From 5c078e17b966722b473951d1e4dd99d782a91990 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 14 Feb 2015 13:56:39 +0000 Subject: [PATCH] Fix memory leak on bad arguments in ssl_server2 Not a big deal, but was annoying in coverity results. --- programs/ssl/ssl_server2.c | 146 +++++++++++++++++++++---------------- 1 file changed, 82 insertions(+), 64 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index bf90c10bb..d1b76ac46 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -386,7 +386,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len ) dst = p; \ while( *p != ',' ) \ if( ++p > end ) \ - return( NULL ); \ + goto error; \ *p++ = '\0'; #if defined(POLARSSL_SNI) @@ -399,53 +399,6 @@ struct _sni_entry { sni_entry *next; }; -/* - * Parse a string of triplets name1,crt1,key1[,name2,crt2,key2[,...]] - * into a usable sni_entry list. - * - * Modifies the input string! This is not production quality! - * (leaks memory if parsing fails, no error reporting, ...) - */ -sni_entry *sni_parse( char *sni_string ) -{ - sni_entry *cur = NULL, *new = NULL; - char *p = sni_string; - char *end = p; - char *crt_file, *key_file; - - while( *end != '\0' ) - ++end; - *end = ','; - - while( p <= end ) - { - if( ( new = polarssl_malloc( sizeof( sni_entry ) ) ) == NULL ) - return( NULL ); - - memset( new, 0, sizeof( sni_entry ) ); - - if( ( new->cert = polarssl_malloc( sizeof( x509_crt ) ) ) == NULL || - ( new->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL ) - return( NULL ); - - x509_crt_init( new->cert ); - pk_init( new->key ); - - GET_ITEM( new->name ); - GET_ITEM( crt_file ); - GET_ITEM( key_file ); - - if( x509_crt_parse_file( new->cert, crt_file ) != 0 || - pk_parse_keyfile( new->key, key_file, "" ) != 0 ) - return( NULL ); - - new->next = cur; - cur = new; - } - - return( cur ); -} - void sni_free( sni_entry *head ) { sni_entry *cur = head, *next; @@ -464,6 +417,67 @@ void sni_free( sni_entry *head ) } } +/* + * Parse a string of triplets name1,crt1,key1[,name2,crt2,key2[,...]] + * into a usable sni_entry list. + * + * Modifies the input string! This is not production quality! + */ +sni_entry *sni_parse( char *sni_string ) +{ + sni_entry *cur = NULL, *new = NULL; + char *p = sni_string; + char *end = p; + char *crt_file, *key_file; + + while( *end != '\0' ) + ++end; + *end = ','; + + while( p <= end ) + { + if( ( new = polarssl_malloc( sizeof( sni_entry ) ) ) == NULL ) + { + sni_free( cur ); + return( NULL ); + } + + memset( new, 0, sizeof( sni_entry ) ); + + if( ( new->cert = polarssl_malloc( sizeof( x509_crt ) ) ) == NULL || + ( new->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL ) + { + polarssl_free( new->cert ); + polarssl_free( new ); + sni_free( cur ); + return( NULL ); + } + + x509_crt_init( new->cert ); + pk_init( new->key ); + + GET_ITEM( new->name ); + GET_ITEM( crt_file ); + GET_ITEM( key_file ); + + if( x509_crt_parse_file( new->cert, crt_file ) != 0 || + pk_parse_keyfile( new->key, key_file, "" ) != 0 ) + { + goto error; + } + + new->next = cur; + cur = new; + } + + return( cur ); + +error: + sni_free( new ); + sni_free( cur ); + return( NULL ); +} + /* * SNI callback. */ @@ -538,12 +552,26 @@ struct _psk_entry psk_entry *next; }; +/* + * Free a list of psk_entry's + */ +void psk_free( psk_entry *head ) +{ + psk_entry *next; + + while( head != NULL ) + { + next = head->next; + polarssl_free( head ); + head = next; + } +} + /* * Parse a string of pairs name1,key1[,name2,key2[,...]] * into a usable psk_entry list. * * Modifies the input string! This is not production quality! - * (leaks memory if parsing fails, no error reporting, ...) */ psk_entry *psk_parse( char *psk_string ) { @@ -567,28 +595,18 @@ psk_entry *psk_parse( char *psk_string ) GET_ITEM( key_hex ); if( unhexify( new->key, key_hex, &new->key_len ) != 0 ) - return( NULL ); + goto error; new->next = cur; cur = new; } return( cur ); -} -/* - * Free a list of psk_entry's - */ -void psk_free( psk_entry *head ) -{ - psk_entry *next; - - while( head != NULL ) - { - next = head->next; - polarssl_free( head ); - head = next; - } +error: + psk_free( new ); + psk_free( cur ); + return( 0 ); } /*