Re: [Openvpn-devel] Possible memory leaks found by Coverity

Thu, 14 Aug 2014 08:07:36 +0000 

Hi,

On Thu, Aug 14, 2014 at 08:00:38AM +0000, Lev Stipakov wrote:
> I have analyzed OpenVPN code with Coverity and I could not explain
> some resource leaks Coverity has found.
> 
> 1) https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/options.c#L4378
> 
> char * ipv6_local;
> VERIFY_PERMISSION (OPT_P_UP);
> if ( get_ipv6_addr( p[1], NULL, &netbits, &ipv6_local, msglevel ) &&
> ipv6_addr_safe( p[2] ) ) {
>   if ( netbits < 64 || netbits > 124 ) {
>     msg( msglevel, "ifconfig-ipv6: /netbits must be between 64 and
> 124, not '/%d'", netbits );
>     goto err;
>   }
> 
> Coverity claims that "err" branch leaks "ipv6_local". I looked into
> "get_ipv6_addr" implementation and noticed that it does not pass any
> "gc" to subsequent string_alloc call. To my understanding, in this
> case caller is responsible for cleaning up, which is not the case for
> "err" branch.

This might well be true, but since "err" leads to "program ends, resources
reclaimed" under most conditions, it's not a fairly serious leak...  I'll
still put it on my list for fixing.


> 2) https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/proxy.c#L863
> 
> char *pa = NULL;
> const int method = get_proxy_authenticate(sd, p->options.timeout, &pa,
> NULL, signal_received);
> if (method != HTTP_AUTH_NONE) {
>   if (pa)
>     msg (D_PROXY, "HTTP proxy authenticate '%s'", pa);
>     if (p->options.auth_retry == PAR_NCT && method == HTTP_AUTH_BASIC) {
>       msg (D_PROXY, "HTTP proxy: support for basic auth and other
> cleartext proxy auth methods is disabled");
>       goto error;
>     }
> 
> Coverity claims that "error" branch leaks "pa". Same pattern as above,
> "get_proxy_authenticate" passes NULL (4th parameter) as "gc" to
> "string_alloc".
> 
> Do those issues look like problems? Does it make sense to submit a
> patch fixing those?

Again, I don't think it's a serious issue - but still, not having leaks
is good practice, so a patch adding the appropriate free() calls would
be welcome :-)

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: pgpSXd7bjR9Bo.pgp
Description: PGP signature

Reply via email to