Please review and give me a short feedback before I push them.
0001
fix memory leak in openssl.c (not freeing X509_NAME_oneline() output) and
replaces X509_NAME_oneline() by a RFC 2253 compliant output.
From the docs:
"The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions
which produce a non standard output form, they don't handle
multi character fields and have various quirks and inconsistencies.
Their use is strongly discouraged in new applications."0002 always set fd to -1 after closing in macro CLOSE_FINISH 0003 replaced fd_close by CLOSE_INVALIDATE at two places 0004 fixed a memory leak in http.c / gethttp Tim
From d2804ddd7a3ef6fd5ab9694e0074341a193d7949 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim Rühsen?= <[email protected]> Date: Wed, 29 Oct 2014 16:36:18 +0100 Subject: [PATCH 1/4] fix memory leak in openssl.c --- src/ChangeLog | 10 ++++++++++ src/openssl.c | 34 +++++++++++++++++++++++++++++----- 2 files changed, 39 insertions(+), 5 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index f8c37cc..4bcf5c3 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,13 @@ +2014-10-29 Tim Ruehsen <[email protected]> + + * openssl.c: print cert subject and issuer RFC2253 compliant + * openssl.c (ssl_check_certificate): removed memory leak + +2014-10-28 Tim Ruehsen <[email protected]> + + * utils.c: added strlcpy(), concat_strings() rewritten + * utils.h: added strlcpy() + 2014-10-28 Tim Ruehsen <[email protected]> * ftp.c (ftp_loop_internal): Fix memory leak diff --git a/src/openssl.c b/src/openssl.c index e24954a..49d508e 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -40,6 +40,7 @@ as that of the covered work. */ #include <openssl/x509v3.h> #include <openssl/err.h> #include <openssl/rand.h> +#include <openssl/bio.h> #if OPENSSL_VERSION_NUMBER >= 0x00907000 #include <openssl/conf.h> #endif @@ -570,6 +571,27 @@ pattern_match (const char *pattern, const char *string) return *n == '\0'; } +char *_get_rfc2253_formatted (X509_NAME *name) +{ + int len; + char *out = NULL; + BIO* b; + + if ((b = BIO_new (BIO_s_mem ()))) + { + if (X509_NAME_print_ex (b, name, 0, XN_FLAG_RFC2253) >= 0 + && (len = BIO_number_written (b)) > 0) + { + out = xmalloc (len + 1); + BIO_read (b, out, len); + out[len] = 0; + } + BIO_free (b); + } + + return out ? out : xstrdup(""); +} + /* Verify the validity of the certificate presented by the server. Also check that the "common name" of the server, as presented by its certificate, corresponds to HOST. (HOST typically comes from @@ -613,23 +635,25 @@ ssl_check_certificate (int fd, const char *host) IF_DEBUG { - char *subject = X509_NAME_oneline (X509_get_subject_name (cert), 0, 0); - char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0); + char *subject = _get_rfc2253_formatted (X509_get_subject_name (cert)); + char *issuer = _get_rfc2253_formatted (X509_get_issuer_name (cert)); DEBUGP (("certificate:\n subject: %s\n issuer: %s\n", quotearg_n_style (0, escape_quoting_style, subject), quotearg_n_style (1, escape_quoting_style, issuer))); - OPENSSL_free (subject); - OPENSSL_free (issuer); + xfree (subject); + xfree (issuer); } vresult = SSL_get_verify_result (conn); if (vresult != X509_V_OK) { - char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0); + char *issuer = _get_rfc2253_formatted (X509_get_issuer_name (cert)); logprintf (LOG_NOTQUIET, _("%s: cannot verify %s's certificate, issued by %s:\n"), severity, quotearg_n_style (0, escape_quoting_style, host), quote_n (1, issuer)); + xfree(issuer); + /* Try to print more user-friendly (and translated) messages for the frequent verification errors. */ switch (vresult) -- 2.1.1
From a817c80bf30e17258823abe03d24904107481c29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim Rühsen?= <[email protected]> Date: Wed, 29 Oct 2014 16:46:11 +0100 Subject: [PATCH 2/4] always set fd invalid after close --- src/ChangeLog | 4 ++++ src/http.c | 4 +--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 4bcf5c3..cbcd39c 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2014-10-29 Tim Ruehsen <[email protected]> + * http.c (CLOSE_FINISH): always set fd invalid after close + +2014-10-29 Tim Ruehsen <[email protected]> + * openssl.c: print cert subject and issuer RFC2253 compliant * openssl.c (ssl_check_certificate): removed memory leak diff --git a/src/http.c b/src/http.c index 5ac69d0..c092471 100644 --- a/src/http.c +++ b/src/http.c @@ -1428,10 +1428,8 @@ persistent_available_p (const char *host, int port, bool ssl, if (pconn_active && (fd) == pconn.socket) \ invalidate_persistent (); \ else \ - { \ fd_close (fd); \ - fd = -1; \ - } \ + fd = -1; \ } \ } while (0) -- 2.1.1
From 6fa3a48d13006c5753fe83cd944744df805ed380 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim Rühsen?= <[email protected]> Date: Wed, 29 Oct 2014 16:51:05 +0100 Subject: [PATCH 3/4] use CLOSE_INVALIDATE instead of fd_close --- src/ChangeLog | 4 ++++ src/http.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index cbcd39c..9212471 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2014-10-29 Tim Ruehsen <[email protected]> + * http.c (gethttp): use CLOSE_INVALIDATE instead of fd_close + +2014-10-29 Tim Ruehsen <[email protected]> + * http.c (CLOSE_FINISH): always set fd invalid after close 2014-10-29 Tim Ruehsen <[email protected]> diff --git a/src/http.c b/src/http.c index c092471..591180d 100644 --- a/src/http.c +++ b/src/http.c @@ -2095,13 +2095,13 @@ gethttp (struct url *u, struct http_stat *hs, int *dt, struct url *proxy, { if (!ssl_connect_wget (sock, u->host)) { - fd_close (sock); + CLOSE_INVALIDATE (sock); request_free (req); return CONSSLERR; } else if (!ssl_check_certificate (sock, u->host)) { - fd_close (sock); + CLOSE_INVALIDATE (sock); request_free (req); return VERIFCERTERR; } -- 2.1.1
From 3f7695b290a40f6eb228d314908d6774052a0e2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim Rühsen?= <[email protected]> Date: Wed, 29 Oct 2014 16:53:16 +0100 Subject: [PATCH 4/4] fix memory leak --- src/ChangeLog | 4 ++++ src/http.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/src/ChangeLog b/src/ChangeLog index 9212471..b38f001 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2014-10-29 Tim Ruehsen <[email protected]> + * http.c (gethttp): fix memory leak + +2014-10-29 Tim Ruehsen <[email protected]> + * http.c (gethttp): use CLOSE_INVALIDATE instead of fd_close 2014-10-29 Tim Ruehsen <[email protected]> diff --git a/src/http.c b/src/http.c index 591180d..844f800 100644 --- a/src/http.c +++ b/src/http.c @@ -2071,6 +2071,7 @@ gethttp (struct url *u, struct http_stat *hs, int *dt, struct url *proxy, request_free (req); return HERR; } + xfree_null(hs->message); hs->message = xstrdup (message); resp_free (resp); xfree (head); @@ -2249,6 +2250,7 @@ read_header: goto read_header; } + xfree_null(hs->message); hs->message = xstrdup (message); if (!opt.server_response) logprintf (LOG_VERBOSE, "%2d %s\n", statcode, @@ -2423,6 +2425,7 @@ read_header: xfree (head); xfree (auth_stat); xfree (hs->message); + hs->message = NULL; goto retry_with_auth; } else @@ -3415,6 +3418,7 @@ Remote file exists.\n\n")); count = 0; /* the retrieve count for HEAD is reset */ xfree_null (hstat.message); xfree_null (hstat.error); + hstat.message = NULL; continue; } /* send_head_first */ } /* !got_head */ -- 2.1.1
signature.asc
Description: This is a digitally signed message part.
