diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-04-08 15:38:42 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-04-08 15:44:46 +0200 |
commit | 029c4260bd3e0bd444ac0ca473386f7ef57470ec (patch) | |
tree | b70a73f90d0a621671c5a5faa2ab502f52f0f531 | |
parent | 1e4e52ea7fdeea7d21c1c4c79683a474ba54a912 (diff) | |
download | gnutls-029c4260bd3e0bd444ac0ca473386f7ef57470ec.tar.gz |
Corrected memory leaks.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | lib/auth_dh_common.c | 3 | ||||
-rw-r--r-- | lib/gnutls_privkey.c | 6 | ||||
-rw-r--r-- | lib/gnutls_x509.c | 1 | ||||
-rw-r--r-- | lib/nettle/pk.c | 45 | ||||
-rw-r--r-- | lib/pakchois/pakchois.c | 14 | ||||
-rw-r--r-- | lib/pakchois/pakchois.h | 2 | ||||
-rw-r--r-- | lib/pkcs11.c | 1 | ||||
-rw-r--r-- | tests/mini-x509.c | 1 |
9 files changed, 45 insertions, 30 deletions
@@ -7,7 +7,7 @@ See the end for copying conditions. ** libgnutls: Several updates and fixes for win32. Patches by LRN. -** libgnutls: Several bug fixes. +** libgnutls: Several bug and memory leak fixes. ** srptool: Accepts the -d option to enable debugging. diff --git a/lib/auth_dh_common.c b/lib/auth_dh_common.c index 5df743e857..ea9062c5cf 100644 --- a/lib/auth_dh_common.c +++ b/lib/auth_dh_common.c @@ -162,7 +162,6 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, opaque ** data, g session->key->KEY = gnutls_calc_dh_key (session->key->client_Y, x, session->key->client_p); - _gnutls_mpi_release (&x); if (session->key->KEY == NULL) { gnutls_assert (); @@ -204,7 +203,7 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, opaque ** data, g goto error; } - return n_X + 2; + ret = n_X + 2; error: _gnutls_mpi_release (&x); diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index 9ecba26d6d..9597572312 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -272,12 +272,12 @@ gnutls_privkey_deinit (gnutls_privkey_t key) { #ifdef ENABLE_OPENPGP case GNUTLS_PRIVKEY_OPENPGP: - return gnutls_openpgp_privkey_deinit (key->key.openpgp); + gnutls_openpgp_privkey_deinit (key->key.openpgp); #endif case GNUTLS_PRIVKEY_PKCS11: - return gnutls_pkcs11_privkey_deinit (key->key.pkcs11); + gnutls_pkcs11_privkey_deinit (key->key.pkcs11); case GNUTLS_PRIVKEY_X509: - return gnutls_x509_privkey_deinit (key->key.x509); + gnutls_x509_privkey_deinit (key->key.x509); } gnutls_free (key); } diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 36f304a116..ee5872f096 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -850,7 +850,6 @@ certificate_credentials_append_pkey (gnutls_certificate_credentials_t res, gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - res->pkey[res->ncerts] = pkey; return 0; diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 5a57b14e5d..9af3739e68 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -225,7 +225,7 @@ _wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo, return GNUTLS_E_MEMORY_ERROR; } - rsa_private_key_init (&priv); + memset(&priv, 0, sizeof(priv)); _rsa_params_to_privkey (pk_params, &priv); rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc)); @@ -278,8 +278,8 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, struct dsa_signature sig; int hash_len; - dsa_public_key_init (&pub); - dsa_private_key_init (&priv); + memset(&priv, 0, sizeof(priv)); + memset(&pub, 0, sizeof(pub)); _dsa_params_to_pubkey (pk_params, &pub); _dsa_params_to_privkey (pk_params, &priv); @@ -327,7 +327,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, return GNUTLS_E_MPI_SCAN_FAILED; } - rsa_private_key_init (&priv); + memset(&priv, 0, sizeof(priv)); _rsa_params_to_privkey (pk_params, &priv); nc = rsa_blind (hash, pk_params->params[1] /*e */ , @@ -338,7 +338,8 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, if (nc == NULL) { gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; + ret = GNUTLS_E_MEMORY_ERROR; + goto rsa_fail; } rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc)); @@ -346,6 +347,8 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, rsa_unblind (nc, ri, pk_params->params[0] /*m */ ); ret = _gnutls_mpi_dprint (nc, signature); + +rsa_fail: _gnutls_mpi_release (&nc); _gnutls_mpi_release (&ri); @@ -421,7 +424,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo, gnutls_assert (); goto cleanup; } - dsa_public_key_init (&pub); + memset(&pub, 0, sizeof(pub)); _dsa_params_to_pubkey (pk_params, &pub); memcpy (&sig.r, tmp[0], sizeof (sig.r)); memcpy (&sig.s, tmp[1], sizeof (sig.s)); @@ -490,6 +493,8 @@ wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo, int ret, i; int q_bits; + memset(params, 0, sizeof(*params)); + switch (algo) { @@ -514,7 +519,8 @@ wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo, if (ret != 1) { gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; + ret = GNUTLS_E_INTERNAL_ERROR; + goto dsa_fail; } params->params_nr = 0; @@ -524,21 +530,25 @@ wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo, if (params->params[i] == NULL) { ret = GNUTLS_E_MEMORY_ERROR; - dsa_private_key_clear (&priv); - dsa_public_key_clear (&pub); - goto fail; + goto dsa_fail; } params->params_nr++; } + + ret = 0; _gnutls_mpi_set (params->params[0], pub.p); _gnutls_mpi_set (params->params[1], pub.q); _gnutls_mpi_set (params->params[2], pub.g); _gnutls_mpi_set (params->params[3], pub.y); _gnutls_mpi_set (params->params[4], priv.x); +dsa_fail: dsa_private_key_clear (&priv); dsa_public_key_clear (&pub); + if (ret < 0) + goto fail; + break; } case GNUTLS_PK_RSA: @@ -557,7 +567,8 @@ wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo, if (ret != 1) { gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; + ret = GNUTLS_E_INTERNAL_ERROR; + goto rsa_fail; } params->params_nr = 0; @@ -567,13 +578,14 @@ wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo, if (params->params[i] == NULL) { ret = GNUTLS_E_MEMORY_ERROR; - rsa_private_key_clear (&priv); - rsa_public_key_clear (&pub); - goto fail; + goto rsa_fail; } params->params_nr++; } + + ret = 0; + _gnutls_mpi_set (params->params[0], pub.n); _gnutls_mpi_set (params->params[1], pub.e); _gnutls_mpi_set (params->params[2], priv.d); @@ -582,9 +594,14 @@ wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo, _gnutls_mpi_set (params->params[5], priv.c); _gnutls_mpi_set (params->params[6], priv.a); _gnutls_mpi_set (params->params[7], priv.b); + +rsa_fail: rsa_private_key_clear (&priv); rsa_public_key_clear (&pub); + if (ret < 0) + goto fail; + break; } default: diff --git a/lib/pakchois/pakchois.c b/lib/pakchois/pakchois.c index e2ffe0fd47..decd752c07 100644 --- a/lib/pakchois/pakchois.c +++ b/lib/pakchois/pakchois.c @@ -581,18 +581,14 @@ pakchois_module_destroy (pakchois_module_t * mod) free (mod); } -#ifdef __GNUC__ -static void pakchois_destructor (void) __attribute__ ((destructor)); - -static void -pakchois_destructor (void) +void pakchois_destructor (void) { if (provider_mutex != NULL) - gnutls_mutex_deinit (&provider_mutex); + { + gnutls_mutex_deinit (&provider_mutex); + provider_mutex = NULL; + } } -#else -#warning need destructor support -#endif ck_rv_t pakchois_get_info (pakchois_module_t * mod, struct ck_info *info) diff --git a/lib/pakchois/pakchois.h b/lib/pakchois/pakchois.h index a7f8069fcd..16558ef034 100644 --- a/lib/pakchois/pakchois.h +++ b/lib/pakchois/pakchois.h @@ -96,6 +96,8 @@ ck_rv_t pakchois_module_nssload_abs (pakchois_module_t ** module, /* Destroy a PKCS#11 module. */ void pakchois_module_destroy (pakchois_module_t * module); +void pakchois_destructor (void); + /* Return the error string corresponding to the given return value. * Never returns NULL. */ const char *pakchois_error (ck_rv_t rv); diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 2285ce8ba0..81c043b1e0 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -456,6 +456,7 @@ gnutls_pkcs11_deinit (void) pakchois_module_destroy (providers[i].module); } active_providers = 0; + pakchois_destructor(); } /** diff --git a/tests/mini-x509.c b/tests/mini-x509.c index 8b57ca8441..9a1b4e80ba 100644 --- a/tests/mini-x509.c +++ b/tests/mini-x509.c @@ -236,6 +236,7 @@ main (int argc, char *argv[]) free (to_client); gnutls_certificate_free_credentials (serverx509cred); + gnutls_certificate_free_credentials (clientx509cred); gnutls_global_deinit (); |