Re: [Openvpn-devel] Possible memory leaks found by Coverity

[Gert Doering]

Hi,

On Thu, Aug 14, 2014 at 08:00:38AM +, Lev Stipakov wrote:
> I have analyzed OpenVPN code with Coverity and I could not explain
> some resource leaks Coverity has found.
> 
> 1) https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/options.c#L4378
> 
> char * ipv6_local;
> VERIFY_PERMISSION (OPT_P_UP);
> if ( get_ipv6_addr( p[1], NULL, , _local, msglevel ) &&
> ipv6_addr_safe( p[2] ) ) {
>   if ( netbits < 64 || netbits > 124 ) {
> msg( msglevel, "ifconfig-ipv6: /netbits must be between 64 and
> 124, not '/%d'", netbits );
> goto err;
>   }
> 
> Coverity claims that "err" branch leaks "ipv6_local". I looked into
> "get_ipv6_addr" implementation and noticed that it does not pass any
> "gc" to subsequent string_alloc call. To my understanding, in this
> case caller is responsible for cleaning up, which is not the case for
> "err" branch.

This might well be true, but since "err" leads to "program ends, resources
reclaimed" under most conditions, it's not a fairly serious leak...  I'll
still put it on my list for fixing.


> 2) https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/proxy.c#L863
> 
> char *pa = NULL;
> const int method = get_proxy_authenticate(sd, p->options.timeout, ,
> NULL, signal_received);
> if (method != HTTP_AUTH_NONE) {
>   if (pa)
> msg (D_PROXY, "HTTP proxy authenticate '%s'", pa);
> if (p->options.auth_retry == PAR_NCT && method == HTTP_AUTH_BASIC) {
>   msg (D_PROXY, "HTTP proxy: support for basic auth and other
> cleartext proxy auth methods is disabled");
>   goto error;
> }
> 
> Coverity claims that "error" branch leaks "pa". Same pattern as above,
> "get_proxy_authenticate" passes NULL (4th parameter) as "gc" to
> "string_alloc".
> 
> Do those issues look like problems? Does it make sense to submit a
> patch fixing those?

Again, I don't think it's a serious issue - but still, not having leaks
is good practice, so a patch adding the appropriate free() calls would
be welcome :-)

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpSXd7bjR9Bo.pgp
Description: PGP signature

[Openvpn-devel] Possible memory leaks found by Coverity

[Lev Stipakov]

Hello,

I have analyzed OpenVPN code with Coverity and I could not explain
some resource leaks Coverity has found.

1) https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/options.c#L4378

char * ipv6_local;
VERIFY_PERMISSION (OPT_P_UP);
if ( get_ipv6_addr( p[1], NULL, , _local, msglevel ) &&
ipv6_addr_safe( p[2] ) ) {
  if ( netbits < 64 || netbits > 124 ) {
msg( msglevel, "ifconfig-ipv6: /netbits must be between 64 and
124, not '/%d'", netbits );
goto err;
  }

Coverity claims that "err" branch leaks "ipv6_local". I looked into
"get_ipv6_addr" implementation and noticed that it does not pass any
"gc" to subsequent string_alloc call. To my understanding, in this
case caller is responsible for cleaning up, which is not the case for
"err" branch.


2) https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/proxy.c#L863

char *pa = NULL;
const int method = get_proxy_authenticate(sd, p->options.timeout, ,
NULL, signal_received);
if (method != HTTP_AUTH_NONE) {
  if (pa)
msg (D_PROXY, "HTTP proxy authenticate '%s'", pa);
if (p->options.auth_retry == PAR_NCT && method == HTTP_AUTH_BASIC) {
  msg (D_PROXY, "HTTP proxy: support for basic auth and other
cleartext proxy auth methods is disabled");
  goto error;
}

Coverity claims that "error" branch leaks "pa". Same pattern as above,
"get_proxy_authenticate" passes NULL (4th parameter) as "gc" to
"string_alloc".

Do those issues look like problems? Does it make sense to submit a
patch fixing those?

-- 
-Lev