Re: [Openvpn-devel] [PATCH] sample-plugins: Fix memleak in client-connect example plugin

Mon, 15 May 2023 09:35:59 -0700 

Hi,

On Mon, May 15, 2023 at 05:53:39PM +0200, Frank Lichtenheld wrote:
> I was looking for memleaks in the code and found
> this one with cppcheck. Only an example, but no
> need to leave this bug in it.
> 
> Also fix fortify problem in keying-material-exporter-demo
> so I can actually test the compilation of the sample
> plugins.
> 
> Change-Id: Ibd1b282afc4a28768be3f165f84ab60ca4d24a9b
> Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
> ---
>  .../sample-plugins/client-connect/sample-client-connect.c   | 6 ++++++
>  .../keying-material-exporter-demo/keyingmaterialexporter.c  | 2 +-
>  2 files changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/sample/sample-plugins/client-connect/sample-client-connect.c 
> b/sample/sample-plugins/client-connect/sample-client-connect.c
> index 391de344..eb242126 100644
> --- a/sample/sample-plugins/client-connect/sample-client-connect.c
> +++ b/sample/sample-plugins/client-connect/sample-client-connect.c
> @@ -454,6 +454,9 @@ openvpn_plugin_client_connect_v2(struct plugin_context 
> *context,
>      if (!rl->name || !rl->value)
>      {
>          plugin_log(PLOG_ERR, MODULE, "malloc(return_list->xx) failed");
> +        free(rl->name);
> +        free(rl->value);
> +        free(rl);

ACK on that part..

> @@ -155,7 +155,7 @@ session_user_set(struct session *sess, X509 *x509)
>  
>          if (!strncasecmp(objbuf, "CN", 2))
>          {
> -            snprintf(sess->user, sizeof(sess->user) - 1, (char *)buf);
> +            snprintf(sess->user, sizeof(sess->user) - 1, "%s", (char *)buf);
>          }

... but adding "%s" to something that shouldn't have been an snprintf()
in the first place feels wrong.  Don't we have strncpy() or something
for "copy a string over to a limited buffer, and null-terminate"?

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             g...@greenie.muc.de

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to