From patchwork Wed Oct 30 10:31:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_FARAULT?= X-Patchwork-Id: 3919 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c09d:b0:5b9:581e:f939 with SMTP id jr29csp837263mab; Wed, 30 Oct 2024 03:47:49 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWcycteIm5bzc7eQDZgm2HHEOIvUHqPtE8Gf09Fgdm83d5EwfJbVFj7dKRjeM2Ma3OswV2/qf+svuw=@openvpn.net X-Google-Smtp-Source: AGHT+IGaIO5MKoss/zL0jSUek19LkqBz5wIY9lo7oGq6TWS4MBlQ1RouwuZbLXT9CmjaDD0HQk8Q X-Received: by 2002:a05:6820:22a8:b0:5d6:ab0:b9a6 with SMTP id 006d021491bc7-5ec54ed1053mr3151543eaf.4.1730285269604; Wed, 30 Oct 2024 03:47:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1730285269; cv=none; d=google.com; s=arc-20240605; b=faqMrmKu4rOxT/vdDdUAoWVOklF8oaIFTNtclA8TeGBJAnfw6IXlo1YwO8CXUmQrp+ oidWPfsqd/nOgE6zCm1EWoYY1e1tTppwkAWC8NSJzNOZzg36ONDjjnmIho6RZo4gHXuV ZPs9u92FTm6AdynohO/7l7nv+ukSwhZgq6XfRDtSaRtX8T0h04Ql23kK9xDo3j5zqi1+ tI1bOJfeGD/D8/n3LZ4QJrb5INUwsFFYrLCdvgft051ZsQpX8ZV4tHm5kTMfQSD/G1Lx RX5bQdKKjsTAHPutPgTsAb0fj35YRzGL1HDyI9vLqZPFMOl2SGp7iXWoYPG3y5/IykLc 8DIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:content-language:accept-language:message-id:date :thread-index:thread-topic:to:dkim-signature:dkim-signature :dkim-signature; bh=bjVf4szdVlPzX20s2ok//YeW45nr3ls4PJ/I/abr4HM=; fh=I37vhZPGuICZbOiKJJ+210MDIMcPcV/kCIo1c3aMqKw=; b=kCuleKgTCK0q13TETJjCGZdyWpPlFI/zshSKsCtl162uYP0xN4jcQbVUZB/wFzw7v8 tsmZneC43XPbmCKWGfMaGg8NLo8gFIu1Pf5sOroGtS9DdscniDHZAlLP6oIV/0rRCC8Q cDCtyIy7cKZygnoUnAFtHKI6CM+anY3Os4ceYAIQSxsoWgNKhyDvc3CWml2sl7AIt7TI CEcTa/zllCo40Wqvw2zY26a4LVqj8rHpDRSEzF/GkHeQMtrO5QSOmoxqI46A/EtBmpJE Jk6YzSop0C+26HD9V0GfZNa8AF9kauTOaif5g6MdsORkUhX5A2DCKb02xnVivl/nOm1X OSrw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ZRkvAeww; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YxHIlkqx; dkim=neutral (body hash did not verify) header.i=@stormshield.eu header.s=signer2 header.b=ZlLlGSlG; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-5ec185c2537si5631102eaf.40.2024.10.30.03.47.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Oct 2024 03:47:49 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ZRkvAeww; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YxHIlkqx; dkim=neutral (body hash did not verify) header.i=@stormshield.eu header.s=signer2 header.b=ZlLlGSlG; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1t66Eg-0006lz-SH; Wed, 30 Oct 2024 10:47:34 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1t66Ee-0006ls-Ma for openvpn-devel@lists.sourceforge.net; Wed, 30 Oct 2024 10:47:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=MIME-Version:Content-Type:Message-ID:Date:Subject: To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=TdMGKvuKqj97+7Bj3zPT8hp/T/QnoRcRgCXfV+TC6+8=; b=ZRkvAewwushZvvTuR/ob32XZ0c KNlLUdT5LzbLtsI5zKPPCVKxQvTBmWf+yc3hbJXy12kPl/YFSzBE2p5APfzqQ99CwmRl1pD236Kle VHP5BiqakPSAqez7BCDwg1nBaQxW0cSD0i+f2bc7n1MUezgKK/ME8uczniF0jcuoTlM8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=MIME-Version:Content-Type:Message-ID:Date:Subject:To:From:Sender:Reply-To :Cc:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=TdMGKvuKqj97+7Bj3zPT8hp/T/QnoRcRgCXfV+TC6+8=; b=Y xHIlkqxClJvYRo+zirqkZ5165cOsYoacD5Ix5DfqcweQZgnyBhONX4FzNLsNmkv0IxXHLw64oOYvJ Zw2MPK9UxIsF+UmV/ibp+pmrLjEswe26xYdbw22h3IB6Bj0NrJr6jm7Xd+on3fOEu2ACD/QnHrro5 pKL4c15MEXI5Vzfs=; Received: from mail.stormshield.eu ([91.212.116.25]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1t66Ed-0003HZ-SS for openvpn-devel@lists.sourceforge.net; Wed, 30 Oct 2024 10:47:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stormshield.eu; s=signer2; t=1730284318; h=From:Subject:Date:Message-ID:To:MIME-Version :Content-Type; bh=TdMGKvuKqj97+7Bj3zPT8hp/T/QnoRcRgCXfV+TC6+8=; b=ZlLlGSl GqxHOS9Wll6XM7jO0CdyD33OiqOOXZhuqMrYfC0SP6Z2EKVgq+NmeW4xyNNJNtkGG/k0iizUv gdf4/QeX8guPNc0AJbA330wW0nLswDNiITPillI1GUzGMlS1nRWjNCGw06diCsM61mM2QMygp ByYfWdz2WmGP6aBFJKgPSYynF1DmT03Nm79KLWtMWYTf7MrjHa3Ali21+kstA/NVzcvoJy80h B5clMeiFcID0dRBqb0xw/waySayjQksTv6IBP7h1JqmSrrKa3nk1d4mgqB0Pd8Wn6DWzjYnlj a0Y4e+E6/xehQ9zAdLzSh7YBqs8WQD0r/XTqq5nIeaQ==; To: "openvpn-devel@lists.sourceforge.net" Thread-Topic: [PATCH] Add calls to nvlist_destroy to avoid leaks Thread-Index: AQHbKrbuYuLpP5hSokCKvAl6QB9YRg== Date: Wed, 30 Oct 2024 10:31:57 +0000 Message-ID: Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: yes X-MS-TNEF-Correlator: MIME-Version: 1.0 X-DKIM-Signer: DkimX (v3.60.360) X-Spam-Score: -0.1 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From 67100f57634b1b59c2ec8c294fccabda8fb7d893 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?R=C3=A9mi_Farault?= Date: Tue, 29 Oct 2024 12:06:35 +0100 Subject: [PATCH v1] Add [...] Content analysis details: (-0.1 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX X-Headers-End: 1t66Ed-0003HZ-SS Subject: [Openvpn-devel] [PATCH] Add calls to nvlist_destroy to avoid leaks X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: =?iso-8859-1?q?R=E9mi_FARAULT?= via Openvpn-devel From: =?utf-8?q?R=C3=A9mi_FARAULT?= Reply-To: =?iso-8859-1?q?R=E9mi_FARAULT?= Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1814335606841185714?= X-GMAIL-MSGID: =?utf-8?q?1814335606841185714?= From 67100f57634b1b59c2ec8c294fccabda8fb7d893 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Farault?= Date: Tue, 29 Oct 2024 12:06:35 +0100 Subject: [PATCH v1] Add calls to nvlist_destroy to avoid leaks --- src/openvpn/dco_freebsd.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index c92e42a1..55f0ab1d 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -78,7 +78,7 @@ dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd, struct in_addr *vpn_ipv4, struct in6_addr *vpn_ipv6) { struct ifdrv drv; - nvlist_t *nvl; + nvlist_t *nvl, *local_nvl, *remote_nvl; int ret; nvl = nvlist_create(0); @@ -87,12 +87,14 @@ dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd, if (localaddr) { - nvlist_add_nvlist(nvl, "local", sockaddr_to_nvlist(localaddr)); + local_nvl = sockaddr_to_nvlist(localaddr); + nvlist_add_nvlist(nvl, "local", local_nvl); } if (remoteaddr) { - nvlist_add_nvlist(nvl, "remote", sockaddr_to_nvlist(remoteaddr)); + remote_nvl = sockaddr_to_nvlist(remoteaddr); + nvlist_add_nvlist(nvl, "remote", remove_nvl); } if (vpn_ipv4) @@ -121,6 +123,14 @@ dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd, } free(drv.ifd_data); + if (localaddr) + { + nvlist_destroy(local_nvl); + } + if (remoteaddr) + { + nvlist_destroy(remote_nvl); + } nvlist_destroy(nvl); return ret; @@ -418,7 +428,7 @@ dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, const char *ciphername) { struct ifdrv drv; - nvlist_t *nvl; + nvlist_t *nvl, *encrypt_nvl, *decrypt_nvl; int ret; msg(D_DCO_DEBUG, "%s: slot %d, key-id %d, peer-id %d, cipher %s", @@ -430,10 +440,11 @@ dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, nvlist_add_number(nvl, "keyid", keyid); nvlist_add_number(nvl, "peerid", peerid); - nvlist_add_nvlist(nvl, "encrypt", - key_to_nvlist(encrypt_key, encrypt_iv, ciphername)); - nvlist_add_nvlist(nvl, "decrypt", - key_to_nvlist(decrypt_key, decrypt_iv, ciphername)); + encrypt_nvl = key_to_nvlist(encrypt_key, encrypt_iv, ciphername); + decrypt_nvl = key_to_nvlist(decrypt_key, decrypt_iv, ciphername); + + nvlist_add_nvlist(nvl, "encrypt", encrypt_nvl); + nvlist_add_nvlist(nvl, "decrypt", decrypt_nvl); CLEAR(drv); snprintf(drv.ifd_name, IFNAMSIZ, "%s", dco->ifname); @@ -451,6 +462,8 @@ dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, } free(drv.ifd_data); + nvlist_destroy(encrypt_nvl); + nvlist_destroy(decrypt_nvl); nvlist_destroy(nvl); return ret; @@ -750,6 +763,7 @@ retry: if (!nvlist_exists_nvlist_array(nvl, "peers")) { /* no peers */ + nvlist_destroy(nvl); return 0; } @@ -762,6 +776,7 @@ retry: dco_update_peer_stat(m, peerid, nvlist_get_nvlist(peer, "bytes")); } + nvlist_destroy(nvl); return 0; } -- 2.25.1