diff options
author | est31 <MTest31@outlook.com> | 2015-07-24 21:38:40 +0200 |
---|---|---|
committer | est31 <MTest31@outlook.com> | 2015-07-24 22:42:54 +0200 |
commit | 5bde7798e9c90904c0d38c75da1f2ce2d62922af (patch) | |
tree | caaf2b8a12f832ad64fad2f4bbdadc12a40af8b8 | |
parent | aab7c83d0229c2c7aa3b60de3ca1b1a4eb326b55 (diff) | |
download | minetest-5bde7798e9c90904c0d38c75da1f2ce2d62922af.tar.gz minetest-5bde7798e9c90904c0d38c75da1f2ce2d62922af.tar.bz2 minetest-5bde7798e9c90904c0d38c75da1f2ce2d62922af.zip |
Check output of mpz_set_str and fix leak on error condition
Also add static identifier as upstream did
-rw-r--r-- | src/util/sha256.c | 4 | ||||
-rw-r--r-- | src/util/srp.cpp | 31 |
2 files changed, 21 insertions, 14 deletions
diff --git a/src/util/sha256.c b/src/util/sha256.c index 311aac4a8..4c2bb71a8 100644 --- a/src/util/sha256.c +++ b/src/util/sha256.c @@ -15,8 +15,8 @@ const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT; /* mem_clr.c */ -unsigned char cleanse_ctr = 0; -void OPENSSL_cleanse(void *ptr, size_t len) +unsigned static char cleanse_ctr = 0; +static void OPENSSL_cleanse(void *ptr, size_t len) { unsigned char *p = ptr; size_t loop = len, ctr = cleanse_ctr; diff --git a/src/util/srp.cpp b/src/util/srp.cpp index 6fafe8280..0d3ddf278 100644 --- a/src/util/srp.cpp +++ b/src/util/srp.cpp @@ -166,6 +166,15 @@ static struct NGHex global_Ng_constants[] = { }; +static void delete_ng(NGConstant *ng) +{ + if (ng) { + mpz_clear(ng->N); + mpz_clear(ng->g); + free(ng); + } +} + static NGConstant *new_ng( SRP_NGType ng_type, const char *n_hex, const char *g_hex ) { NGConstant *ng = (NGConstant *) malloc(sizeof(NGConstant)); @@ -180,21 +189,17 @@ static NGConstant *new_ng( SRP_NGType ng_type, const char *n_hex, const char *g_ g_hex = global_Ng_constants[ ng_type ].g_hex; } - mpz_set_str(ng->N, n_hex, 16); - mpz_set_str(ng->g, g_hex, 16); - - return ng; -} + int rv = 0; + rv = mpz_set_str(ng->N, n_hex, 16); + rv = rv | mpz_set_str(ng->g, g_hex, 16); -static void delete_ng( NGConstant *ng ) -{ - if (ng) { - mpz_clear(ng->N); - mpz_clear(ng->g); - free(ng); + if (rv) { + delete_ng(ng); + return 0; } -} + return ng; +} typedef union @@ -849,6 +854,8 @@ err_exit: mpz_clear(usr->a); mpz_clear(usr->A); mpz_clear(usr->S); + if (usr->ng) + delete_ng(usr->ng); if (usr->username) free(usr->username); if (usr->username_verifier) |