diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-03-16 05:42:45 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-03-16 05:42:45 +0000 |
commit | 32e048b4f3b2f936cfdb8c4b89f8bba75f92cd89 (patch) | |
tree | 70d2ce80225e4c628195545105ebc5edaebef7ac | |
parent | 1def7f23104bd9160fc8373c2e5513ec9192e48f (diff) | |
parent | 1ff33c12aa1a8dc96f3e35cf690b0cafff00c151 (diff) | |
download | gnutls-32e048b4f3b2f936cfdb8c4b89f8bba75f92cd89.tar.gz |
Merge branch 'wip/dueno/coverity' into 'master'
Fix resource leaks spotted by coverity
See merge request gnutls/gnutls!1403
-rw-r--r-- | doc/examples/ex-verify.c | 7 | ||||
-rw-r--r-- | doc/examples/tlsproxy/tlsproxy.c | 8 | ||||
-rw-r--r-- | src/socket.c | 9 | ||||
-rw-r--r-- | src/srptool.c | 4 | ||||
-rw-r--r-- | src/tests.c | 15 |
5 files changed, 36 insertions, 7 deletions
diff --git a/doc/examples/ex-verify.c b/doc/examples/ex-verify.c index 623198793b..a4f6ebec9e 100644 --- a/doc/examples/ex-verify.c +++ b/doc/examples/ex-verify.c @@ -54,7 +54,7 @@ verify_certificate_chain(const char *hostname, CHECK(gnutls_x509_trust_list_add_crls(tlist, crl_list, crl_list_size, GNUTLS_TL_VERIFY_CRL, 0)); - cert = malloc(sizeof(*cert) * cert_chain_length); + cert = gnutls_calloc(cert_chain_length, sizeof(*cert)); assert(cert != NULL); /* Import all the certificates in the chain to @@ -104,6 +104,11 @@ verify_certificate_chain(const char *hostname, hostname); } + for (i = 0; i < cert_chain_length; i++) { + gnutls_x509_crt_deinit(cert[i]); + } + gnutls_free(cert); + gnutls_x509_trust_list_deinit(tlist, 1); return; diff --git a/doc/examples/tlsproxy/tlsproxy.c b/doc/examples/tlsproxy/tlsproxy.c index 9404d875ef..2607eae049 100644 --- a/doc/examples/tlsproxy/tlsproxy.c +++ b/doc/examples/tlsproxy/tlsproxy.c @@ -109,6 +109,7 @@ bindtoaddress (char *addrport) if (!rp) { fprintf (stderr, "Error binding to %s:%s: %m\n", addr, port); + freeaddrinfo (result); return -1; } @@ -172,6 +173,7 @@ connecttoaddress (char *addrport) if (!rp) { fprintf (stderr, "Error connecting to %s:%s: %m\n", addr, port); + freeaddrinfo (result); return -1; } @@ -341,26 +343,32 @@ processoptions (int argc, char **argv) break; case 'c': + free (connectaddr); connectaddr = strdup (optarg); break; case 'l': + free (listenaddr); listenaddr = strdup (optarg); break; case 'K': + free (keyfile); keyfile = strdup (optarg); break; case 'C': + free (certfile); certfile = strdup (optarg); break; case 'A': + free (cacertfile); cacertfile = strdup (optarg); break; case 'H': + free (hostname); hostname = strdup (optarg); break; diff --git a/src/socket.c b/src/socket.c index 9ba784fa3a..39f18dbe18 100644 --- a/src/socket.c +++ b/src/socket.c @@ -519,6 +519,7 @@ socket_open2(socket_st * hd, const char *hostname, const char *service, NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { fprintf(stderr, "getnameinfo(): %s\n", gai_strerror(err)); + close(sd); continue; } @@ -550,8 +551,10 @@ socket_open2(socket_st * hd, const char *hostname, const char *service, if (msg) log_msg(stdout, "%s '%s:%s'...\n", msg, buffer, portname); - if ((err = connect(sd, ptr->ai_addr, ptr->ai_addrlen)) < 0) + if ((err = connect(sd, ptr->ai_addr, ptr->ai_addrlen)) < 0) { + close(sd); continue; + } } hd->fd = sd; @@ -565,6 +568,7 @@ socket_open2(socket_st * hd, const char *hostname, const char *service, hd->session = init_tls_session(hostname); if (hd->session == NULL) { fprintf(stderr, "error initializing session\n"); + close(sd); exit(1); } } @@ -574,6 +578,7 @@ socket_open2(socket_st * hd, const char *hostname, const char *service, ret = gnutls_record_send_early_data(hd->session, hd->edata.data, hd->edata.size); if (ret < 0) { fprintf(stderr, "error sending early data\n"); + close(sd); exit(1); } } @@ -598,11 +603,13 @@ socket_open2(socket_st * hd, const char *hostname, const char *service, if (err == GNUTLS_E_PUSH_ERROR) { /* failed connecting */ gnutls_deinit(hd->session); hd->session = NULL; + close(sd); continue; } else if (err < 0) { if (!(flags & SOCKET_FLAG_DONT_PRINT_ERRORS)) fprintf(stderr, "*** handshake has failed: %s\n", gnutls_strerror(err)); + close(sd); exit(1); } } diff --git a/src/srptool.c b/src/srptool.c index a9715e6a37..9326ac4dad 100644 --- a/src/srptool.c +++ b/src/srptool.c @@ -310,14 +310,14 @@ verify_passwd(const char *conffile, const char *tpasswd, } while (p != NULL && atoi(p) != iindex); + fclose(fp); + if (p == NULL) { fprintf(stderr, "Cannot find entry in %s\n", conffile); return -1; } line[sizeof(line) - 1] = 0; - fclose(fp); - if (read_conf_values(&g, &n, line) < 0) { fprintf(stderr, "Cannot parse conf file '%s'\n", conffile); return -1; diff --git a/src/tests.c b/src/tests.c index 067531bd8e..7d1530b14c 100644 --- a/src/tests.c +++ b/src/tests.c @@ -587,17 +587,26 @@ test_code_t test_dhe_group(gnutls_session_t session) gnutls_datum_t p3; ret2 = gnutls_dh_params_init(&dhp); - if (ret2 < 0) + if (ret2 < 0) { + fclose(fp); return TEST_FAILED; + } ret2 = gnutls_dh_params_import_raw(dhp, &prime, &gen); - if (ret2 < 0) + if (ret2 < 0) { + gnutls_dh_params_deinit(dhp); + fclose(fp); return TEST_FAILED; + } ret2 = gnutls_dh_params_export2_pkcs3(dhp, GNUTLS_X509_FMT_PEM, &p3); - if (ret2 < 0) + if (ret2 < 0) { + gnutls_dh_params_deinit(dhp); + fclose(fp); return TEST_FAILED; + } + gnutls_dh_params_deinit(dhp); fprintf(fp, "\n%s\n", p3.data); gnutls_free(p3.data); } |