From 0c226106937df932b6d5960139a2884c1ed2b632 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 17 Apr 2014 16:02:36 +0200 Subject: [PATCH] Cleaned up location of init and free for some programs to prevent memory leaks on incorrect arguments --- programs/hash/md5sum.c | 2 ++ programs/hash/sha1sum.c | 2 ++ programs/hash/sha2sum.c | 2 ++ programs/pkey/dh_client.c | 4 +++- programs/pkey/dh_genprime.c | 2 +- programs/pkey/dh_server.c | 4 +++- programs/pkey/gen_key.c | 5 ++++- programs/pkey/key_app_writer.c | 10 ++++++++-- programs/pkey/pk_sign.c | 8 +++----- programs/pkey/pk_verify.c | 7 +++---- programs/pkey/rsa_sign_pss.c | 8 +++----- programs/pkey/rsa_verify_pss.c | 7 +++---- programs/ssl/ssl_client1.c | 4 +++- programs/ssl/ssl_fork_server.c | 16 ++++++++++------ programs/ssl/ssl_server.c | 12 +++++++----- programs/ssl/ssl_server2.c | 28 ++++++++++++++++++++++------ programs/test/ssl_test.c | 12 ++++++++---- programs/x509/cert_req.c | 5 ++++- programs/x509/cert_write.c | 5 ++++- 19 files changed, 95 insertions(+), 48 deletions(-) diff --git a/programs/hash/md5sum.c b/programs/hash/md5sum.c index d614aa1ea9..74296500c2 100644 --- a/programs/hash/md5sum.c +++ b/programs/hash/md5sum.c @@ -132,6 +132,8 @@ static int md5_check( char *filename ) n = sizeof( line ); } + fclose( f ); + if( nb_err1 != 0 ) { printf( "WARNING: %d (out of %d) input files could " diff --git a/programs/hash/sha1sum.c b/programs/hash/sha1sum.c index ff0514a096..bd3fd6e25b 100644 --- a/programs/hash/sha1sum.c +++ b/programs/hash/sha1sum.c @@ -132,6 +132,8 @@ static int sha1_check( char *filename ) n = sizeof( line ); } + fclose( f ); + if( nb_err1 != 0 ) { printf( "WARNING: %d (out of %d) input files could " diff --git a/programs/hash/sha2sum.c b/programs/hash/sha2sum.c index c3f1a0d6b4..2e6884dbf7 100644 --- a/programs/hash/sha2sum.c +++ b/programs/hash/sha2sum.c @@ -132,6 +132,8 @@ static int sha256_check( char *filename ) n = sizeof( line ); } + fclose( f ); + if( nb_err1 != 0 ) { printf( "WARNING: %d (out of %d) input files could " diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 2d729df40b..66450b6d18 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -272,7 +272,9 @@ int main( int argc, char *argv[] ) exit: - net_close( server_fd ); + if( server_fd != -1 ) + net_close( server_fd ); + rsa_free( &rsa ); dhm_free( &dhm ); entropy_free( &entropy ); diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 1f9d730443..6d6e35a72e 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -65,6 +65,7 @@ int main( int argc, char *argv[] ) ((void) argv); mpi_init( &G ); mpi_init( &P ); mpi_init( &Q ); + entropy_init( &entropy ); if( ( ret = mpi_read_string( &G, 10, GENERATOR ) ) != 0 ) { @@ -84,7 +85,6 @@ int main( int argc, char *argv[] ) printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - entropy_init( &entropy ); if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 245f6f0d43..eb417daa16 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -273,7 +273,9 @@ int main( int argc, char *argv[] ) exit: - net_close( client_fd ); + if( client_fd != -1 ) + net_close( client_fd ); + rsa_free( &rsa ); dhm_free( &dhm ); entropy_free( &entropy ); diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 9f060b7c28..43ae6e16d7 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -146,9 +146,12 @@ static int write_private_key( pk_context *key, const char *output_file ) return( -1 ); if( fwrite( c, 1, len, f ) != len ) + { + fclose( f ); return( -1 ); + } - fclose(f); + fclose( f ); return( 0 ); } diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 4cf489bb84..269ddbd438 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -104,9 +104,12 @@ static int write_public_key( pk_context *key, const char *output_file ) return( -1 ); if( fwrite( c, 1, len, f ) != len ) + { + fclose( f ); return( -1 ); + } - fclose(f); + fclose( f ); return( 0 ); } @@ -140,9 +143,12 @@ static int write_private_key( pk_context *key, const char *output_file ) return( -1 ); if( fwrite( c, 1, len, f ) != len ) + { + fclose( f ); return( -1 ); + } - fclose(f); + fclose( f ); return( 0 ); } diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 67ac0b4142..4adb753710 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -58,7 +58,7 @@ int main( int argc, char *argv[] ) int main( int argc, char *argv[] ) { FILE *f; - int ret; + int ret = 1; pk_context pk; entropy_context entropy; ctr_drbg_context ctr_drbg; @@ -68,7 +68,8 @@ int main( int argc, char *argv[] ) const char *pers = "pk_sign"; size_t olen = 0; - ret = 1; + entropy_init( &entropy ); + pk_init( &pk ); if( argc != 3 ) { @@ -84,7 +85,6 @@ int main( int argc, char *argv[] ) printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - entropy_init( &entropy ); if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -96,8 +96,6 @@ int main( int argc, char *argv[] ) printf( "\n . Reading private key from '%s'", argv[1] ); fflush( stdout ); - pk_init( &pk ); - if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { ret = 1; diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index a188eb9cd8..f2664a677f 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -54,14 +54,15 @@ int main( int argc, char *argv[] ) int main( int argc, char *argv[] ) { FILE *f; - int ret; + int ret = 1; size_t i; pk_context pk; unsigned char hash[20]; unsigned char buf[POLARSSL_MPI_MAX_SIZE]; char filename[512]; - ret = 1; + pk_init( &pk ); + if( argc != 3 ) { printf( "usage: pk_verify \n" ); @@ -76,8 +77,6 @@ int main( int argc, char *argv[] ) printf( "\n . Reading public key from '%s'", argv[1] ); fflush( stdout ); - pk_init( &pk ); - if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) { printf( " failed\n ! pk_parse_public_keyfile returned -0x%04x\n", -ret ); diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 7e8ac4aa4c..de33a6ea5c 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -58,7 +58,7 @@ int main( int argc, char *argv[] ) int main( int argc, char *argv[] ) { FILE *f; - int ret; + int ret = 1; pk_context pk; entropy_context entropy; ctr_drbg_context ctr_drbg; @@ -68,7 +68,8 @@ int main( int argc, char *argv[] ) const char *pers = "rsa_sign_pss"; size_t olen = 0; - ret = 1; + entropy_init( &entropy ); + pk_init( &pk ); if( argc != 3 ) { @@ -84,7 +85,6 @@ int main( int argc, char *argv[] ) printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - entropy_init( &entropy ); if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -96,8 +96,6 @@ int main( int argc, char *argv[] ) printf( "\n . Reading private key from '%s'", argv[1] ); fflush( stdout ); - pk_init( &pk ); - if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { ret = 1; diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index b41bcf8c7a..0969a5a221 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -55,14 +55,15 @@ int main( int argc, char *argv[] ) int main( int argc, char *argv[] ) { FILE *f; - int ret; + int ret = 1; size_t i; pk_context pk; unsigned char hash[20]; unsigned char buf[POLARSSL_MPI_MAX_SIZE]; char filename[512]; - ret = 1; + pk_init( &pk ); + if( argc != 3 ) { printf( "usage: rsa_verify_pss \n" ); @@ -77,8 +78,6 @@ int main( int argc, char *argv[] ) printf( "\n . Reading public key from '%s'", argv[1] ); fflush( stdout ); - pk_init( &pk ); - if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) { printf( " failed\n ! Could not read key from '%s'\n", argv[1] ); diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 11e04f3c60..270bb6217a 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -277,8 +277,10 @@ exit: } #endif + if( server_fd != -1 ) + net_close( server_fd ); + x509_crt_free( &cacert ); - net_close( server_fd ); ssl_free( &ssl ); entropy_free( &entropy ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 3d2c02cb34..7c8c3dc3c8 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -108,6 +108,12 @@ int main( int argc, char *argv[] ) ((void) argc); ((void) argv); + memset( &ssl, 0, sizeof(ssl_context) ); + + entropy_init( &entropy ); + pk_init( &pkey ); + x509_crt_init( &srvcert ); + signal( SIGCHLD, SIG_IGN ); /* @@ -116,7 +122,6 @@ int main( int argc, char *argv[] ) printf( "\n . Initial seeding of the random generator..." ); fflush( stdout ); - entropy_init( &entropy ); if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -133,8 +138,6 @@ int main( int argc, char *argv[] ) printf( " . Loading the server cert. and key..." ); fflush( stdout ); - x509_crt_init( &srvcert ); - /* * This demonstration program uses embedded test certificates. * Instead, you may want to use x509_crt_parse_file() to read the @@ -156,7 +159,6 @@ int main( int argc, char *argv[] ) goto exit; } - pk_init( &pkey ); ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key, strlen( test_srv_key ), NULL, 0 ); if( ret != 0 ) @@ -246,7 +248,7 @@ int main( int argc, char *argv[] ) printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret ); goto exit; } - + if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed\n ! ssl_init returned %d\n\n", ret ); @@ -360,7 +362,9 @@ int main( int argc, char *argv[] ) exit: - net_close( client_fd ); + if( client_fd != -1 ) + net_close( client_fd ); + x509_crt_free( &srvcert ); pk_free( &pkey ); ssl_free( &ssl ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 7d46aac0c3..49c3965b14 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -100,9 +100,13 @@ int main( int argc, char *argv[] ) ((void) argc); ((void) argv); + memset( &ssl, 0, sizeof(ssl_context) ); #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_init( &cache ); #endif + x509_crt_init( &srvcert ); + pk_init( &pkey ); + entropy_init( &entropy ); /* * 1. Load the certificates and private RSA key @@ -110,8 +114,6 @@ int main( int argc, char *argv[] ) printf( "\n . Loading the server cert. and key..." ); fflush( stdout ); - x509_crt_init( &srvcert ); - /* * This demonstration program uses embedded test certificates. * Instead, you may want to use x509_crt_parse_file() to read the @@ -133,7 +135,6 @@ int main( int argc, char *argv[] ) goto exit; } - pk_init( &pkey ); ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key, strlen( test_srv_key ), NULL, 0 ); if( ret != 0 ) @@ -164,7 +165,6 @@ int main( int argc, char *argv[] ) printf( " . Seeding the random number generator..." ); fflush( stdout ); - entropy_init( &entropy ); if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -352,7 +352,9 @@ exit: } #endif - net_close( client_fd ); + if( client_fd != -1 ) + net_close( client_fd ); + x509_crt_free( &srvcert ); pk_free( &pkey ); ssl_free( &ssl ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 758188b6c8..ae9f738ffb 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -339,30 +339,44 @@ sni_entry *sni_parse( char *sni_string ) if( ( new->cert = polarssl_malloc( sizeof( x509_crt ) ) ) == NULL || ( new->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL ) - return( NULL ); + { + cur = NULL; + goto exit; + } x509_crt_init( new->cert ); pk_init( new->key ); new->name = p; - while( *p != ',' ) if( ++p > end ) return( NULL ); + while( *p != ',' ) if( ++p > end ) { cur = NULL; goto exit; } *p++ = '\0'; crt_file = p; - while( *p != ',' ) if( ++p > end ) return( NULL ); + while( *p != ',' ) if( ++p > end ) { cur = NULL; goto exit; } *p++ = '\0'; key_file = p; - while( *p != ',' ) if( ++p > end ) return( NULL ); + while( *p != ',' ) if( ++p > end ) { cur = NULL; goto exit; } *p++ = '\0'; if( x509_crt_parse_file( new->cert, crt_file ) != 0 || pk_parse_keyfile( new->key, key_file, "" ) != 0 ) - return( NULL ); + { + cur = NULL; + goto exit; + } new->next = cur; cur = new; + new = NULL; + } +exit: + if( new != NULL ) + { + x509_crt_free( new->cert); + pk_free( new->key ); + polarssl_free( new ); } return( cur ); @@ -1345,7 +1359,9 @@ exit: } #endif - net_close( client_fd ); + if( client_fd != -1 ) + net_close( client_fd ); + #if defined(POLARSSL_X509_CRT_PARSE_C) x509_crt_free( &cacert ); x509_crt_free( &srvcert ); diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index ea73d50a6b..79bab943c0 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -167,7 +167,11 @@ static int ssl_test( struct options *opt ) ret = 1; + memset( &ssl, 0, sizeof(ssl_context) ); entropy_init( &entropy ); + x509_crt_init( &srvcert ); + pk_init( &pkey ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -183,8 +187,6 @@ static int ssl_test( struct options *opt ) memset( read_state, 0, sizeof( read_state ) ); memset( write_state, 0, sizeof( write_state ) ); - x509_crt_init( &srvcert ); - pk_init( &pkey ); if( opt->opmode == OPMODE_CLIENT ) { @@ -198,7 +200,7 @@ static int ssl_test( struct options *opt ) if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " ! ssl_init returned %d\n\n", ret ); - return( ret ); + goto exit; } ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); @@ -408,7 +410,9 @@ exit: pk_free( &pkey ); ssl_free( &ssl ); entropy_free( &entropy ); - net_close( client_fd ); + + if( client_fd != -1 ) + net_close( client_fd ); return( ret ); } diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index c738b4a9e5..f56cae8e7f 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -89,9 +89,12 @@ int write_certificate_request( x509write_csr *req, const char *output_file, return( -1 ); if( fwrite( output_buf, 1, len, f ) != len ) + { + fclose( f ); return( -1 ); + } - fclose(f); + fclose( f ); return( 0 ); } diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 952d17cd34..b4fc4500ff 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -113,9 +113,12 @@ int write_certificate( x509write_cert *crt, const char *output_file, return( -1 ); if( fwrite( output_buf, 1, len, f ) != len ) + { + fclose( f ); return( -1 ); + } - fclose(f); + fclose( f ); return( 0 ); }