upas/fs: fix tlsClient() memory leaks
This commit is contained in:
parent
a8fc4ddc6d
commit
8b7897b57a
|
@ -399,7 +399,6 @@ starttls(Imap *imap, TLSconn *connp)
|
||||||
int sfd;
|
int sfd;
|
||||||
uchar digest[SHA1dlen];
|
uchar digest[SHA1dlen];
|
||||||
|
|
||||||
fmtinstall('H', encodefmt);
|
|
||||||
memset(connp, 0, sizeof *connp);
|
memset(connp, 0, sizeof *connp);
|
||||||
sfd = tlsClient(imap->fd, connp);
|
sfd = tlsClient(imap->fd, connp);
|
||||||
if(sfd < 0) {
|
if(sfd < 0) {
|
||||||
|
@ -414,6 +413,7 @@ starttls(Imap *imap, TLSconn *connp)
|
||||||
sha1(connp->cert, connp->certlen, digest, nil);
|
sha1(connp->cert, connp->certlen, digest, nil);
|
||||||
if(!imap->thumb || !okThumbprint(digest, imap->thumb)){
|
if(!imap->thumb || !okThumbprint(digest, imap->thumb)){
|
||||||
close(sfd);
|
close(sfd);
|
||||||
|
fmtinstall('H', encodefmt);
|
||||||
werrstr("server certificate %.*H not recognized",
|
werrstr("server certificate %.*H not recognized",
|
||||||
SHA1dlen, digest);
|
SHA1dlen, digest);
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -451,10 +451,10 @@ imap4dial(Imap *imap)
|
||||||
|
|
||||||
if(imap->mustssl){
|
if(imap->mustssl){
|
||||||
sfd = starttls(imap, &conn);
|
sfd = starttls(imap, &conn);
|
||||||
if (sfd < 0) {
|
free(conn.cert);
|
||||||
free(conn.cert);
|
free(conn.sessionID);
|
||||||
|
if(sfd < 0)
|
||||||
return imaperrstr(imap->host, port);
|
return imaperrstr(imap->host, port);
|
||||||
}
|
|
||||||
if(imap->debug){
|
if(imap->debug){
|
||||||
char fn[128];
|
char fn[128];
|
||||||
int fd;
|
int fd;
|
||||||
|
@ -463,9 +463,11 @@ imap4dial(Imap *imap)
|
||||||
fd = open(fn, ORDWR);
|
fd = open(fn, ORDWR);
|
||||||
if(fd < 0)
|
if(fd < 0)
|
||||||
fprint(2, "opening ctl: %r\n");
|
fprint(2, "opening ctl: %r\n");
|
||||||
if(fprint(fd, "debug") < 0)
|
else {
|
||||||
fprint(2, "writing ctl: %r\n");
|
if(fprint(fd, "debug") < 0)
|
||||||
close(fd);
|
fprint(2, "writing ctl: %r\n");
|
||||||
|
close(fd);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Binit(&imap->bin, imap->fd, OREAD);
|
Binit(&imap->bin, imap->fd, OREAD);
|
||||||
|
|
|
@ -119,31 +119,39 @@ pop3pushtls(Pop *pop)
|
||||||
int fd;
|
int fd;
|
||||||
uchar digest[SHA1dlen];
|
uchar digest[SHA1dlen];
|
||||||
TLSconn conn;
|
TLSconn conn;
|
||||||
|
char *err;
|
||||||
|
|
||||||
|
err = nil;
|
||||||
memset(&conn, 0, sizeof conn);
|
memset(&conn, 0, sizeof conn);
|
||||||
// conn.trace = pop3log;
|
// conn.trace = pop3log;
|
||||||
fd = tlsClient(pop->fd, &conn);
|
fd = tlsClient(pop->fd, &conn);
|
||||||
if(fd < 0)
|
if(fd < 0){
|
||||||
return "tls error";
|
err = "tls error";
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
if(conn.cert==nil || conn.certlen <= 0){
|
if(conn.cert==nil || conn.certlen <= 0){
|
||||||
close(fd);
|
err = "server did not provide TLS certificate";
|
||||||
return "server did not provide TLS certificate";
|
goto out;
|
||||||
}
|
}
|
||||||
sha1(conn.cert, conn.certlen, digest, nil);
|
sha1(conn.cert, conn.certlen, digest, nil);
|
||||||
if(!pop->thumb || !okThumbprint(digest, pop->thumb)){
|
if(!pop->thumb || !okThumbprint(digest, pop->thumb)){
|
||||||
fmtinstall('H', encodefmt);
|
fmtinstall('H', encodefmt);
|
||||||
close(fd);
|
|
||||||
free(conn.cert);
|
|
||||||
fprint(2, "upas/fs pop3: server certificate %.*H not recognized\n", SHA1dlen, digest);
|
fprint(2, "upas/fs pop3: server certificate %.*H not recognized\n", SHA1dlen, digest);
|
||||||
return "bad server certificate";
|
err = "bad server certificate";
|
||||||
|
goto out;
|
||||||
}
|
}
|
||||||
free(conn.cert);
|
|
||||||
close(pop->fd);
|
close(pop->fd);
|
||||||
pop->fd = fd;
|
pop->fd = fd;
|
||||||
pop->encrypted = 1;
|
pop->encrypted = 1;
|
||||||
Binit(&pop->bin, pop->fd, OREAD);
|
Binit(&pop->bin, pop->fd, OREAD);
|
||||||
Binit(&pop->bout, pop->fd, OWRITE);
|
Binit(&pop->bout, pop->fd, OWRITE);
|
||||||
return nil;
|
fd = -1;
|
||||||
|
out:
|
||||||
|
free(conn.sessionID);
|
||||||
|
free(conn.cert);
|
||||||
|
if(fd >= 0)
|
||||||
|
close(fd);
|
||||||
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
|
|
Loading…
Reference in a new issue