summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@crystal.(none)>2008-09-23 20:24:10 +0300
committerNikos Mavrogiannopoulos <nmav@crystal.(none)>2008-09-23 20:24:10 +0300
commitbb3bc56370e3b291219695bec5d4e1cbfc3241be (patch)
tree79c3cdfcaea140e291e2e9d0936a2dae608a713e
parent2799333ff7aed352622419180bba878b33dede19 (diff)
downloadgnutls-bb3bc56370e3b291219695bec5d4e1cbfc3241be.tar.gz
Corrected several memory leaks reported by Sam. In some cases switched
to C99 to avoid having complex code.
Diffstat
-rw-r--r--lib/auth_cert.c5
-rw-r--r--lib/gnutls_constate.c110
-rw-r--r--lib/gnutls_mpi.c10
-rw-r--r--lib/pk-libgcrypt.c9
-rw-r--r--lib/x509/common.c18
-rw-r--r--lib/x509/dn.c23
6 files changed, 76 insertions, 99 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 37e2d53ab7..b964c459df 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -71,6 +71,11 @@ _gnutls_copy_certificate_auth_info (cert_auth_info_t info,
*/
int ret, i, j;
+ if (info->raw_certificate_list != NULL)
+ {
+ gnutls_free( info->raw_certificate_list);
+ }
+
if (ncerts == 0)
{
info->raw_certificate_list = NULL;
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 12e1719880..946e59ad8a 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -58,10 +58,6 @@ static int
_gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
int key_size, int export_flag)
{
-
-/* FIXME: This function is too long
- */
- opaque *key_block;
opaque rnd[2 * GNUTLS_RANDOM_SIZE];
opaque rrnd[2 * GNUTLS_RANDOM_SIZE];
int pos, ret;
@@ -81,12 +77,8 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (export_flag == 0)
block_size += 2 * IV_size;
- key_block = gnutls_secure_malloc (block_size);
- if (key_block == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ /* avoid using malloc */
+ opaque key_block[block_size];
memcpy (rnd, session->security_parameters.server_random,
GNUTLS_RANDOM_SIZE);
@@ -116,7 +108,6 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (key_block);
return ret;
}
@@ -127,11 +118,18 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
pos = 0;
if (hash_size > 0)
{
+
+ if (session->cipher_specs.client_write_mac_secret.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.client_write_mac_secret);
+
+ if (session->cipher_specs.server_write_mac_secret.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.server_write_mac_secret);
+
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_mac_secret,
&key_block[pos], hash_size) < 0)
{
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
pos += hash_size;
@@ -140,7 +138,7 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
(&session->cipher_specs.server_write_mac_secret,
&key_block[pos], hash_size) < 0)
{
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
pos += hash_size;
@@ -148,9 +146,10 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (key_size > 0)
{
+ opaque key1[EXPORT_FINAL_KEY_SIZE];
+ opaque key2[EXPORT_FINAL_KEY_SIZE];
opaque *client_write_key, *server_write_key;
int client_write_key_size, server_write_key_size;
- int free_keys = 0;
if (export_flag == 0)
{
@@ -167,24 +166,8 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
}
else
{ /* export */
- free_keys = 1;
-
- client_write_key = gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE);
- if (client_write_key == NULL)
- {
- gnutls_assert ();
- gnutls_free (key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- server_write_key = gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE);
- if (server_write_key == NULL)
- {
- gnutls_assert ();
- gnutls_free (key_block);
- gnutls_free (client_write_key);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ client_write_key = key1;
+ server_write_key = key2;
/* generate the final keys */
@@ -211,9 +194,6 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (key_block);
- gnutls_free (server_write_key);
- gnutls_free (client_write_key);
return ret;
}
@@ -240,9 +220,6 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (key_block);
- gnutls_free (server_write_key);
- gnutls_free (client_write_key);
return ret;
}
@@ -250,13 +227,14 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
pos += key_size;
}
+ if (session->cipher_specs.client_write_key.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.client_write_key);
+
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_key,
client_write_key, client_write_key_size) < 0)
{
- gnutls_free (key_block);
- gnutls_free (server_write_key);
- gnutls_free (client_write_key);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
_gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
@@ -265,13 +243,14 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
client_write_key_size, buf,
sizeof (buf)));
+ if (session->cipher_specs.server_write_key.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.server_write_key);
+
if (_gnutls_sset_datum
(&session->cipher_specs.server_write_key,
server_write_key, server_write_key_size) < 0)
{
- gnutls_free (key_block);
- gnutls_free (server_write_key);
- gnutls_free (client_write_key);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
@@ -281,11 +260,6 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
server_write_key_size, buf,
sizeof (buf)));
- if (free_keys != 0)
- {
- gnutls_free (server_write_key);
- gnutls_free (client_write_key);
- }
}
@@ -293,20 +267,26 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
*/
if (IV_size > 0 && export_flag == 0)
{
+ if (session->cipher_specs.client_write_IV.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.client_write_IV);
+
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_IV, &key_block[pos],
IV_size) < 0)
{
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
pos += IV_size;
+ if (session->cipher_specs.server_write_IV.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.server_write_IV);
+
if (_gnutls_sset_datum
(&session->cipher_specs.server_write_IV, &key_block[pos],
IV_size) < 0)
{
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
pos += IV_size;
@@ -314,13 +294,7 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
}
else if (IV_size > 0 && export_flag != 0)
{
- opaque *iv_block = gnutls_malloc (IV_size * 2);
- if (iv_block == NULL)
- {
- gnutls_assert ();
- gnutls_free (key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ opaque iv_block[IV_size * 2];
if (session->security_parameters.version == GNUTLS_SSL3)
{ /* SSL 3 */
@@ -331,8 +305,6 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (key_block);
- gnutls_free (iv_block);
return ret;
}
@@ -351,33 +323,31 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (iv_block);
- gnutls_free (key_block);
return ret;
}
+ if (session->cipher_specs.client_write_IV.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.client_write_IV);
+
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_IV, iv_block, IV_size) < 0)
{
- gnutls_free (iv_block);
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
+ if (session->cipher_specs.server_write_IV.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.server_write_IV);
+
if (_gnutls_sset_datum
(&session->cipher_specs.server_write_IV,
&iv_block[IV_size], IV_size) < 0)
{
- gnutls_free (iv_block);
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
-
- gnutls_free (iv_block);
}
- gnutls_free (key_block);
-
session->cipher_specs.generated_keys = 1;
return 0;
diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c
index d31437856b..90763e1679 100644
--- a/lib/gnutls_mpi.c
+++ b/lib/gnutls_mpi.c
@@ -43,17 +43,10 @@ bigint_t
_gnutls_mpi_randomize (bigint_t r, unsigned int bits,
gnutls_rnd_level_t level)
{
- opaque *buf = NULL;
int size = 1 + (bits / 8), ret;
int rem, i;
bigint_t tmp;
-
- buf = gnutls_malloc (size);
- if (buf == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
+ opaque buf[size];
ret = _gnutls_rnd (level, buf, size);
if (ret < 0)
@@ -92,7 +85,6 @@ _gnutls_mpi_randomize (bigint_t r, unsigned int bits,
return tmp;
cleanup:
- gnutls_free (buf);
return NULL;
}
diff --git a/lib/pk-libgcrypt.c b/lib/pk-libgcrypt.c
index ce1dd70bb8..ac0c0f9f75 100644
--- a/lib/pk-libgcrypt.c
+++ b/lib/pk-libgcrypt.c
@@ -330,6 +330,8 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
rc = gcry_pk_sign (&s_sig, s_hash, s_key);
gcry_sexp_release (s_hash);
gcry_sexp_release (s_key);
+ s_hash = NULL;
+ s_key = NULL;
if (rc != 0)
{
@@ -352,6 +354,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
res[0] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
+ list = NULL;
list = gcry_sexp_find_token (s_sig, "s", 0);
if (list == NULL)
@@ -363,6 +366,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
res[1] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
+ list = NULL;
ret = _gnutls_encode_ber_rs (signature, res[0], res[1]);
@@ -379,6 +383,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
res[0] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
+ list = NULL;
ret = _gnutls_mpi_dprint (res[0], signature);
}
@@ -389,9 +394,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
goto cleanup;
}
- gcry_sexp_release (s_sig);
-
- return 0;
+ ret = 0;
cleanup:
_gnutls_mpi_release (&hash);
diff --git a/lib/x509/common.c b/lib/x509/common.c
index b399e7244a..9396b70e13 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1064,22 +1064,22 @@ _gnutls_x509_write_value (ASN1_TYPE c, const char *root,
int result;
int asize;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- gnutls_datum_t val;
+ gnutls_datum_t val = { NULL, 0 };
asize = data->size + 16;
- val.data = gnutls_malloc (asize);
- if (val.data == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
if (str)
{
/* Convert it to OCTET STRING
*/
+ val.data = gnutls_malloc (asize);
+ if (val.data == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
if ((result = asn1_create_element
(_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS)
{
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index b4e179b68b..911f7e6590 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -697,8 +697,8 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid,
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
+ result = _gnutls_asn2err (result);
+ goto error;
}
_gnutls_str_cpy (tmp, sizeof (tmp), string_type);
@@ -708,8 +708,8 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid,
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
+ result = _gnutls_asn2err (result);
+ goto error;
}
@@ -727,7 +727,8 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid,
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
- return _gnutls_asn2err (result);
+ result = _gnutls_asn2err (result);
+ goto error;
}
_gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
@@ -738,7 +739,8 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid,
if (result < 0)
{
gnutls_assert ();
- return result;
+ result = _gnutls_asn2err (result);
+ goto error;
}
/* write the type
@@ -750,10 +752,15 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid,
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
- return _gnutls_asn2err (result);
+ result = _gnutls_asn2err (result);
+ goto error;
}
- return 0;
+ result = 0;
+
+error:
+ asn1_delete_structure (&c2);
+ return result;
}
/* This will write the AttributeTypeAndValue field. The data must be already DER encoded.
View Lorry Controller Status