From 44d06888bbe59ddeab768d60a8bc4f7c922071c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Moreau?= Date: Wed, 18 Feb 2015 15:36:57 -0500 Subject: [PATCH] libfreerdp-core: fix BIO leaks --- include/freerdp/crypto/tls.h | 1 + libfreerdp/core/gateway/rpc.c | 12 ------------ libfreerdp/core/gateway/tsg.c | 6 ------ libfreerdp/core/nego.c | 6 +++--- libfreerdp/core/tcp.c | 7 +++---- libfreerdp/core/transport.c | 25 +++++++++++-------------- libfreerdp/crypto/tls.c | 15 +++++++++++---- 7 files changed, 29 insertions(+), 43 deletions(-) diff --git a/include/freerdp/crypto/tls.h b/include/freerdp/crypto/tls.h index 0d03279d7..ce2c354d2 100644 --- a/include/freerdp/crypto/tls.h +++ b/include/freerdp/crypto/tls.h @@ -76,6 +76,7 @@ struct rdp_tls rdpSettings* settings; SecPkgContext_Bindings* Bindings; rdpCertificateStore* certificate_store; + BIO* underlying; char* hostname; int port; int alertLevel; diff --git a/libfreerdp/core/gateway/rpc.c b/libfreerdp/core/gateway/rpc.c index f1ac0e22d..84dcfdff3 100644 --- a/libfreerdp/core/gateway/rpc.c +++ b/libfreerdp/core/gateway/rpc.c @@ -512,12 +512,6 @@ void rpc_in_channel_free(RpcInChannel* inChannel) inChannel->tls = NULL; } - if (inChannel->bio) - { - BIO_free(inChannel->bio); - inChannel->bio = NULL; - } - free(inChannel); } @@ -663,12 +657,6 @@ void rpc_out_channel_free(RpcOutChannel* outChannel) outChannel->tls = NULL; } - if (outChannel->bio) - { - BIO_free(outChannel->bio); - outChannel->bio = NULL; - } - free(outChannel); } diff --git a/libfreerdp/core/gateway/tsg.c b/libfreerdp/core/gateway/tsg.c index 23031947e..68d0c8819 100644 --- a/libfreerdp/core/gateway/tsg.c +++ b/libfreerdp/core/gateway/tsg.c @@ -1867,12 +1867,6 @@ void tsg_free(rdpTsg* tsg) { if (tsg) { - if (tsg->bio) - { - BIO_free(tsg->bio); - tsg->bio = NULL; - } - if (tsg->rpc) { rpc_free(tsg->rpc); diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c index 2f6d4d71b..2041da953 100644 --- a/libfreerdp/core/nego.c +++ b/libfreerdp/core/nego.c @@ -864,11 +864,11 @@ void nego_process_negotiation_failure(rdpNego* nego, wStream* s) switch (failureCode) { case SSL_REQUIRED_BY_SERVER: - WLog_ERR(TAG, "Error: SSL_REQUIRED_BY_SERVER"); + WLog_WARN(TAG, "Error: SSL_REQUIRED_BY_SERVER"); break; case SSL_NOT_ALLOWED_BY_SERVER: - WLog_ERR(TAG, "Error: SSL_NOT_ALLOWED_BY_SERVER"); + WLog_WARN(TAG, "Error: SSL_NOT_ALLOWED_BY_SERVER"); nego->sendNegoData = TRUE; break; @@ -882,7 +882,7 @@ void nego_process_negotiation_failure(rdpNego* nego, wStream* s) break; case HYBRID_REQUIRED_BY_SERVER: - WLog_ERR(TAG, "Error: HYBRID_REQUIRED_BY_SERVER"); + WLog_WARN(TAG, "Error: HYBRID_REQUIRED_BY_SERVER"); break; default: diff --git a/libfreerdp/core/tcp.c b/libfreerdp/core/tcp.c index a6db89f0d..a3ae204bb 100644 --- a/libfreerdp/core/tcp.c +++ b/libfreerdp/core/tcp.c @@ -478,7 +478,6 @@ BIO_METHOD* BIO_s_simple_socket(void) struct _WINPR_BIO_BUFFERED_SOCKET { - BIO* socketBio; BIO* bufferedBio; BOOL readBlocked; BOOL writeBlocked; @@ -657,10 +656,10 @@ static int transport_bio_buffered_free(BIO* bio) { WINPR_BIO_BUFFERED_SOCKET* ptr = (WINPR_BIO_BUFFERED_SOCKET*) bio->ptr; - if (ptr->socketBio) + if (bio->next_bio) { - BIO_free(ptr->socketBio); - ptr->socketBio = NULL; + BIO_free(bio->next_bio); + bio->next_bio = NULL; } ringbuffer_destroy(&ptr->xmitBuffer); diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index be6c0a1e3..2189b0b8c 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -753,24 +753,21 @@ BOOL transport_disconnect(rdpTransport* transport) transport_stop(transport); - if (transport->tsg) + if (transport->tls) { - if (transport->tls) - { - tls_free(transport->tls); - transport->tls = NULL; - } - - tsg_free(transport->tsg); - transport->tsg = NULL; + tls_free(transport->tls); + transport->tls = NULL; } else { - if (transport->tls) - { - tls_free(transport->tls); - transport->tls = NULL; - } + if (transport->frontBio) + BIO_free(transport->frontBio); + } + + if (transport->tsg) + { + tsg_free(transport->tsg); + transport->tsg = NULL; } transport->frontBio = NULL; diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c index 888df587d..4bf69b23f 100644 --- a/libfreerdp/crypto/tls.c +++ b/libfreerdp/crypto/tls.c @@ -576,9 +576,9 @@ out_free: #if defined(__APPLE__) -BOOL tls_prepare(rdpTls* tls, BIO *underlying, SSL_METHOD *method, int options, BOOL clientMode) +BOOL tls_prepare(rdpTls* tls, BIO* underlying, SSL_METHOD* method, int options, BOOL clientMode) #else -BOOL tls_prepare(rdpTls* tls, BIO *underlying, const SSL_METHOD *method, int options, BOOL clientMode) +BOOL tls_prepare(rdpTls* tls, BIO* underlying, const SSL_METHOD* method, int options, BOOL clientMode) #endif { rdpSettings* settings = tls->settings; @@ -614,6 +614,7 @@ BOOL tls_prepare(rdpTls* tls, BIO *underlying, const SSL_METHOD *method, int opt } BIO_push(tls->bio, underlying); + tls->underlying = underlying; return TRUE; } @@ -721,7 +722,7 @@ out: return verify_status; } -int tls_connect(rdpTls* tls, BIO *underlying) +int tls_connect(rdpTls* tls, BIO* underlying) { int options = 0; @@ -760,7 +761,7 @@ int tls_connect(rdpTls* tls, BIO *underlying) return tls_do_handshake(tls, TRUE); } -BOOL tls_accept(rdpTls* tls, BIO *underlying, const char* cert_file, const char* privatekey_file) +BOOL tls_accept(rdpTls* tls, BIO* underlying, const char* cert_file, const char* privatekey_file) { long options = 0; @@ -1273,6 +1274,12 @@ void tls_free(rdpTls* tls) tls->bio = NULL; } + if (tls->underlying) + { + BIO_free(tls->underlying); + tls->underlying = NULL; + } + if (tls->PublicKey) { free(tls->PublicKey);