From patchwork Tue Nov 5 09:04:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_FARAULT?= X-Patchwork-Id: 3923 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:3a0b:b0:5b9:581e:f939 with SMTP id v11csp2582305man; Tue, 5 Nov 2024 01:04:51 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWd7qIhViSfJ1AUzVI/B3OnwIr0XouPynjmX/t9ZCO5PjgcoNonajpMtkDj7iYNy/tHiSjqBZD6TSo=@openvpn.net X-Google-Smtp-Source: AGHT+IGSnGZDsK+8AWLUhoES7AZ2CuCdkAVF5Sh+Jd3yyu+PAknQsxnRUu/jgFZIt4SMnVEKOwYU X-Received: by 2002:a05:6820:161e:b0:5e1:ea03:9286 with SMTP id 006d021491bc7-5ec6db4a30dmr10762297eaf.6.1730797491644; Tue, 05 Nov 2024 01:04:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1730797491; cv=none; d=google.com; s=arc-20240605; b=YPoA1mzm9LeXS1rwTDhCviHLWbATgK8QftcnGUhFEar94g9vgDeslv+owGSX3vf+jj AJoBASfTBdhwuCtjjFrAFjWvKzDDjqss06cJPoa5v4obc6gYhga43gyCPYEZTUAlwRTO vDcOiSWwES3pbNZ0m7GIAVbDHjcggd5chkPa9wEwIMz7tDc73f96m28EhWBinDn8N9O/ HTsoCuSVsnlq2vD2jbOQJN/zOlqzM5dp9SdE0J3fO5nCyOnbCBxApHYkFM6iKusbYoII U9usY9JiDas6YkSapFtrBUtxft0Mhz284g5ibxqzqkCq/Nbby6Zvgzh78pcmc2CVWg+t Jznw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:content-language:accept-language:message-id:date :thread-index:thread-topic:to:dkim-signature:dkim-signature :dkim-signature; bh=mp3+2ut2qeRUXTRVI/lnS7+oIRdZZEbvqQGM93uIP+w=; fh=I37vhZPGuICZbOiKJJ+210MDIMcPcV/kCIo1c3aMqKw=; b=VJrxtA4wVKCrMbadsEqGlCfEKcu0xei6BQgx407Oo3I25Lzyp+xKntfgdfZsc6QDX4 xoArF3O9pr6GOghVsS0dk+wPdI9g6BCLq6yTcYUuDC1aJsqvqQgeCiSFAfJJqx7w3JTJ f27YuZO3/6jkYcvKkEMmIcbtd8kh0fCZEqo2qA7F4GzkAE3KS0AFpDV1z9x2ruhUz1fG 9KgM9gV+0ItzTpOrlcyhssFk+uihiivUJ9egvO9ywqIZskmOaVY7tEvUgVY8aDOTzJyG hjNBKp8inOhjyClLexq7DKSiBEwvPuVfGsrIBWRoquQ2Dmb/dk4/oAr85h0se9kV6N7J cPcA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="daP/m1PX"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="N/b5jgfT"; dkim=neutral (body hash did not verify) header.i=@stormshield.eu header.s=signer2 header.b=O1WG0C+L; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-5ec70521241si6097524eaf.55.2024.11.05.01.04.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Nov 2024 01:04:51 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="daP/m1PX"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="N/b5jgfT"; dkim=neutral (body hash did not verify) header.i=@stormshield.eu header.s=signer2 header.b=O1WG0C+L; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1t8FUK-000835-Fi; Tue, 05 Nov 2024 09:04:37 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1t8FUH-00081a-6C for openvpn-devel@lists.sourceforge.net; Tue, 05 Nov 2024 09:04:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=MIME-Version:Content-Type:Message-ID:Date:Subject: To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=OsPKFPgOtDANAcvNF7LBswTszeYNy9cAR1CrGJR3Urc=; b=daP/m1PXOfE3Xhx3gaFSm4K7bj zuDIzCHoUAvmdSM3PjC0vnaJb5IXCdQEvDMaCUD0eND7vFHlFaYc5o75wB7gC2D1gHIeDDr2f1MCd cvKhrg13uvE5mfEx4sankosnOYKjHNJKDnjvlHbz5UeGSNUCcGLdLyP1vhiSA4XwyyF0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=MIME-Version:Content-Type:Message-ID:Date:Subject:To:From:Sender:Reply-To :Cc:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=OsPKFPgOtDANAcvNF7LBswTszeYNy9cAR1CrGJR3Urc=; b=N /b5jgfTVa1XOOpPsYnEqFnMYbNyhG3K1yrv+Q2PG/7IrWNNrW6Ocane/bsaQk90OIhX6M3WebBNAM BhQ5FbYTZZEp0UXa6E1XiSTJK+MYLRjzIiK+92YYuOzc8LqQC1nSeJ9C2OqSAjW6P4c94GJHdUiOT qBixrD0JFjs0WxB8=; Received: from mail.stormshield.eu ([91.212.116.25]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1t8FUF-0002v3-6Z for openvpn-devel@lists.sourceforge.net; Tue, 05 Nov 2024 09:04:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stormshield.eu; s=signer2; t=1730797459; h=From:Subject:Date:Message-ID:To:MIME-Version :Content-Type; bh=OsPKFPgOtDANAcvNF7LBswTszeYNy9cAR1CrGJR3Urc=; b=O1WG0C+ LsZOwDYy600NyXDYWdUegBge9QuMdeteegN7fIf2nQbF/Tu/uKqvv8KUJbM0Q2FOTMobT+TVO Rnux4Z/ElkLbJltnvIpNJo+IBcQ8gmBmCPhkEkl5l/LsFE3hrE+D8+Xpfb4zau4Tk0/zSy1F7 AoINKPuPqi2D1cwyC/H6inHxHublWtaoTtj37Z8Qj0YunJWlYktyWuDxvEjkwJBA+/vuwSo8s Sv+G+hMUJiQoaMit8oD0RrmaGyNXUKFS9elxAylp0E6vRcf88nywmwdzXFy7wxGM3ssNHtop4 Y2bivlINPiqV64tOwnaoUtO1c3e/i9vEGp/v8LQ/H/g==; To: "openvpn-devel@lists.sourceforge.net" Thread-Topic: [PATCH] Add calls to nvlist_destroy to avoid leaks (v2) Thread-Index: AQHbL2GPJn1qni3dt0ShBJLwJSQ0aw== Date: Tue, 5 Nov 2024 09:04:19 +0000 Message-ID: Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: yes X-MS-TNEF-Correlator: MIME-Version: 1.0 X-DKIM-Signer: DkimX (v3.60.360) X-Spam-Score: -0.1 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From c2df7d0e66987e0e7d2c17e1550c40a5f30a265c Mon Sep 17 00:00:00 2001 From: =?utf-8?q?R=C3=A9mi_Farault?= Date: Tue, 29 Oct 2024 12:06:35 +0100 Subject: [PATCH v2] Add [...] Content analysis details: (-0.1 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX X-Headers-End: 1t8FUF-0002v3-6Z Subject: [Openvpn-devel] [PATCH] Add calls to nvlist_destroy to avoid leaks (v2) X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: =?iso-8859-1?q?R=E9mi_FARAULT?= via Openvpn-devel From: =?utf-8?q?R=C3=A9mi_FARAULT?= Reply-To: =?iso-8859-1?q?R=E9mi_FARAULT?= Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1814872710531562857?= X-GMAIL-MSGID: =?utf-8?q?1814872710531562857?= Acked-by: Gert Doering From c2df7d0e66987e0e7d2c17e1550c40a5f30a265c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Farault?= Date: Tue, 29 Oct 2024 12:06:35 +0100 Subject: [PATCH v2] Add calls to nvlist_destroy to avoid leaks --- src/openvpn/dco_freebsd.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index c92e42a1..f4c3b021 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -78,7 +78,7 @@ dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd, struct in_addr *vpn_ipv4, struct in6_addr *vpn_ipv6) { struct ifdrv drv; - nvlist_t *nvl; + nvlist_t *nvl, *local_nvl, *remote_nvl; int ret; nvl = nvlist_create(0); @@ -87,12 +87,14 @@ dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd, if (localaddr) { - nvlist_add_nvlist(nvl, "local", sockaddr_to_nvlist(localaddr)); + local_nvl = sockaddr_to_nvlist(localaddr); + nvlist_add_nvlist(nvl, "local", local_nvl); } if (remoteaddr) { - nvlist_add_nvlist(nvl, "remote", sockaddr_to_nvlist(remoteaddr)); + remote_nvl = sockaddr_to_nvlist(remoteaddr); + nvlist_add_nvlist(nvl, "remote", remote_nvl); } if (vpn_ipv4) @@ -121,6 +123,14 @@ dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd, } free(drv.ifd_data); + if (localaddr) + { + nvlist_destroy(local_nvl); + } + if (remoteaddr) + { + nvlist_destroy(remote_nvl); + } nvlist_destroy(nvl); return ret; @@ -418,7 +428,7 @@ dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, const char *ciphername) { struct ifdrv drv; - nvlist_t *nvl; + nvlist_t *nvl, *encrypt_nvl, *decrypt_nvl; int ret; msg(D_DCO_DEBUG, "%s: slot %d, key-id %d, peer-id %d, cipher %s", @@ -430,10 +440,11 @@ dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, nvlist_add_number(nvl, "keyid", keyid); nvlist_add_number(nvl, "peerid", peerid); - nvlist_add_nvlist(nvl, "encrypt", - key_to_nvlist(encrypt_key, encrypt_iv, ciphername)); - nvlist_add_nvlist(nvl, "decrypt", - key_to_nvlist(decrypt_key, decrypt_iv, ciphername)); + encrypt_nvl = key_to_nvlist(encrypt_key, encrypt_iv, ciphername); + decrypt_nvl = key_to_nvlist(decrypt_key, decrypt_iv, ciphername); + + nvlist_add_nvlist(nvl, "encrypt", encrypt_nvl); + nvlist_add_nvlist(nvl, "decrypt", decrypt_nvl); CLEAR(drv); snprintf(drv.ifd_name, IFNAMSIZ, "%s", dco->ifname); @@ -451,6 +462,8 @@ dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, } free(drv.ifd_data); + nvlist_destroy(encrypt_nvl); + nvlist_destroy(decrypt_nvl); nvlist_destroy(nvl); return ret; @@ -750,6 +763,7 @@ retry: if (!nvlist_exists_nvlist_array(nvl, "peers")) { /* no peers */ + nvlist_destroy(nvl); return 0; } @@ -762,6 +776,7 @@ retry: dco_update_peer_stat(m, peerid, nvlist_get_nvlist(peer, "bytes")); } + nvlist_destroy(nvl); return 0; } -- 2.25.1