From 3914840d784e00f263a574f11dfa9effe9c44f01 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 17 Apr 2014 16:02:36 +0200 Subject: [PATCH] Cleaned up location of init and free for some programs to prevent memory leaks on incorrect arguments --- programs/hash/md5sum.c | 2 ++ programs/hash/sha1sum.c | 2 ++ programs/hash/sha2sum.c | 2 ++ programs/pkey/dh_client.c | 4 +++- programs/pkey/dh_genprime.c | 2 +- programs/pkey/dh_server.c | 4 +++- programs/pkey/rsa_sign_pss.c | 8 +++----- programs/pkey/rsa_verify_pss.c | 7 +++---- programs/ssl/ssl_client1.c | 4 +++- programs/ssl/ssl_fork_server.c | 16 ++++++++++------ programs/ssl/ssl_server.c | 12 +++++++----- programs/ssl/ssl_server2.c | 5 ++++- programs/test/ssl_test.c | 13 ++++++++----- 13 files changed, 51 insertions(+), 30 deletions(-) diff --git a/programs/hash/md5sum.c b/programs/hash/md5sum.c index ede3c4558..ed0d437da 100644 --- a/programs/hash/md5sum.c +++ b/programs/hash/md5sum.c @@ -136,6 +136,8 @@ static int md5_check( char *filename ) n = sizeof( line ); } + fclose( f ); + if( nb_err1 != 0 ) { printf( "WARNING: %d (out of %d) input files could " diff --git a/programs/hash/sha1sum.c b/programs/hash/sha1sum.c index c20323d57..e0ffa4697 100644 --- a/programs/hash/sha1sum.c +++ b/programs/hash/sha1sum.c @@ -136,6 +136,8 @@ static int sha1_check( char *filename ) n = sizeof( line ); } + fclose( f ); + if( nb_err1 != 0 ) { printf( "WARNING: %d (out of %d) input files could " diff --git a/programs/hash/sha2sum.c b/programs/hash/sha2sum.c index c01bb1cd2..f731c3c89 100644 --- a/programs/hash/sha2sum.c +++ b/programs/hash/sha2sum.c @@ -136,6 +136,8 @@ static int sha2_check( char *filename ) n = sizeof( line ); } + fclose( f ); + if( nb_err1 != 0 ) { printf( "WARNING: %d (out of %d) input files could " diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 51da9ab41..12b2eff65 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -275,7 +275,9 @@ int main( int argc, char *argv[] ) exit: - net_close( server_fd ); + if( server_fd != -1 ) + net_close( server_fd ); + rsa_free( &rsa ); dhm_free( &dhm ); diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index b11199181..e349140ce 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -69,6 +69,7 @@ int main( int argc, char *argv[] ) ((void) argv); mpi_init( &G ); mpi_init( &P ); mpi_init( &Q ); + entropy_init( &entropy ); if( ( ret = mpi_read_string( &G, 10, GENERATOR ) ) != 0 ) { @@ -86,7 +87,6 @@ int main( int argc, char *argv[] ) printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - entropy_init( &entropy ); if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index fb9c082ec..c9482334d 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -276,7 +276,9 @@ int main( int argc, char *argv[] ) exit: - net_close( client_fd ); + if( client_fd != -1 ) + net_close( client_fd ); + rsa_free( &rsa ); dhm_free( &dhm ); diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 17e772a13..24c083e27 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -62,7 +62,7 @@ int main( int argc, char *argv[] ) int main( int argc, char *argv[] ) { FILE *f; - int ret; + int ret = 1; rsa_context rsa; entropy_context entropy; ctr_drbg_context ctr_drbg; @@ -71,7 +71,8 @@ int main( int argc, char *argv[] ) char filename[512]; const char *pers = "rsa_sign_pss"; - ret = 1; + entropy_init( &entropy ); + rsa_init( &rsa, RSA_PKCS_V21, POLARSSL_MD_SHA1 ); if( argc != 3 ) { @@ -87,7 +88,6 @@ int main( int argc, char *argv[] ) printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - entropy_init( &entropy ); if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -99,8 +99,6 @@ int main( int argc, char *argv[] ) printf( "\n . Reading private key from '%s'", argv[1] ); fflush( stdout ); - rsa_init( &rsa, RSA_PKCS_V21, POLARSSL_MD_SHA1 ); - if( ( ret = x509parse_keyfile( &rsa, argv[1], "" ) ) != 0 ) { ret = 1; diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index b77fbca2c..2de6eab87 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -59,14 +59,15 @@ int main( int argc, char *argv[] ) int main( int argc, char *argv[] ) { FILE *f; - int ret; + int ret = 1; size_t i; rsa_context rsa; unsigned char hash[20]; unsigned char buf[POLARSSL_MPI_MAX_SIZE]; char filename[512]; - ret = 1; + rsa_init( &rsa, RSA_PKCS_V21, POLARSSL_MD_SHA1 ); + if( argc != 3 ) { printf( "usage: rsa_verify_pss \n" ); @@ -81,8 +82,6 @@ int main( int argc, char *argv[] ) printf( "\n . Reading public key from '%s'", argv[1] ); fflush( stdout ); - rsa_init( &rsa, RSA_PKCS_V21, POLARSSL_MD_SHA1 ); - if( ( ret = x509parse_public_keyfile( &rsa, argv[1] ) ) != 0 ) { printf( " failed\n ! x509parse_public_key returned %d\n\n", ret ); diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index eefb099c0..d629bd899 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -279,8 +279,10 @@ exit: } #endif + if( server_fd != -1 ) + net_close( server_fd ); + x509_free( &cacert ); - net_close( server_fd ); ssl_free( &ssl ); memset( &ssl, 0, sizeof( ssl ) ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 76c782b7b..7e489dafa 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -110,6 +110,12 @@ int main( int argc, char *argv[] ) ((void) argc); ((void) argv); + memset( &ssl, 0, sizeof(ssl_context) ); + + entropy_init( &entropy ); + rsa_init( &rsa, RSA_PKCS_V15, 0 ); + memset( &srvcert, 0, sizeof( x509_cert ) ); + signal( SIGCHLD, SIG_IGN ); /* @@ -118,7 +124,6 @@ int main( int argc, char *argv[] ) printf( "\n . Initial seeding of the random generator..." ); fflush( stdout ); - entropy_init( &entropy ); if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -135,8 +140,6 @@ int main( int argc, char *argv[] ) printf( " . Loading the server cert. and key..." ); fflush( stdout ); - memset( &srvcert, 0, sizeof( x509_cert ) ); - /* * This demonstration program uses embedded test certificates. * Instead, you may want to use x509parse_crtfile() to read the @@ -158,7 +161,6 @@ int main( int argc, char *argv[] ) goto exit; } - rsa_init( &rsa, RSA_PKCS_V15, 0 ); ret = x509parse_key( &rsa, (const unsigned char *) test_srv_key, strlen( test_srv_key ), NULL, 0 ); if( ret != 0 ) @@ -248,7 +250,7 @@ int main( int argc, char *argv[] ) printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret ); goto exit; } - + if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed\n ! ssl_init returned %d\n\n", ret ); @@ -362,7 +364,9 @@ int main( int argc, char *argv[] ) exit: - net_close( client_fd ); + if( client_fd != -1 ) + net_close( client_fd ); + x509_free( &srvcert ); rsa_free( &rsa ); ssl_free( &ssl ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index a4247dad2..87e9ef21b 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -101,9 +101,13 @@ int main( int argc, char *argv[] ) ((void) argc); ((void) argv); + memset( &ssl, 0, sizeof(ssl_context) ); #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_init( &cache ); #endif + memset( &srvcert, 0, sizeof( x509_cert ) ); + rsa_init( &rsa, RSA_PKCS_V15, 0 ); + entropy_init( &entropy ); /* * 1. Load the certificates and private RSA key @@ -111,8 +115,6 @@ int main( int argc, char *argv[] ) printf( "\n . Loading the server cert. and key..." ); fflush( stdout ); - memset( &srvcert, 0, sizeof( x509_cert ) ); - /* * This demonstration program uses embedded test certificates. * Instead, you may want to use x509parse_crtfile() to read the @@ -134,7 +136,6 @@ int main( int argc, char *argv[] ) goto exit; } - rsa_init( &rsa, RSA_PKCS_V15, 0 ); ret = x509parse_key( &rsa, (const unsigned char *) test_srv_key, strlen( test_srv_key ), NULL, 0 ); if( ret != 0 ) @@ -165,7 +166,6 @@ int main( int argc, char *argv[] ) printf( " . Seeding the random number generator..." ); fflush( stdout ); - entropy_init( &entropy ); if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -353,7 +353,9 @@ exit: } #endif - net_close( client_fd ); + if( client_fd != -1 ) + net_close( client_fd ); + x509_free( &srvcert ); rsa_free( &rsa ); ssl_free( &ssl ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 573408858..5be6d6ca7 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -712,7 +712,10 @@ exit: } #endif - net_close( client_fd ); + + if( client_fd != -1 ) + net_close( client_fd ); + x509_free( &srvcert ); x509_free( &cacert ); rsa_free( &rsa ); diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index 04adf297e..3e38e66e5 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -172,7 +172,11 @@ static int ssl_test( struct options *opt ) ret = 1; + memset( &ssl, 0, sizeof(ssl_context) ); entropy_init( &entropy ); + memset( &srvcert, 0, sizeof( x509_cert ) ); + memset( &rsa, 0, sizeof( rsa_context ) ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -186,9 +190,6 @@ static int ssl_test( struct options *opt ) memset( read_state, 0, sizeof( read_state ) ); memset( write_state, 0, sizeof( write_state ) ); - memset( &srvcert, 0, sizeof( x509_cert ) ); - memset( &rsa, 0, sizeof( rsa_context ) ); - if( opt->opmode == OPMODE_CLIENT ) { if( ( ret = net_connect( &client_fd, opt->server_name, @@ -201,7 +202,7 @@ static int ssl_test( struct options *opt ) if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " ! ssl_init returned %d\n\n", ret ); - return( ret ); + goto exit; } ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); @@ -408,7 +409,9 @@ exit: x509_free( &srvcert ); rsa_free( &rsa ); ssl_free( &ssl ); - net_close( client_fd ); + + if( client_fd != -1 ) + net_close( client_fd ); return( ret ); }