[Patches] [CVS] Module ircu2.10: Change committed

Entrope Sun, 07 Nov 2004 13:12:06 -0800

Committer  : entrope
CVSROOT    : /cvsroot/undernet-ircu
Module     : ircu2.10
Commit time: 2004-11-07 21:05:09 UTC


Modified files:
     ircd/m_oper.c ircd/ircd_crypt_smd5.c ircd/ircd_crypt.c
     ircd/engine_epoll.c include/ircd_crypt.h ChangeLog

Log message:

Fix memory leaks from ircd_crypt and epoll support.

---------------------- diff included ----------------------
Index: ircu2.10/ChangeLog
diff -u ircu2.10/ChangeLog:1.504 ircu2.10/ChangeLog:1.505
--- ircu2.10/ChangeLog:1.504    Sun Nov  7 12:57:50 2004
+++ ircu2.10/ChangeLog  Sun Nov  7 13:04:59 2004
@@ -1,5 +1,20 @@
 2004-11-07  Michael Poole <[EMAIL PROTECTED]>
 
+       * include/ircd_crypt.h (ircd_crypt): This should return char*, not
+       const char*, since it does not own the returned pointer.
+
+       * ircd/ircd_crypt.c (ircd_crypt): Change return type.
+
+       * ircd/ircd_crypt_smd5.c (irc_crypt_smd5): Make passwd a static
+       field since it is returned but this function must own the buffer.
+
+       * ircd/m_oper.c (oper_password_match): Free the string returned by
+       ircd_crypt().
+
+       * ircd/engine_epoll.c (engine_loop): Fix a memory leak.
+
+2004-11-07  Michael Poole <[EMAIL PROTECTED]>
+
        * acinclude.m4: Look for a 64-bit integer type.
 
        * configure.in: Look for inttypes.h, since some systems have that
Index: ircu2.10/include/ircd_crypt.h
diff -u ircu2.10/include/ircd_crypt.h:1.2 ircu2.10/include/ircd_crypt.h:1.3
--- ircu2.10/include/ircd_crypt.h:1.2   Mon Oct  4 21:21:37 2004
+++ ircu2.10/include/ircd_crypt.h       Sun Nov  7 13:04:58 2004
@@ -18,7 +18,7 @@
  */
 /** @file
  * @brief Core password encryption and hashing APIs.
- * @version $Id: ircd_crypt.h,v 1.2 2004/10/05 04:21:37 entrope Exp $
+ * @version $Id: ircd_crypt.h,v 1.3 2004/11/07 21:04:58 entrope Exp $
  */
 #ifndef INCLUDED_ircd_crypt_h
 #define INCLUDED_ircd_crypt_h
@@ -59,7 +59,7 @@
 
 /* exported functions */
 extern void ircd_crypt_init(void);
-extern const char* ircd_crypt(const char* key, const char* salt);
+extern char* ircd_crypt(const char* key, const char* salt);
 extern int ircd_crypt_register_mech(crypt_mech_t* mechanism);
 extern int ircd_crypt_unregister_mech(crypt_mech_t* mechanism);
 
Index: ircu2.10/ircd/engine_epoll.c
diff -u ircu2.10/ircd/engine_epoll.c:1.5 ircu2.10/ircd/engine_epoll.c:1.6
--- ircu2.10/ircd/engine_epoll.c:1.5    Fri Oct 22 19:24:27 2004
+++ ircu2.10/ircd/engine_epoll.c        Sun Nov  7 13:04:58 2004
@@ -18,7 +18,7 @@
  */
 /** @file
  * @brief Linux epoll_*() event engine.
- * @version $Id: engine_epoll.c,v 1.5 2004/10/23 02:24:27 entrope Exp $
+ * @version $Id: engine_epoll.c,v 1.6 2004/11/07 21:04:58 entrope Exp $
  */
 #include "config.h"
 
@@ -314,6 +314,7 @@
     }
     timer_run();
   }
+  MyFree(events);
 }
 
 /** Descriptor for dpoll event engine. */
Index: ircu2.10/ircd/ircd_crypt.c
diff -u ircu2.10/ircd/ircd_crypt.c:1.3 ircu2.10/ircd/ircd_crypt.c:1.4
--- ircu2.10/ircd/ircd_crypt.c:1.3      Wed Sep 29 19:42:17 2004
+++ ircu2.10/ircd/ircd_crypt.c  Sun Nov  7 13:04:58 2004
@@ -21,7 +21,7 @@
 /**
  * @file
  * @brief Core password encryption routines.
- * @version $Id: ircd_crypt.c,v 1.3 2004/09/30 02:42:17 entrope Exp $
+ * @version $Id: ircd_crypt.c,v 1.4 2004/11/07 21:04:58 entrope Exp $
  * 
  * This is a new look crypto API for ircu, it can handle different
  * password formats by the grace of magic tokens at the begining of the 
@@ -121,13 +121,13 @@
 /** Wrapper for generating a hashed password passed on the supplied password
  * @param key Pointer to the password we want crypted
  * @param salt Pointer to the password we're comparing to (for the salt)
- * @return Pointer to the generated password.
- *  
+ * @return Pointer to the generated password (must be MyFree()'d).
+ *
  * This is a wrapper function which attempts to establish the password
- * format and funnel it off to the correct mechanism handler function.  The 
+ * format and funnel it off to the correct mechanism handler function.  The
  * returned password is compared in the oper_password_match() routine.
 */
-const char* ircd_crypt(const char* key, const char* salt)
+char* ircd_crypt(const char* key, const char* salt)
 {
 char *hashed_pass = NULL;
 const char *temp_hashed_pass, *mysalt;
Index: ircu2.10/ircd/ircd_crypt_smd5.c
diff -u ircu2.10/ircd/ircd_crypt_smd5.c:1.4 ircu2.10/ircd/ircd_crypt_smd5.c:1.5
--- ircu2.10/ircd/ircd_crypt_smd5.c:1.4 Tue Oct  5 15:51:47 2004
+++ ircu2.10/ircd/ircd_crypt_smd5.c     Sun Nov  7 13:04:58 2004
@@ -20,7 +20,7 @@
 /** 
  * @file
  * @brief Routines for Salted MD5 passwords
- * @version $Id: ircd_crypt_smd5.c,v 1.4 2004/10/05 22:51:47 entrope Exp $
+ * @version $Id: ircd_crypt_smd5.c,v 1.5 2004/11/07 21:04:58 entrope Exp $
  * 
  * ircd_crypt_smd5 is largely taken from md5_crypt.c from the Linux PAM 
  * source code.  it's been modified to fit in with ircu and some of the 
@@ -83,7 +83,8 @@
 const char* ircd_crypt_smd5(const char* key, const char* salt)
 {
 const char *magic = "$1$";
-char *passwd, *p;
+static char passwd[120];
+char *p;
 const char *sp, *ep;
 unsigned char final[16];
 int sl, pl, i, j;
@@ -99,11 +100,6 @@
  /* Refine the Salt first */
  ep = sp = salt;
 
- if(NULL == (passwd = (char *)MyMalloc(120)))
-  return NULL;
-
- memset(passwd, 0, 120);
-
  for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
   continue;
 
@@ -140,9 +136,8 @@
   else
    MD5Update(&ctx, (unsigned const char *)key+j, 1);
 
- /* Now make the output string
- strcpy(passwd, magic);
- strncat(passwd, sp, sl); */
+ /* Now make the output string. */
+ memset(passwd, 0, 120);
  strncpy(passwd, sp, sl);
  strcat(passwd, "$");
 
Index: ircu2.10/ircd/m_oper.c
diff -u ircu2.10/ircd/m_oper.c:1.22 ircu2.10/ircd/m_oper.c:1.23
--- ircu2.10/ircd/m_oper.c:1.22 Sun Oct 17 20:15:00 2004
+++ ircu2.10/ircd/m_oper.c      Sun Nov  7 13:04:58 2004
@@ -20,7 +20,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  *
- * $Id: m_oper.c,v 1.22 2004/10/18 03:15:00 entrope Exp $
+ * $Id: m_oper.c,v 1.23 2004/11/07 21:04:58 entrope Exp $
  */
 
 /*
@@ -84,6 +84,7 @@
 #include "client.h"
 #include "hash.h"
 #include "ircd.h"
+#include "ircd_alloc.h"
 #include "ircd_features.h"
 #include "ircd_log.h"
 #include "ircd_reply.h"
@@ -105,6 +106,8 @@
 
 int oper_password_match(const char* to_match, const char* passwd)
 {
+  char *crypted;
+  int res;
   /*
    * use first two chars of the password they send in as salt
    *
@@ -116,12 +119,13 @@
   /* we no longer do a CRYPT_OPER_PASSWORD check because a clear 
      text passwords just handled by a fallback mechanism called 
      crypt_clear if it's enabled -- hikari */
-  to_match = ircd_crypt(to_match, passwd);
+  crypted = ircd_crypt(to_match, passwd);
 
   if (to_match == NULL)
    return 0;
-  else
-   return (0 == strcmp(to_match, passwd));
+  res = strcmp(crypted, passwd);
+  MyFree(crypted);
+  return 0 == res;
 }
 
 /*
----------------------- End of diff -----------------------

[Patches] [CVS] Module ircu2.10: Change committed

Reply via email to