[PATCH] Flatiron: Fix memory leaks when nss fails

Jan Friesse <jfriesse@xxxxxxxxxx> · Thu, 15 Mar 2012 10:12:44 +0100

Specially bad one was happening, when packet with invalid digest was
received  digest and iovec was larger then 1 item.

Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
---
 exec/totemudp.c  |   33 ++++++++++++++++++++++-----------
 exec/totemudpu.c |   33 ++++++++++++++++++++++-----------
 2 files changed, 44 insertions(+), 22 deletions(-)

diff --git a/exec/totemudp.c b/exec/totemudp.c
index 0c12b56..a912b6a 100644
--- a/exec/totemudp.c
+++ b/exec/totemudp.c
@@ -472,7 +472,7 @@ static int encrypt_and_sign_nss (
 	inbuf = copy_from_iovec(iovec, iov_len, &datalen);
 	if (!inbuf) {
 		log_printf(instance->totemudp_log_level_security, "malloc error copying buffer from iovec\n");
-		return -1;
+		goto out;
 	}
 
 	data = inbuf + sizeof (struct security_header);
@@ -488,6 +488,7 @@ static int encrypt_and_sign_nss (
 		log_printf(instance->totemudp_log_level_security,
 			"Failure to generate a random number %d\n",
 			PR_GetError());
+		goto out;
 	}
 
 	memcpy(header->salt, nss_iv_data, sizeof(nss_iv_data));
@@ -503,7 +504,7 @@ static int encrypt_and_sign_nss (
 			"Failure to set up PKCS11 param (err %d)\n",
 			PR_GetError());
 		free (inbuf);
-		return (-1);
+		goto out;
 	}
 
 	/*
@@ -523,7 +524,7 @@ static int encrypt_and_sign_nss (
 			instance->totem_config->crypto_crypt_type,
 			PR_GetError(), err);
 		free(inbuf);
-		return -1;
+		goto sec_out;
 	}
 	rv1 = PK11_CipherOp(enc_context, outdata,
 			    &tmp1_outlen, FRAME_SIZE_MAX - sizeof(struct security_header),
@@ -537,7 +538,7 @@ static int encrypt_and_sign_nss (
 //	memcpy(&outdata[*buf_len], nss_iv_data, sizeof(nss_iv_data));
 
 	if (rv1 != SECSuccess || rv2 != SECSuccess)
-		goto out;
+		goto sec_out;
 
 	/* Now do the digest */
 	enc_context = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC,
@@ -548,7 +549,7 @@ static int encrypt_and_sign_nss (
 		err[PR_GetErrorTextLength()] = 0;
 		log_printf(instance->totemudp_log_level_security, "encrypt: PK11_CreateContext failed (digest) err %d: %s\n",
 			PR_GetError(), err);
-		return -1;
+		goto sec_out;
 	}
 
 
@@ -560,13 +561,17 @@ static int encrypt_and_sign_nss (
 	PK11_DestroyContext(enc_context, PR_TRUE);
 
 	if (rv1 != SECSuccess || rv2 != SECSuccess)
-		goto out;
+		goto sec_out;
 
 
 	*buf_len = *buf_len + sizeof(struct security_header);
 	SECITEM_FreeItem(nss_sec_param, PR_TRUE);
 	return 0;
 
+sec_out:
+	if (nss_sec_param != NULL) {
+		SECITEM_FreeItem(nss_sec_param, PR_TRUE);
+	}
 out:
 	return -1;
 }
@@ -624,8 +629,7 @@ static int authenticate_and_decrypt_nss (
 		err[PR_GetErrorTextLength()] = 0;
 		log_printf(instance->totemudp_log_level_security, "PK11_CreateContext failed (check digest) err %d: %s\n",
 			PR_GetError(), err);
-		free (inbuf);
-		return -1;
+		goto out;
 	}
 
 	PK11_DigestBegin(enc_context);
@@ -637,12 +641,12 @@ static int authenticate_and_decrypt_nss (
 
 	if (rv1 != SECSuccess || rv2 != SECSuccess) {
 		log_printf(instance->totemudp_log_level_security, "Digest check failed\n");
-		return -1;
+		goto out;
 	}
 
 	if (memcmp(digest, header->hash_digest, tmp2_outlen) != 0) {
 		log_printf(instance->totemudp_log_level_error, "Digest does not match\n");
-		return -1;
+		goto out;
 	}
 
 	/*
@@ -664,7 +668,7 @@ static int authenticate_and_decrypt_nss (
 		log_printf(instance->totemudp_log_level_security,
 			"PK11_CreateContext (decrypt) failed (err %d)\n",
 			PR_GetError());
-		return -1;
+		goto out;
 	}
 
 	rv1 = PK11_CipherOp(enc_context, outdata, &tmp1_outlen,
@@ -689,6 +693,13 @@ static int authenticate_and_decrypt_nss (
 		return -1;
 
 	return 0;
+
+out:
+	if (iov_len > 1 && inbuf != NULL) {
+		free (inbuf);
+	}
+
+	return (-1);
 }
 #endif
 
diff --git a/exec/totemudpu.c b/exec/totemudpu.c
index 548bb22..c276521 100644
--- a/exec/totemudpu.c
+++ b/exec/totemudpu.c
@@ -451,7 +451,7 @@ static int encrypt_and_sign_nss (
 	inbuf = copy_from_iovec(iovec, iov_len, &datalen);
 	if (!inbuf) {
 		log_printf(instance->totemudpu_log_level_security, "malloc error copying buffer from iovec\n");
-		return -1;
+		goto out;
 	}
 
 	data = inbuf + sizeof (struct security_header);
@@ -467,6 +467,7 @@ static int encrypt_and_sign_nss (
 		log_printf(instance->totemudpu_log_level_security,
 			"Failure to generate a random number %d\n",
 			PR_GetError());
+		goto out;
 	}
 
 	memcpy(header->salt, nss_iv_data, sizeof(nss_iv_data));
@@ -482,7 +483,7 @@ static int encrypt_and_sign_nss (
 			"Failure to set up PKCS11 param (err %d)\n",
 			PR_GetError());
 		free (inbuf);
-		return (-1);
+		goto out;
 	}
 
 	/*
@@ -502,7 +503,7 @@ static int encrypt_and_sign_nss (
 			instance->totem_config->crypto_crypt_type,
 			PR_GetError(), err);
 		free(inbuf);
-		return -1;
+		goto sec_out;
 	}
 	rv1 = PK11_CipherOp(enc_context, outdata,
 			    &tmp1_outlen, FRAME_SIZE_MAX - sizeof(struct security_header),
@@ -516,7 +517,7 @@ static int encrypt_and_sign_nss (
 //	memcpy(&outdata[*buf_len], nss_iv_data, sizeof(nss_iv_data));
 
 	if (rv1 != SECSuccess || rv2 != SECSuccess)
-		goto out;
+		goto sec_out;
 
 	/* Now do the digest */
 	enc_context = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC,
@@ -527,7 +528,7 @@ static int encrypt_and_sign_nss (
 		err[PR_GetErrorTextLength()] = 0;
 		log_printf(instance->totemudpu_log_level_security, "encrypt: PK11_CreateContext failed (digest) err %d: %s\n",
 			PR_GetError(), err);
-		return -1;
+		goto sec_out;
 	}
 
 
@@ -539,13 +540,17 @@ static int encrypt_and_sign_nss (
 	PK11_DestroyContext(enc_context, PR_TRUE);
 
 	if (rv1 != SECSuccess || rv2 != SECSuccess)
-		goto out;
+		goto sec_out;
 
 
 	*buf_len = *buf_len + sizeof(struct security_header);
 	SECITEM_FreeItem(nss_sec_param, PR_TRUE);
 	return 0;
 
+sec_out:
+	if (nss_sec_param != NULL) {
+		SECITEM_FreeItem(nss_sec_param, PR_TRUE);
+	}
 out:
 	return -1;
 }
@@ -603,8 +608,7 @@ static int authenticate_and_decrypt_nss (
 		err[PR_GetErrorTextLength()] = 0;
 		log_printf(instance->totemudpu_log_level_security, "PK11_CreateContext failed (check digest) err %d: %s\n",
 			PR_GetError(), err);
-		free (inbuf);
-		return -1;
+		goto out;
 	}
 
 	PK11_DigestBegin(enc_context);
@@ -616,12 +620,12 @@ static int authenticate_and_decrypt_nss (
 
 	if (rv1 != SECSuccess || rv2 != SECSuccess) {
 		log_printf(instance->totemudpu_log_level_security, "Digest check failed\n");
-		return -1;
+		goto out;
 	}
 
 	if (memcmp(digest, header->hash_digest, tmp2_outlen) != 0) {
 		log_printf(instance->totemudpu_log_level_error, "Digest does not match\n");
-		return -1;
+		goto out;
 	}
 
 	/*
@@ -643,7 +647,7 @@ static int authenticate_and_decrypt_nss (
 		log_printf(instance->totemudpu_log_level_security,
 			"PK11_CreateContext (decrypt) failed (err %d)\n",
 			PR_GetError());
-		return -1;
+		goto out;
 	}
 
 	rv1 = PK11_CipherOp(enc_context, outdata, &tmp1_outlen,
@@ -668,6 +672,13 @@ static int authenticate_and_decrypt_nss (
 		return -1;
 
 	return 0;
+
+out:
+	if (iov_len > 1 && inbuf != NULL) {
+		free (inbuf);
+	}
+
+	return (-1);
 }
 #endif
 
-- 
1.7.1

_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss





