TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 0c226106937df932b6d5960139a2884c1ed2b632^! / . / programs / ssl
commit0c226106937df932b6d5960139a2884c1ed2b632[log] [tgz]
authorPaul Bakker <p.j.bakker@polarssl.org>Thu Apr 17 16:02:36 2014 +0200
committerPaul Bakker <p.j.bakker@polarssl.org>Thu Apr 17 16:02:36 2014 +0200
treeaab0b60e963e2fe304c9b8155e66611b89b12495
parentcbe3d0d5cc78d1a6367a628028c108111e9b2320 [diff]
Cleaned up location of init and free for some programs to prevent memory
leaks on incorrect arguments

diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 11e04f3..270bb62 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c

@@ -277,8 +277,10 @@
     }
 #endif
 
+    if( server_fd != -1 )
+        net_close( server_fd );
+
     x509_crt_free( &cacert );
-    net_close( server_fd );
     ssl_free( &ssl );
     entropy_free( &entropy );
 

diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 3d2c02c..7c8c3dc 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c

@@ -108,6 +108,12 @@
     ((void) argc);
     ((void) argv);
 
+    memset( &ssl, 0, sizeof(ssl_context) );
+
+    entropy_init( &entropy );
+    pk_init( &pkey );
+    x509_crt_init( &srvcert );
+
     signal( SIGCHLD, SIG_IGN );
 
     /*
@@ -116,7 +122,6 @@
     printf( "\n  . Initial seeding of the random generator..." );
     fflush( stdout );
 
-    entropy_init( &entropy );
     if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
                                (const unsigned char *) pers,
                                strlen( pers ) ) ) != 0 )
@@ -133,8 +138,6 @@
     printf( "  . Loading the server cert. and key..." );
     fflush( stdout );
 
-    x509_crt_init( &srvcert );
-
     /*
      * This demonstration program uses embedded test certificates.
      * Instead, you may want to use x509_crt_parse_file() to read the
@@ -156,7 +159,6 @@
         goto exit;
     }
 
-    pk_init( &pkey );
     ret =  pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
                           strlen( test_srv_key ), NULL, 0 );
     if( ret != 0 )
@@ -246,7 +248,7 @@
             printf( " failed\n  ! ctr_drbg_reseed returned %d\n", ret );
             goto exit;
         }
-        
+
         if( ( ret = ssl_init( &ssl ) ) != 0 )
         {
             printf( " failed\n  ! ssl_init returned %d\n\n", ret );
@@ -360,7 +362,9 @@
 
 exit:
 
-    net_close( client_fd );
+    if( client_fd != -1 )
+        net_close( client_fd );
+
     x509_crt_free( &srvcert );
     pk_free( &pkey );
     ssl_free( &ssl );

diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 7d46aac..49c3965 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c

@@ -100,9 +100,13 @@
     ((void) argc);
     ((void) argv);
 
+    memset( &ssl, 0, sizeof(ssl_context) );
 #if defined(POLARSSL_SSL_CACHE_C)
     ssl_cache_init( &cache );
 #endif
+    x509_crt_init( &srvcert );
+    pk_init( &pkey );
+    entropy_init( &entropy );
 
     /*
      * 1. Load the certificates and private RSA key
@@ -110,8 +114,6 @@
     printf( "\n  . Loading the server cert. and key..." );
     fflush( stdout );
 
-    x509_crt_init( &srvcert );
-
     /*
      * This demonstration program uses embedded test certificates.
      * Instead, you may want to use x509_crt_parse_file() to read the
@@ -133,7 +135,6 @@
         goto exit;
     }
 
-    pk_init( &pkey );
     ret =  pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
                          strlen( test_srv_key ), NULL, 0 );
     if( ret != 0 )
@@ -164,7 +165,6 @@
     printf( "  . Seeding the random number generator..." );
     fflush( stdout );
 
-    entropy_init( &entropy );
     if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
                                (const unsigned char *) pers,
                                strlen( pers ) ) ) != 0 )
@@ -352,7 +352,9 @@
     }
 #endif
 
-    net_close( client_fd );
+    if( client_fd != -1 )
+        net_close( client_fd );
+
     x509_crt_free( &srvcert );
     pk_free( &pkey );
     ssl_free( &ssl );

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 758188b..ae9f738 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -339,30 +339,44 @@
 
         if( ( new->cert = polarssl_malloc( sizeof( x509_crt ) ) ) == NULL ||
             ( new->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
-            return( NULL );
+        {
+            cur = NULL;
+            goto exit;
+        }
 
         x509_crt_init( new->cert );
         pk_init( new->key );
 
         new->name = p;
-        while( *p != ',' ) if( ++p > end ) return( NULL );
+        while( *p != ',' ) if( ++p > end ) { cur = NULL; goto exit; }
         *p++ = '\0';
 
         crt_file = p;
-        while( *p != ',' ) if( ++p > end ) return( NULL );
+        while( *p != ',' ) if( ++p > end ) { cur = NULL; goto exit; }
         *p++ = '\0';
 
         key_file = p;
-        while( *p != ',' ) if( ++p > end ) return( NULL );
+        while( *p != ',' ) if( ++p > end ) { cur = NULL; goto exit; }
         *p++ = '\0';
 
         if( x509_crt_parse_file( new->cert, crt_file ) != 0 ||
             pk_parse_keyfile( new->key, key_file, "" ) != 0 )
-            return( NULL );
+        {
+            cur = NULL;
+            goto exit;
+        }
 
         new->next = cur;
         cur = new;
+        new = NULL;
+    }
 
+exit:
+    if( new != NULL )
+    {
+        x509_crt_free( new->cert);
+        pk_free( new->key );
+        polarssl_free( new );
     }
 
     return( cur );
@@ -1345,7 +1359,9 @@
     }
 #endif
 
-    net_close( client_fd );
+    if( client_fd != -1 )
+        net_close( client_fd );
+
 #if defined(POLARSSL_X509_CRT_PARSE_C)
     x509_crt_free( &cacert );
     x509_crt_free( &srvcert );