common: Add NULL checks for xrealloc in make_string cli_hush.c

- Check return value of xrealloc for NULL.
- Free allocated memory and return NULL if xrealloc fails.
- Prevent NULL pointer dereference in strlen and strcat.

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>

diff --git a/common/cli_hush.c b/common/cli_hush.c
index a6a8edc..9f437ae 100644 (file)
--- a/common/cli_hush.c
+++ b/common/cli_hush.c
@@ -3626,7 +3626,13 @@ static char *make_string(char **inp, int *nonnull)
                noeval = 1;
        for (n = 0; inp[n]; n++) {
                p = insert_var_value_sub(inp[n], noeval);
-               str = xrealloc(str, (len + strlen(p) + (2 * nonnull[n])));
+               char *new_str = xrealloc(str, (len + strlen(p) + (2 * nonnull[n])));
+               if (!new_str) {
+                       free(str);
+                       if (p != inp[n]) free(p);
+                       return NULL;
+               }
+               str = new_str;
                if (n) {
                        strcat(str, " ");
                } else {