Re: [PATCH] Flatiron: Fix memory leaks when nss fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ACK.

Fabio

On 3/15/2012 10:12 AM, Jan Friesse wrote:
> Specially bad one was happening, when packet with invalid digest was
> received  digest and iovec was larger then 1 item.
> 
> Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
> ---
>  exec/totemudp.c  |   33 ++++++++++++++++++++++-----------
>  exec/totemudpu.c |   33 ++++++++++++++++++++++-----------
>  2 files changed, 44 insertions(+), 22 deletions(-)
> 
> diff --git a/exec/totemudp.c b/exec/totemudp.c
> index 0c12b56..a912b6a 100644
> --- a/exec/totemudp.c
> +++ b/exec/totemudp.c
> @@ -472,7 +472,7 @@ static int encrypt_and_sign_nss (
>  	inbuf = copy_from_iovec(iovec, iov_len, &datalen);
>  	if (!inbuf) {
>  		log_printf(instance->totemudp_log_level_security, "malloc error copying buffer from iovec\n");
> -		return -1;
> +		goto out;
>  	}
>  
>  	data = inbuf + sizeof (struct security_header);
> @@ -488,6 +488,7 @@ static int encrypt_and_sign_nss (
>  		log_printf(instance->totemudp_log_level_security,
>  			"Failure to generate a random number %d\n",
>  			PR_GetError());
> +		goto out;
>  	}
>  
>  	memcpy(header->salt, nss_iv_data, sizeof(nss_iv_data));
> @@ -503,7 +504,7 @@ static int encrypt_and_sign_nss (
>  			"Failure to set up PKCS11 param (err %d)\n",
>  			PR_GetError());
>  		free (inbuf);
> -		return (-1);
> +		goto out;
>  	}
>  
>  	/*
> @@ -523,7 +524,7 @@ static int encrypt_and_sign_nss (
>  			instance->totem_config->crypto_crypt_type,
>  			PR_GetError(), err);
>  		free(inbuf);
> -		return -1;
> +		goto sec_out;
>  	}
>  	rv1 = PK11_CipherOp(enc_context, outdata,
>  			    &tmp1_outlen, FRAME_SIZE_MAX - sizeof(struct security_header),
> @@ -537,7 +538,7 @@ static int encrypt_and_sign_nss (
>  //	memcpy(&outdata[*buf_len], nss_iv_data, sizeof(nss_iv_data));
>  
>  	if (rv1 != SECSuccess || rv2 != SECSuccess)
> -		goto out;
> +		goto sec_out;
>  
>  	/* Now do the digest */
>  	enc_context = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC,
> @@ -548,7 +549,7 @@ static int encrypt_and_sign_nss (
>  		err[PR_GetErrorTextLength()] = 0;
>  		log_printf(instance->totemudp_log_level_security, "encrypt: PK11_CreateContext failed (digest) err %d: %s\n",
>  			PR_GetError(), err);
> -		return -1;
> +		goto sec_out;
>  	}
>  
>  
> @@ -560,13 +561,17 @@ static int encrypt_and_sign_nss (
>  	PK11_DestroyContext(enc_context, PR_TRUE);
>  
>  	if (rv1 != SECSuccess || rv2 != SECSuccess)
> -		goto out;
> +		goto sec_out;
>  
>  
>  	*buf_len = *buf_len + sizeof(struct security_header);
>  	SECITEM_FreeItem(nss_sec_param, PR_TRUE);
>  	return 0;
>  
> +sec_out:
> +	if (nss_sec_param != NULL) {
> +		SECITEM_FreeItem(nss_sec_param, PR_TRUE);
> +	}
>  out:
>  	return -1;
>  }
> @@ -624,8 +629,7 @@ static int authenticate_and_decrypt_nss (
>  		err[PR_GetErrorTextLength()] = 0;
>  		log_printf(instance->totemudp_log_level_security, "PK11_CreateContext failed (check digest) err %d: %s\n",
>  			PR_GetError(), err);
> -		free (inbuf);
> -		return -1;
> +		goto out;
>  	}
>  
>  	PK11_DigestBegin(enc_context);
> @@ -637,12 +641,12 @@ static int authenticate_and_decrypt_nss (
>  
>  	if (rv1 != SECSuccess || rv2 != SECSuccess) {
>  		log_printf(instance->totemudp_log_level_security, "Digest check failed\n");
> -		return -1;
> +		goto out;
>  	}
>  
>  	if (memcmp(digest, header->hash_digest, tmp2_outlen) != 0) {
>  		log_printf(instance->totemudp_log_level_error, "Digest does not match\n");
> -		return -1;
> +		goto out;
>  	}
>  
>  	/*
> @@ -664,7 +668,7 @@ static int authenticate_and_decrypt_nss (
>  		log_printf(instance->totemudp_log_level_security,
>  			"PK11_CreateContext (decrypt) failed (err %d)\n",
>  			PR_GetError());
> -		return -1;
> +		goto out;
>  	}
>  
>  	rv1 = PK11_CipherOp(enc_context, outdata, &tmp1_outlen,
> @@ -689,6 +693,13 @@ static int authenticate_and_decrypt_nss (
>  		return -1;
>  
>  	return 0;
> +
> +out:
> +	if (iov_len > 1 && inbuf != NULL) {
> +		free (inbuf);
> +	}
> +
> +	return (-1);
>  }
>  #endif
>  
> diff --git a/exec/totemudpu.c b/exec/totemudpu.c
> index 548bb22..c276521 100644
> --- a/exec/totemudpu.c
> +++ b/exec/totemudpu.c
> @@ -451,7 +451,7 @@ static int encrypt_and_sign_nss (
>  	inbuf = copy_from_iovec(iovec, iov_len, &datalen);
>  	if (!inbuf) {
>  		log_printf(instance->totemudpu_log_level_security, "malloc error copying buffer from iovec\n");
> -		return -1;
> +		goto out;
>  	}
>  
>  	data = inbuf + sizeof (struct security_header);
> @@ -467,6 +467,7 @@ static int encrypt_and_sign_nss (
>  		log_printf(instance->totemudpu_log_level_security,
>  			"Failure to generate a random number %d\n",
>  			PR_GetError());
> +		goto out;
>  	}
>  
>  	memcpy(header->salt, nss_iv_data, sizeof(nss_iv_data));
> @@ -482,7 +483,7 @@ static int encrypt_and_sign_nss (
>  			"Failure to set up PKCS11 param (err %d)\n",
>  			PR_GetError());
>  		free (inbuf);
> -		return (-1);
> +		goto out;
>  	}
>  
>  	/*
> @@ -502,7 +503,7 @@ static int encrypt_and_sign_nss (
>  			instance->totem_config->crypto_crypt_type,
>  			PR_GetError(), err);
>  		free(inbuf);
> -		return -1;
> +		goto sec_out;
>  	}
>  	rv1 = PK11_CipherOp(enc_context, outdata,
>  			    &tmp1_outlen, FRAME_SIZE_MAX - sizeof(struct security_header),
> @@ -516,7 +517,7 @@ static int encrypt_and_sign_nss (
>  //	memcpy(&outdata[*buf_len], nss_iv_data, sizeof(nss_iv_data));
>  
>  	if (rv1 != SECSuccess || rv2 != SECSuccess)
> -		goto out;
> +		goto sec_out;
>  
>  	/* Now do the digest */
>  	enc_context = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC,
> @@ -527,7 +528,7 @@ static int encrypt_and_sign_nss (
>  		err[PR_GetErrorTextLength()] = 0;
>  		log_printf(instance->totemudpu_log_level_security, "encrypt: PK11_CreateContext failed (digest) err %d: %s\n",
>  			PR_GetError(), err);
> -		return -1;
> +		goto sec_out;
>  	}
>  
>  
> @@ -539,13 +540,17 @@ static int encrypt_and_sign_nss (
>  	PK11_DestroyContext(enc_context, PR_TRUE);
>  
>  	if (rv1 != SECSuccess || rv2 != SECSuccess)
> -		goto out;
> +		goto sec_out;
>  
>  
>  	*buf_len = *buf_len + sizeof(struct security_header);
>  	SECITEM_FreeItem(nss_sec_param, PR_TRUE);
>  	return 0;
>  
> +sec_out:
> +	if (nss_sec_param != NULL) {
> +		SECITEM_FreeItem(nss_sec_param, PR_TRUE);
> +	}
>  out:
>  	return -1;
>  }
> @@ -603,8 +608,7 @@ static int authenticate_and_decrypt_nss (
>  		err[PR_GetErrorTextLength()] = 0;
>  		log_printf(instance->totemudpu_log_level_security, "PK11_CreateContext failed (check digest) err %d: %s\n",
>  			PR_GetError(), err);
> -		free (inbuf);
> -		return -1;
> +		goto out;
>  	}
>  
>  	PK11_DigestBegin(enc_context);
> @@ -616,12 +620,12 @@ static int authenticate_and_decrypt_nss (
>  
>  	if (rv1 != SECSuccess || rv2 != SECSuccess) {
>  		log_printf(instance->totemudpu_log_level_security, "Digest check failed\n");
> -		return -1;
> +		goto out;
>  	}
>  
>  	if (memcmp(digest, header->hash_digest, tmp2_outlen) != 0) {
>  		log_printf(instance->totemudpu_log_level_error, "Digest does not match\n");
> -		return -1;
> +		goto out;
>  	}
>  
>  	/*
> @@ -643,7 +647,7 @@ static int authenticate_and_decrypt_nss (
>  		log_printf(instance->totemudpu_log_level_security,
>  			"PK11_CreateContext (decrypt) failed (err %d)\n",
>  			PR_GetError());
> -		return -1;
> +		goto out;
>  	}
>  
>  	rv1 = PK11_CipherOp(enc_context, outdata, &tmp1_outlen,
> @@ -668,6 +672,13 @@ static int authenticate_and_decrypt_nss (
>  		return -1;
>  
>  	return 0;
> +
> +out:
> +	if (iov_len > 1 && inbuf != NULL) {
> +		free (inbuf);
> +	}
> +
> +	return (-1);
>  }
>  #endif
>  

_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss


[Index of Archives]     [Linux Clusters]     [Corosync Project]     [Linux USB Devel]     [Linux Audio Users]     [Photo]     [Yosemite News]    [Yosemite Photos]    [Linux Kernel]     [Linux SCSI]     [X.Org]

  Powered by Linux