Cleaned up location of init and free for some programs to prevent memory
leaks on incorrect arguments
diff --git a/programs/hash/md5sum.c b/programs/hash/md5sum.c
index d614aa1..7429650 100644
--- a/programs/hash/md5sum.c
+++ b/programs/hash/md5sum.c
@@ -132,6 +132,8 @@
n = sizeof( line );
}
+ fclose( f );
+
if( nb_err1 != 0 )
{
printf( "WARNING: %d (out of %d) input files could "
diff --git a/programs/hash/sha1sum.c b/programs/hash/sha1sum.c
index ff0514a..bd3fd6e 100644
--- a/programs/hash/sha1sum.c
+++ b/programs/hash/sha1sum.c
@@ -132,6 +132,8 @@
n = sizeof( line );
}
+ fclose( f );
+
if( nb_err1 != 0 )
{
printf( "WARNING: %d (out of %d) input files could "
diff --git a/programs/hash/sha2sum.c b/programs/hash/sha2sum.c
index c3f1a0d..2e6884d 100644
--- a/programs/hash/sha2sum.c
+++ b/programs/hash/sha2sum.c
@@ -132,6 +132,8 @@
n = sizeof( line );
}
+ fclose( f );
+
if( nb_err1 != 0 )
{
printf( "WARNING: %d (out of %d) input files could "
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 2d729df..66450b6 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -272,7 +272,9 @@
exit:
- net_close( server_fd );
+ if( server_fd != -1 )
+ net_close( server_fd );
+
rsa_free( &rsa );
dhm_free( &dhm );
entropy_free( &entropy );
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 1f9d730..6d6e35a 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -65,6 +65,7 @@
((void) argv);
mpi_init( &G ); mpi_init( &P ); mpi_init( &Q );
+ entropy_init( &entropy );
if( ( ret = mpi_read_string( &G, 10, GENERATOR ) ) != 0 )
{
@@ -84,7 +85,6 @@
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 245f6f0..eb417da 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -273,7 +273,9 @@
exit:
- net_close( client_fd );
+ if( client_fd != -1 )
+ net_close( client_fd );
+
rsa_free( &rsa );
dhm_free( &dhm );
entropy_free( &entropy );
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 9f060b7..43ae6e1 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -146,9 +146,12 @@
return( -1 );
if( fwrite( c, 1, len, f ) != len )
+ {
+ fclose( f );
return( -1 );
+ }
- fclose(f);
+ fclose( f );
return( 0 );
}
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 4cf489b..269ddbd 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -104,9 +104,12 @@
return( -1 );
if( fwrite( c, 1, len, f ) != len )
+ {
+ fclose( f );
return( -1 );
+ }
- fclose(f);
+ fclose( f );
return( 0 );
}
@@ -140,9 +143,12 @@
return( -1 );
if( fwrite( c, 1, len, f ) != len )
+ {
+ fclose( f );
return( -1 );
+ }
- fclose(f);
+ fclose( f );
return( 0 );
}
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 67ac0b4..4adb753 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -58,7 +58,7 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret;
+ int ret = 1;
pk_context pk;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
@@ -68,7 +68,8 @@
const char *pers = "pk_sign";
size_t olen = 0;
- ret = 1;
+ entropy_init( &entropy );
+ pk_init( &pk );
if( argc != 3 )
{
@@ -84,7 +85,6 @@
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
@@ -96,8 +96,6 @@
printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
- pk_init( &pk );
-
if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
ret = 1;
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index a188eb9..f2664a6 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -54,14 +54,15 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret;
+ int ret = 1;
size_t i;
pk_context pk;
unsigned char hash[20];
unsigned char buf[POLARSSL_MPI_MAX_SIZE];
char filename[512];
- ret = 1;
+ pk_init( &pk );
+
if( argc != 3 )
{
printf( "usage: pk_verify <key_file> <filename>\n" );
@@ -76,8 +77,6 @@
printf( "\n . Reading public key from '%s'", argv[1] );
fflush( stdout );
- pk_init( &pk );
-
if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{
printf( " failed\n ! pk_parse_public_keyfile returned -0x%04x\n", -ret );
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 7e8ac4a..de33a6e 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -58,7 +58,7 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret;
+ int ret = 1;
pk_context pk;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
@@ -68,7 +68,8 @@
const char *pers = "rsa_sign_pss";
size_t olen = 0;
- ret = 1;
+ entropy_init( &entropy );
+ pk_init( &pk );
if( argc != 3 )
{
@@ -84,7 +85,6 @@
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
@@ -96,8 +96,6 @@
printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
- pk_init( &pk );
-
if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
ret = 1;
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index b41bcf8..0969a5a 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -55,14 +55,15 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret;
+ int ret = 1;
size_t i;
pk_context pk;
unsigned char hash[20];
unsigned char buf[POLARSSL_MPI_MAX_SIZE];
char filename[512];
- ret = 1;
+ pk_init( &pk );
+
if( argc != 3 )
{
printf( "usage: rsa_verify_pss <key_file> <filename>\n" );
@@ -77,8 +78,6 @@
printf( "\n . Reading public key from '%s'", argv[1] );
fflush( stdout );
- pk_init( &pk );
-
if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{
printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 11e04f3..270bb62 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -277,8 +277,10 @@
}
#endif
+ if( server_fd != -1 )
+ net_close( server_fd );
+
x509_crt_free( &cacert );
- net_close( server_fd );
ssl_free( &ssl );
entropy_free( &entropy );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 3d2c02c..7c8c3dc 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -108,6 +108,12 @@
((void) argc);
((void) argv);
+ memset( &ssl, 0, sizeof(ssl_context) );
+
+ entropy_init( &entropy );
+ pk_init( &pkey );
+ x509_crt_init( &srvcert );
+
signal( SIGCHLD, SIG_IGN );
/*
@@ -116,7 +122,6 @@
printf( "\n . Initial seeding of the random generator..." );
fflush( stdout );
- entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
@@ -133,8 +138,6 @@
printf( " . Loading the server cert. and key..." );
fflush( stdout );
- x509_crt_init( &srvcert );
-
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509_crt_parse_file() to read the
@@ -156,7 +159,6 @@
goto exit;
}
- pk_init( &pkey );
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
@@ -246,7 +248,7 @@
printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
goto exit;
}
-
+
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
@@ -360,7 +362,9 @@
exit:
- net_close( client_fd );
+ if( client_fd != -1 )
+ net_close( client_fd );
+
x509_crt_free( &srvcert );
pk_free( &pkey );
ssl_free( &ssl );
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 7d46aac..49c3965 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -100,9 +100,13 @@
((void) argc);
((void) argv);
+ memset( &ssl, 0, sizeof(ssl_context) );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
#endif
+ x509_crt_init( &srvcert );
+ pk_init( &pkey );
+ entropy_init( &entropy );
/*
* 1. Load the certificates and private RSA key
@@ -110,8 +114,6 @@
printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
- x509_crt_init( &srvcert );
-
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509_crt_parse_file() to read the
@@ -133,7 +135,6 @@
goto exit;
}
- pk_init( &pkey );
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
@@ -164,7 +165,6 @@
printf( " . Seeding the random number generator..." );
fflush( stdout );
- entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
@@ -352,7 +352,9 @@
}
#endif
- net_close( client_fd );
+ if( client_fd != -1 )
+ net_close( client_fd );
+
x509_crt_free( &srvcert );
pk_free( &pkey );
ssl_free( &ssl );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 758188b..ae9f738 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -339,30 +339,44 @@
if( ( new->cert = polarssl_malloc( sizeof( x509_crt ) ) ) == NULL ||
( new->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
- return( NULL );
+ {
+ cur = NULL;
+ goto exit;
+ }
x509_crt_init( new->cert );
pk_init( new->key );
new->name = p;
- while( *p != ',' ) if( ++p > end ) return( NULL );
+ while( *p != ',' ) if( ++p > end ) { cur = NULL; goto exit; }
*p++ = '\0';
crt_file = p;
- while( *p != ',' ) if( ++p > end ) return( NULL );
+ while( *p != ',' ) if( ++p > end ) { cur = NULL; goto exit; }
*p++ = '\0';
key_file = p;
- while( *p != ',' ) if( ++p > end ) return( NULL );
+ while( *p != ',' ) if( ++p > end ) { cur = NULL; goto exit; }
*p++ = '\0';
if( x509_crt_parse_file( new->cert, crt_file ) != 0 ||
pk_parse_keyfile( new->key, key_file, "" ) != 0 )
- return( NULL );
+ {
+ cur = NULL;
+ goto exit;
+ }
new->next = cur;
cur = new;
+ new = NULL;
+ }
+exit:
+ if( new != NULL )
+ {
+ x509_crt_free( new->cert);
+ pk_free( new->key );
+ polarssl_free( new );
}
return( cur );
@@ -1345,7 +1359,9 @@
}
#endif
- net_close( client_fd );
+ if( client_fd != -1 )
+ net_close( client_fd );
+
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt_free( &cacert );
x509_crt_free( &srvcert );
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index ea73d50..79bab94 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -167,7 +167,11 @@
ret = 1;
+ memset( &ssl, 0, sizeof(ssl_context) );
entropy_init( &entropy );
+ x509_crt_init( &srvcert );
+ pk_init( &pkey );
+
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
@@ -183,8 +187,6 @@
memset( read_state, 0, sizeof( read_state ) );
memset( write_state, 0, sizeof( write_state ) );
- x509_crt_init( &srvcert );
- pk_init( &pkey );
if( opt->opmode == OPMODE_CLIENT )
{
@@ -198,7 +200,7 @@
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " ! ssl_init returned %d\n\n", ret );
- return( ret );
+ goto exit;
}
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
@@ -408,7 +410,9 @@
pk_free( &pkey );
ssl_free( &ssl );
entropy_free( &entropy );
- net_close( client_fd );
+
+ if( client_fd != -1 )
+ net_close( client_fd );
return( ret );
}
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index c738b4a..f56cae8 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -89,9 +89,12 @@
return( -1 );
if( fwrite( output_buf, 1, len, f ) != len )
+ {
+ fclose( f );
return( -1 );
+ }
- fclose(f);
+ fclose( f );
return( 0 );
}
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 952d17c..b4fc450 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -113,9 +113,12 @@
return( -1 );
if( fwrite( output_buf, 1, len, f ) != len )
+ {
+ fclose( f );
return( -1 );
+ }
- fclose(f);
+ fclose( f );
return( 0 );
}