Fix potential memory leaks and crashes.
This commit is contained in:
Jan Vidar Krey
parent
f4e82ef503
commit
00995a1946
@ -26,8 +26,7 @@
|
|||||||
uhub_assert(X->capacity); \
|
uhub_assert(X->capacity); \
|
||||||
uhub_assert(X->length); \
|
uhub_assert(X->length); \
|
||||||
uhub_assert(X->length <= X->capacity); \
|
uhub_assert(X->length <= X->capacity); \
|
||||||
uhub_assert(X->length == strlen(X->cache)); \
|
uhub_assert(X->length == strlen(X->cache));
|
||||||
uhub_assert(X->references >= 0);
|
|
||||||
#else
|
#else
|
||||||
#define ADC_MSG_ASSERT(X) do { } while(0)
|
#define ADC_MSG_ASSERT(X) do { } while(0)
|
||||||
#endif /* DEBUG */
|
#endif /* DEBUG */
|
||||||
@ -111,12 +110,12 @@ static int adc_msg_grow(struct adc_message* msg, size_t size)
|
|||||||
|
|
||||||
if (msg->capacity > size)
|
if (msg->capacity > size)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
/* Make sure we align our data */
|
/* Make sure we align our data */
|
||||||
newsize = size;
|
newsize = size;
|
||||||
newsize += 2; /* termination */
|
newsize += 2; /* termination */
|
||||||
newsize += (newsize % sizeof(size_t)); /* alignment padding */
|
newsize += (newsize % sizeof(size_t)); /* alignment padding */
|
||||||
|
|
||||||
buf = msg_malloc_zero(newsize);
|
buf = msg_malloc_zero(newsize);
|
||||||
if (!buf)
|
if (!buf)
|
||||||
return 0;
|
return 0;
|
||||||
@ -126,7 +125,7 @@ static int adc_msg_grow(struct adc_message* msg, size_t size)
|
|||||||
memcpy(buf, msg->cache, msg->length);
|
memcpy(buf, msg->cache, msg->length);
|
||||||
msg_free(msg->cache);
|
msg_free(msg->cache);
|
||||||
}
|
}
|
||||||
|
|
||||||
msg->cache = buf;
|
msg->cache = buf;
|
||||||
msg->capacity = newsize;
|
msg->capacity = newsize;
|
||||||
|
|
||||||
@ -144,7 +143,7 @@ static int adc_msg_cache_append(struct adc_message* msg, const char* string, siz
|
|||||||
|
|
||||||
memcpy(&msg->cache[msg->length], string, len);
|
memcpy(&msg->cache[msg->length], string, len);
|
||||||
adc_msg_set_length(msg, msg->length + len);
|
adc_msg_set_length(msg, msg->length + len);
|
||||||
|
|
||||||
assert(msg->capacity > msg->length);
|
assert(msg->capacity > msg->length);
|
||||||
msg->cache[msg->length] = 0;
|
msg->cache[msg->length] = 0;
|
||||||
return 1;
|
return 1;
|
||||||
@ -777,16 +776,15 @@ char* adc_msg_get_argument(struct adc_message* cmd, int offset)
|
|||||||
char* end;
|
char* end;
|
||||||
char* argument;
|
char* argument;
|
||||||
int count = 0;
|
int count = 0;
|
||||||
|
|
||||||
ADC_MSG_ASSERT(cmd);
|
ADC_MSG_ASSERT(cmd);
|
||||||
|
|
||||||
adc_msg_unterminate(cmd);
|
adc_msg_unterminate(cmd);
|
||||||
|
|
||||||
start = strchr(&cmd->cache[adc_msg_get_arg_offset(cmd)-1], ' ');
|
start = strchr(&cmd->cache[adc_msg_get_arg_offset(cmd)-1], ' ');
|
||||||
while (start)
|
while (start)
|
||||||
{
|
{
|
||||||
end = strchr(&start[1], ' ');
|
end = strchr(&start[1], ' ');
|
||||||
|
|
||||||
if (count == offset)
|
if (count == offset)
|
||||||
{
|
{
|
||||||
if (end)
|
if (end)
|
||||||
@ -796,21 +794,27 @@ char* adc_msg_get_argument(struct adc_message* cmd, int offset)
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
argument = hub_strdup(&start[1]);
|
argument = hub_strdup(&start[1]);
|
||||||
if (argument[strlen(argument)-1] == '\n')
|
if (argument && argument[strlen(argument)-1] == '\n')
|
||||||
argument[strlen(argument)-1] = 0;
|
argument[strlen(argument)-1] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!argument)
|
||||||
|
return 0; // FIXME: OOM
|
||||||
|
|
||||||
if (*argument)
|
if (*argument)
|
||||||
{
|
{
|
||||||
adc_msg_terminate(cmd);
|
adc_msg_terminate(cmd);
|
||||||
return argument;
|
return argument;
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
hub_free(argument);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
count++;
|
count++;
|
||||||
start = end;
|
start = end;
|
||||||
}
|
}
|
||||||
|
|
||||||
adc_msg_terminate(cmd);
|
adc_msg_terminate(cmd);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -88,10 +88,18 @@ struct sid_pool
|
|||||||
struct sid_pool* sid_pool_create(sid_t max)
|
struct sid_pool* sid_pool_create(sid_t max)
|
||||||
{
|
{
|
||||||
struct sid_pool* pool = hub_malloc(sizeof(struct sid_pool));
|
struct sid_pool* pool = hub_malloc(sizeof(struct sid_pool));
|
||||||
|
if (!pool)
|
||||||
|
return 0;
|
||||||
|
|
||||||
pool->min = 1;
|
pool->min = 1;
|
||||||
pool->max = max + 1;
|
pool->max = max + 1;
|
||||||
pool->count = 0;
|
pool->count = 0;
|
||||||
pool->map = hub_malloc_zero(sizeof(struct hub_user*) * pool->max);
|
pool->map = hub_malloc_zero(sizeof(struct hub_user*) * pool->max);
|
||||||
|
if (!pool->map)
|
||||||
|
{
|
||||||
|
hub_free(pool);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
pool->map[0] = (struct hub_user*) pool; /* hack to reserve the first sid. */
|
pool->map[0] = (struct hub_user*) pool; /* hack to reserve the first sid. */
|
||||||
|
|
||||||
#ifdef DEBUG_SID
|
#ifdef DEBUG_SID
|
||||||
|
|||||||
@ -355,25 +355,46 @@ int acl_is_user_denied(struct acl_handle* handle, const char* data)
|
|||||||
|
|
||||||
int acl_user_ban_nick(struct acl_handle* handle, const char* nick)
|
int acl_user_ban_nick(struct acl_handle* handle, const char* nick)
|
||||||
{
|
{
|
||||||
|
char* data = 0;
|
||||||
struct hub_user_access_info* info = hub_malloc_zero(sizeof(struct hub_user_access_info));
|
struct hub_user_access_info* info = hub_malloc_zero(sizeof(struct hub_user_access_info));
|
||||||
|
|
||||||
if (!info)
|
if (!info)
|
||||||
{
|
{
|
||||||
LOG_ERROR("ACL error: Out of memory!");
|
LOG_ERROR("ACL error: Out of memory!");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
list_append(handle->users_banned, hub_strdup(nick));
|
|
||||||
|
data = hub_strdup(nick);
|
||||||
|
if (!data)
|
||||||
|
{
|
||||||
|
LOG_ERROR("ACL error: Out of memory!");
|
||||||
|
hub_free(info);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
list_append(handle->users_banned, data);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int acl_user_ban_cid(struct acl_handle* handle, const char* cid)
|
int acl_user_ban_cid(struct acl_handle* handle, const char* cid)
|
||||||
{
|
{
|
||||||
|
char* data;
|
||||||
struct hub_user_access_info* info = hub_malloc_zero(sizeof(struct hub_user_access_info));
|
struct hub_user_access_info* info = hub_malloc_zero(sizeof(struct hub_user_access_info));
|
||||||
if (!info)
|
if (!info)
|
||||||
{
|
{
|
||||||
LOG_ERROR("ACL error: Out of memory!");
|
LOG_ERROR("ACL error: Out of memory!");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
list_append(handle->cids, hub_strdup(cid));
|
|
||||||
|
data = hub_strdup(cid);
|
||||||
|
if (!data)
|
||||||
|
{
|
||||||
|
LOG_ERROR("ACL error: Out of memory!");
|
||||||
|
hub_free(info);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
list_append(handle->cids, data);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -431,12 +452,12 @@ int acl_is_ip_nat_override(struct acl_handle* handle, const char* ip_address)
|
|||||||
*/
|
*/
|
||||||
const char* acl_password_generate_challenge(struct acl_handle* acl, struct hub_user* user)
|
const char* acl_password_generate_challenge(struct acl_handle* acl, struct hub_user* user)
|
||||||
{
|
{
|
||||||
char buf[32];
|
char buf[64];
|
||||||
uint64_t tiger_res[3];
|
uint64_t tiger_res[3];
|
||||||
static char tiger_buf[MAX_CID_LEN+1];
|
static char tiger_buf[MAX_CID_LEN+1];
|
||||||
|
|
||||||
// FIXME: Generate a better nonce scheme.
|
// FIXME: Generate a better nonce scheme.
|
||||||
snprintf(buf, 32, "%p%d%d", user, (int) user->id.sid, (int) user->connection->sd);
|
snprintf(buf, 64, "%p%d%d", user, (int) user->id.sid, (int) user->connection->sd);
|
||||||
|
|
||||||
tiger((uint64_t*) buf, strlen(buf), (uint64_t*) tiger_res);
|
tiger((uint64_t*) buf, strlen(buf), (uint64_t*) tiger_res);
|
||||||
base32_encode((unsigned char*) tiger_res, TIGERSIZE, tiger_buf);
|
base32_encode((unsigned char*) tiger_res, TIGERSIZE, tiger_buf);
|
||||||
|
|||||||
@ -77,7 +77,7 @@ static struct hub_command* command_create(const char* message)
|
|||||||
}
|
}
|
||||||
|
|
||||||
char* prefix = list_get_first(cmd->args);
|
char* prefix = list_get_first(cmd->args);
|
||||||
if (prefix[0] && prefix[1])
|
if (prefix && prefix[0] && prefix[1])
|
||||||
{
|
{
|
||||||
cmd->prefix = hub_strdup(&prefix[1]);
|
cmd->prefix = hub_strdup(&prefix[1]);
|
||||||
cmd->prefix_len = strlen(cmd->prefix);
|
cmd->prefix_len = strlen(cmd->prefix);
|
||||||
@ -235,6 +235,9 @@ static int command_uptime(struct hub_info* hub, struct hub_user* user, struct hu
|
|||||||
static int command_kick(struct hub_info* hub, struct hub_user* user, struct hub_command* cmd)
|
static int command_kick(struct hub_info* hub, struct hub_user* user, struct hub_command* cmd)
|
||||||
{
|
{
|
||||||
char* nick = list_get_first(cmd->args);
|
char* nick = list_get_first(cmd->args);
|
||||||
|
if (!nick)
|
||||||
|
return -1; // FIXME: bad syntax.
|
||||||
|
|
||||||
struct hub_user* target = uman_get_user_by_nick(hub, nick);
|
struct hub_user* target = uman_get_user_by_nick(hub, nick);
|
||||||
|
|
||||||
if (!target)
|
if (!target)
|
||||||
@ -250,6 +253,9 @@ static int command_kick(struct hub_info* hub, struct hub_user* user, struct hub_
|
|||||||
static int command_ban(struct hub_info* hub, struct hub_user* user, struct hub_command* cmd)
|
static int command_ban(struct hub_info* hub, struct hub_user* user, struct hub_command* cmd)
|
||||||
{
|
{
|
||||||
char* nick = list_get_first(cmd->args);
|
char* nick = list_get_first(cmd->args);
|
||||||
|
if (!nick)
|
||||||
|
return -1; // FIXME: bad syntax.
|
||||||
|
|
||||||
struct hub_user* target = uman_get_user_by_nick(hub, nick);
|
struct hub_user* target = uman_get_user_by_nick(hub, nick);
|
||||||
|
|
||||||
if (!target)
|
if (!target)
|
||||||
@ -299,6 +305,9 @@ static int command_getip(struct hub_info* hub, struct hub_user* user, struct hub
|
|||||||
char tmp[128];
|
char tmp[128];
|
||||||
|
|
||||||
char* nick = list_get_first(cmd->args);
|
char* nick = list_get_first(cmd->args);
|
||||||
|
if (!nick);
|
||||||
|
return -1; // FIXME: bad syntax/OOM
|
||||||
|
|
||||||
struct hub_user* target = uman_get_user_by_nick(hub, nick);
|
struct hub_user* target = uman_get_user_by_nick(hub, nick);
|
||||||
|
|
||||||
if (!target)
|
if (!target)
|
||||||
@ -316,11 +325,17 @@ static int command_whoip(struct hub_info* hub, struct hub_user* user, struct hub
|
|||||||
struct hub_user* u;
|
struct hub_user* u;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
|
if (!address)
|
||||||
|
return -1; // FIXME: bad syntax.
|
||||||
|
|
||||||
ret = ip_convert_address_to_range(address, &range);
|
ret = ip_convert_address_to_range(address, &range);
|
||||||
if (!ret)
|
if (!ret)
|
||||||
return command_status(hub, user, cmd, "Invalid IP address/range/mask");
|
return command_status(hub, user, cmd, "Invalid IP address/range/mask");
|
||||||
|
|
||||||
users = (struct linked_list*) list_create();
|
users = (struct linked_list*) list_create();
|
||||||
|
if (!users)
|
||||||
|
return -1; // FIXME: OOM
|
||||||
|
|
||||||
ret = uman_get_user_by_addr(hub, users, &range);
|
ret = uman_get_user_by_addr(hub, users, &range);
|
||||||
|
|
||||||
if (!ret)
|
if (!ret)
|
||||||
@ -333,6 +348,12 @@ static int command_whoip(struct hub_info* hub, struct hub_user* user, struct hub
|
|||||||
snprintf(tmp, 128, "*** %s: Found %d match%s:", cmd->prefix, ret, ((ret != 1) ? "es" : ""));
|
snprintf(tmp, 128, "*** %s: Found %d match%s:", cmd->prefix, ret, ((ret != 1) ? "es" : ""));
|
||||||
|
|
||||||
char* buffer = hub_malloc(((MAX_NICK_LEN + INET6_ADDRSTRLEN + 5) * ret) + strlen(tmp) + 3);
|
char* buffer = hub_malloc(((MAX_NICK_LEN + INET6_ADDRSTRLEN + 5) * ret) + strlen(tmp) + 3);
|
||||||
|
if (!buffer)
|
||||||
|
{
|
||||||
|
list_destroy(users);
|
||||||
|
return -1; // FIXME: OOM
|
||||||
|
}
|
||||||
|
|
||||||
buffer[0] = 0;
|
buffer[0] = 0;
|
||||||
strcat(buffer, tmp);
|
strcat(buffer, tmp);
|
||||||
strcat(buffer, "\n");
|
strcat(buffer, "\n");
|
||||||
@ -350,6 +371,7 @@ static int command_whoip(struct hub_info* hub, struct hub_user* user, struct hub
|
|||||||
|
|
||||||
send_message(hub, user, buffer);
|
send_message(hub, user, buffer);
|
||||||
hub_free(buffer);
|
hub_free(buffer);
|
||||||
|
list_destroy(users);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -102,6 +102,7 @@ int hub_handle_support(struct hub_info* hub, struct hub_user* u, struct adc_mess
|
|||||||
if (hub->status == hub_status_disabled && u->state == state_protocol)
|
if (hub->status == hub_status_disabled && u->state == state_protocol)
|
||||||
{
|
{
|
||||||
on_login_failure(hub, u, status_msg_hub_disabled);
|
on_login_failure(hub, u, status_msg_hub_disabled);
|
||||||
|
hub_free(arg);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -46,8 +46,11 @@ static int set_feature_cast_supports(struct hub_user* u, struct adc_message* cmd
|
|||||||
if (adc_msg_has_named_argument(cmd, ADC_INF_FLAG_SUPPORT))
|
if (adc_msg_has_named_argument(cmd, ADC_INF_FLAG_SUPPORT))
|
||||||
{
|
{
|
||||||
tmp = adc_msg_get_named_argument(cmd, ADC_INF_FLAG_SUPPORT);
|
tmp = adc_msg_get_named_argument(cmd, ADC_INF_FLAG_SUPPORT);
|
||||||
|
if (!tmp)
|
||||||
|
return -1; // FIXME: OOM
|
||||||
|
|
||||||
user_clear_feature_cast_support(u);
|
user_clear_feature_cast_support(u);
|
||||||
|
|
||||||
it = tmp;
|
it = tmp;
|
||||||
while (strlen(it) > 4)
|
while (strlen(it) > 4)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -111,7 +111,6 @@ int handle_net_read(struct hub_user* user)
|
|||||||
if (hub_handle_message(g_hub, user, start, (pos - start)) == -1)
|
if (hub_handle_message(g_hub, user, start, (pos - start)) == -1)
|
||||||
{
|
{
|
||||||
return quit_protocol_error;
|
return quit_protocol_error;
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -86,7 +86,7 @@ static inline int check_send_queue(struct hub_info* hub, struct hub_user* user,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (user->send_queue->size > get_max_send_queue_soft(hub) && msg->priority < 0)
|
if (user->send_queue->size > get_max_send_queue_soft(hub))
|
||||||
{
|
{
|
||||||
LOG_WARN("send queue soft overflowed.");
|
LOG_WARN("send queue soft overflowed.");
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@ -101,9 +101,10 @@ int uman_init(struct hub_info* hub)
|
|||||||
if (!users->list)
|
if (!users->list)
|
||||||
{
|
{
|
||||||
list_destroy(users->list);
|
list_destroy(users->list);
|
||||||
|
hub_free(users);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
hub->users = users;
|
hub->users = users;
|
||||||
|
|
||||||
#ifdef USERMANAGER_TIMER
|
#ifdef USERMANAGER_TIMER
|
||||||
|
|||||||
@ -303,7 +303,7 @@ int net_close(int fd)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (fd != -1)
|
if (ret != -1)
|
||||||
{
|
{
|
||||||
net_stats_add_error();
|
net_stats_add_error();
|
||||||
}
|
}
|
||||||
@ -474,6 +474,7 @@ int net_socket_create(int af, int type, int protocol)
|
|||||||
if (sd == -1)
|
if (sd == -1)
|
||||||
{
|
{
|
||||||
net_error_out(sd, "net_socket_create");
|
net_error_out(sd, "net_socket_create");
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SOCK_DUAL_STACK_OPT
|
#ifdef SOCK_DUAL_STACK_OPT
|
||||||
|
|||||||
@ -54,6 +54,11 @@ void list_clear(struct linked_list* list, void (*free_handle)(void* ptr))
|
|||||||
void list_append(struct linked_list* list, void* data_ptr)
|
void list_append(struct linked_list* list, void* data_ptr)
|
||||||
{
|
{
|
||||||
struct node* new_node = (struct node*) hub_malloc_zero(sizeof(struct node));
|
struct node* new_node = (struct node*) hub_malloc_zero(sizeof(struct node));
|
||||||
|
if (!new_node)
|
||||||
|
{
|
||||||
|
LOG_FATAL("Unable to allocate memory");
|
||||||
|
return;
|
||||||
|
}
|
||||||
new_node->ptr = data_ptr;
|
new_node->ptr = data_ptr;
|
||||||
|
|
||||||
if (list->last)
|
if (list->last)
|
||||||
|
|||||||
@ -47,10 +47,13 @@ extern uint64_t tiger_sboxes[4*256];
|
|||||||
ROUND(b, c, a, x7, mul)
|
ROUND(b, c, a, x7, mul)
|
||||||
|
|
||||||
void tiger_compress(uint64_t* str, uint64_t state[3]) {
|
void tiger_compress(uint64_t* str, uint64_t state[3]) {
|
||||||
uint64_t a, b, c, swap;
|
uint64_t a, b, c;
|
||||||
uint64_t x0, x1, x2, x3, x4, x5, x6, x7;
|
uint64_t x0, x1, x2, x3, x4, x5, x6, x7;
|
||||||
uint64_t aa, bb, cc;
|
uint64_t aa, bb, cc;
|
||||||
|
#if PASSES > 3
|
||||||
|
uint64_t swap;
|
||||||
size_t pass_no;
|
size_t pass_no;
|
||||||
|
#endif
|
||||||
a = state[0];
|
a = state[0];
|
||||||
b = state[1];
|
b = state[1];
|
||||||
c = state[2];
|
c = state[2];
|
||||||
@ -107,7 +110,8 @@ void tiger_compress(uint64_t* str, uint64_t state[3]) {
|
|||||||
x7 -= x6 ^ 0x0123456789ABCDEFULL;
|
x7 -= x6 ^ 0x0123456789ABCDEFULL;
|
||||||
|
|
||||||
PASS(b, c, a, 9);
|
PASS(b, c, a, 9);
|
||||||
|
|
||||||
|
#if PASSES > 3
|
||||||
for (pass_no = 3; pass_no < PASSES; pass_no++)
|
for (pass_no = 3; pass_no < PASSES; pass_no++)
|
||||||
{
|
{
|
||||||
x0 -= x7 ^ 0xA5A5A5A5A5A5A5A5ULL;
|
x0 -= x7 ^ 0xA5A5A5A5A5A5A5A5ULL;
|
||||||
@ -134,7 +138,8 @@ void tiger_compress(uint64_t* str, uint64_t state[3]) {
|
|||||||
c = b;
|
c = b;
|
||||||
b = swap;
|
b = swap;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
a ^= aa;
|
a ^= aa;
|
||||||
b -= bb;
|
b -= bb;
|
||||||
c += cc;
|
c += cc;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user