE);
+	if (errbuf == NULL)
+		return;
+
 	memset(errbuf, 0, CURL_ERROR_SIZE);
 }
 
@@ -151,6 +156,9 @@ response* kds_s2000w_client_response_init()
 	kds_s2000w_debug_printf(ALL, "kds_s2000w_client_response_init");
 
 	response* resp = malloc(sizeof(response));
+	if (resp == NULL)
+		return NULL;
+
 	resp->data = NULL;
 	resp->size = 0;
 	resp->code = 0L;
@@ -190,6 +198,16 @@ uint8_t kds_s2000w_client_open_session(response* resp)
 	curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
 
 	char* body = malloc(sizeof(char) * MAX_STR_BUFFER_LENGTH);
+	if (body == NULL) {
+		curl_url_cleanup(url_handler);
+		url_handler = NULL;
+		curl_slist_free_all(headers);
+		headers = NULL;
+		curl_free(url);
+		url = NULL;
+		return 1;
+	}
+
 	memset(body, 0, MAX_STR_BUFFER_LENGTH);
 	sprintf(body, "{\"OCPUserName\": \"%s\"}", client_config.username);
 	curl_easy_setopt(curl, CURLOPT_POST, 1L);
@@ -234,6 +252,14 @@ void kds_s2000w_client_close_session(int64_t sessionid)
 
 	struct curl_slist* headers = NULL;
 	char* header_str = malloc(sizeof(char) * MAX_STR_BUFFER_LENGTH);
+	if (header_str == NULL) {
+		curl_url_cleanup(url_handler);
+		url_handler = NULL;
+		curl_free(url);
+		url = NULL;
+		return;
+	}
+
 	memset(header_str, 0, MAX_STR_BUFFER_LENGTH);
 	sprintf(header_str, "SessionId: %li", sessionid);
 	headers = curl_slist_append(headers, header_str);
@@ -321,6 +347,14 @@ uint8_t kds_s2000w_client_status_session(int64_t sessionid, response* resp)
 
 	struct curl_slist* headers = NULL;
 	char* header_str = malloc(sizeof(char) * MAX_STR_BUFFER_LENGTH);
+	if (header_str == NULL) {
+		curl_url_cleanup(url_handler);
+		url_handler = NULL;
+		curl_free(url);
+		url = NULL;
+		return 1;
+	}
+
 	memset(header_str, 0, MAX_STR_BUFFER_LENGTH);
 	sprintf(header_str, "SessionId: %li", sessionid);
 	headers = curl_slist_append(headers, header_str);
@@ -369,6 +403,14 @@ uint8_t kds_s2000w_client_start_scan(int64_t sessionid)
 
 	struct curl_slist* headers = NULL;
 	char* header_str = malloc(sizeof(char) * MAX_STR_BUFFER_LENGTH);
+	if (header_str == NULL) {
+		curl_url_cleanup(url_handler);
+		url_handler = NULL;
+		curl_free(url);
+		url = NULL;
+		return 1;
+	}
+
 	memset(header_str, 0, MAX_STR_BUFFER_LENGTH);
 	sprintf(header_str, "SessionId: %li", sessionid);
 	headers = curl_slist_append(headers, header_str);
@@ -414,6 +456,14 @@ uint8_t kds_s2000w_client_stop_scan(int64_t sessionid)
 
 	struct curl_slist* headers = NULL;
 	char* header_str = malloc(sizeof(char) * MAX_STR_BUFFER_LENGTH);
+	if (header_str == NULL) {
+		curl_url_cleanup(url_handler);
+		url_handler = NULL;
+		curl_free(url);
+		url = NULL;
+		return 1;
+	}
+
 	memset(header_str, 0, MAX_STR_BUFFER_LENGTH);
 	sprintf(header_str, "SessionId: %li", sessionid);
 	headers = curl_slist_append(headers, header_str);
@@ -453,6 +503,12 @@ uint8_t kds_s2000w_client_get_image(int64_t sessionid, uint8_t img_number, respo
 	char* url = NULL;
 	CURLU* url_handler = curl_url();
 	char* url_path = malloc(sizeof(char) * MAX_STR_BUFFER_LENGTH);
+	if (url_path == NULL) {
+		curl_url_cleanup(url_handler);
+		url_handler = NULL;
+		return 1;
+	}
+
 	memset(url_path, 0, MAX_STR_BUFFER_LENGTH);
 	sprintf(url_path, "%s/%i", IMAGE_PATH, img_number);
 	curl_url_set(url_handler, CURLUPART_URL, client_config.scanner_url, 0);
@@ -462,6 +518,16 @@ uint8_t kds_s2000w_client_get_image(int64_t sessionid, uint8_t img_number, respo
 
 	struct curl_slist* headers = NULL;
 	char* header_str = malloc(sizeof(char) * MAX_STR_BUFFER_LENGTH);
+	if (header_str == NULL) {
+		curl_url_cleanup(url_handler);
+		url_handler = NULL;
+		free(url_path);
+		url_path = NULL;
+		curl_free(url);
+		url = NULL;
+		return 1;
+	}
+
 	memset(header_str, 0, MAX_STR_BUFFER_LENGTH);
 	sprintf(header_str, "SessionId: %li", sessionid);
 	headers = curl_slist_append(headers, header_str);
@@ -505,6 +571,12 @@ uint8_t kds_s2000w_client_delete_image(int64_t sessionid, uint8_t img_number)
 	char* url = NULL;
 	CURLU* url_handler = curl_url();
 	char* url_path = malloc(sizeof(char) * MAX_STR_BUFFER_LENGTH);
+	if (url_path == NULL) {
+		curl_url_cleanup(url_handler);
+		url_handler = NULL;
+		return 1;
+	}
+
 	memset(url_path, 0, MAX_STR_BUFFER_LENGTH);
 	sprintf(url_path, "%s/%i", IMAGE_PATH, img_number);
 	curl_url_set(url_handler, CURLUPART_URL, client_config.scanner_url, 0);
@@ -514,6 +586,16 @@ uint8_t kds_s2000w_client_delete_image(int64_t sessionid, uint8_t img_number)
 
 	struct curl_slist* headers = NULL;
 	char* header_str = malloc(sizeof(char) * MAX_STR_BUFFER_LENGTH);
+	if (header_str == NULL) {
+		curl_url_cleanup(url_handler);
+		url_handler = NULL;
+		free(url_path);
+		url_path = NULL;
+		curl_free(url);
+		url = NULL;
+		return 1;
+	}
+
 	memset(header_str, 0, MAX_STR_BUFFER_LENGTH);
 	sprintf(header_str, "SessionId: %li", sessionid);
 	headers = curl_slist_append(headers, header_str);
@@ -560,6 +642,14 @@ uint8_t kds_s2000w_client_get_option(int64_t sessionid, response* resp)
 
 	struct curl_slist* headers = NULL;
 	char* header_str = malloc(sizeof(char) * MAX_STR_BUFFER_LENGTH);
+	if (header_str == NULL) {
+		curl_url_cleanup(url_handler);
+		url_handler = NULL;
+		curl_free(url);
+		url = NULL;
+		return 1;
+	}
+
 	memset(header_str, 0, MAX_STR_BUFFER_LENGTH);
 	sprintf(header_str, "SessionId: %li", sessionid);
 	headers = curl_slist_append(headers, header_str);
@@ -608,6 +698,14 @@ uint8_t kds_s2000w_client_set_option(int64_t sessionid, response* resp)
 
 	struct curl_slist* headers = NULL;
 	char* header_str = malloc(sizeof(char) * MAX_STR_BUFFER_LENGTH);
+	if (header_str == NULL) {
+		curl_url_cleanup(url_handler);
+		url_handler = NULL;
+		curl_free(url);
+		url = NULL;
+		return 1;
+	}
+
 	memset(header_str, 0, MAX_STR_BUFFER_LENGTH);
 	sprintf(header_str, "SessionId: %li", sessionid);
 	headers = curl_slist_append(headers, header_str);
-- 
2.47.3