From 5bde7798e9c90904c0d38c75da1f2ce2d62922af Mon Sep 17 00:00:00 2001 From: est31 Date: Fri, 24 Jul 2015 21:38:40 +0200 Subject: Check output of mpz_set_str and fix leak on error condition Also add static identifier as upstream did --- src/util/sha256.c | 4 ++-- src/util/srp.cpp | 31 +++++++++++++++++++------------ 2 files changed, 21 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/util/sha256.c b/src/util/sha256.c index 311aac4a8..4c2bb71a8 100644 --- a/src/util/sha256.c +++ b/src/util/sha256.c @@ -15,8 +15,8 @@ const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT; /* mem_clr.c */ -unsigned char cleanse_ctr = 0; -void OPENSSL_cleanse(void *ptr, size_t len) +unsigned static char cleanse_ctr = 0; +static void OPENSSL_cleanse(void *ptr, size_t len) { unsigned char *p = ptr; size_t loop = len, ctr = cleanse_ctr; diff --git a/src/util/srp.cpp b/src/util/srp.cpp index 6fafe8280..0d3ddf278 100644 --- a/src/util/srp.cpp +++ b/src/util/srp.cpp @@ -166,6 +166,15 @@ static struct NGHex global_Ng_constants[] = { }; +static void delete_ng(NGConstant *ng) +{ + if (ng) { + mpz_clear(ng->N); + mpz_clear(ng->g); + free(ng); + } +} + static NGConstant *new_ng( SRP_NGType ng_type, const char *n_hex, const char *g_hex ) { NGConstant *ng = (NGConstant *) malloc(sizeof(NGConstant)); @@ -180,21 +189,17 @@ static NGConstant *new_ng( SRP_NGType ng_type, const char *n_hex, const char *g_ g_hex = global_Ng_constants[ ng_type ].g_hex; } - mpz_set_str(ng->N, n_hex, 16); - mpz_set_str(ng->g, g_hex, 16); - - return ng; -} + int rv = 0; + rv = mpz_set_str(ng->N, n_hex, 16); + rv = rv | mpz_set_str(ng->g, g_hex, 16); -static void delete_ng( NGConstant *ng ) -{ - if (ng) { - mpz_clear(ng->N); - mpz_clear(ng->g); - free(ng); + if (rv) { + delete_ng(ng); + return 0; } -} + return ng; +} typedef union @@ -849,6 +854,8 @@ err_exit: mpz_clear(usr->a); mpz_clear(usr->A); mpz_clear(usr->S); + if (usr->ng) + delete_ng(usr->ng); if (usr->username) free(usr->username); if (usr->username_verifier) -- cgit v1.2.3