[PATCH] Coverity: Memory leak fixed in rpc_server

Ira Cooper ira at samba.org
Thu Apr 2 05:32:00 MDT 2015


Reviewed-by: Ira Cooper <ira at samba.org>

On Wed, Apr 01, 2015 at 10:13:47AM -0400, Rajesh Joseph wrote:
> Hi all,
> 
> This is a fix for coverity bug CID 1273079. 
> Please review the patch and let me know if you have any comments.
> 
> Thanks & Regards,
> Rajesh

> From aec8dbdb092131793e74133f766af7b10201da47 Mon Sep 17 00:00:00 2001
> From: Rajesh Joseph <rjoseph at redhat.com>
> Date: Tue, 31 Mar 2015 18:58:54 +0530
> Subject: [PATCH 1/2] rpc_server: Coverity fix for CID 1273079
> 
> leaked_storage: Variable pk going out of scope leaks the storage it points to.
> 
> On failure get_pk_from_raw_keypair_params function should free up
> the private key (pk) it allocates internally.
> 
> Signed-off-by: Rajesh Joseph <rjoseph at redhat.com>
> Reviewed-by: Guenther Deschner <gd at samba.org>
> ---
>  source4/rpc_server/backupkey/dcesrv_backupkey.c |   14 +++++++++++++-
>  1 files changed, 13 insertions(+), 1 deletions(-)
> 
> diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
> index b3b7074..3edd1b6 100644
> --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
> +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
> @@ -306,6 +306,7 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
>  	hx509_context hctx;
>  	RSA *rsa;
>  	struct hx509_private_key_ops *ops;
> +	hx509_private_key privkey = NULL;
>  
>  	hx509_context_init(&hctx);
>  	ops = hx509_find_private_alg(&_hx509_signature_rsa_with_var_num.algorithm);
> @@ -314,13 +315,14 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
>  		return NT_STATUS_INTERNAL_ERROR;
>  	}
>  
> -	if (hx509_private_key_init(pk, ops, NULL) != 0) {
> +	if (hx509_private_key_init(&privkey, ops, NULL) != 0) {
>  		hx509_context_free(&hctx);
>  		return NT_STATUS_NO_MEMORY;
>  	}
>  
>  	rsa = RSA_new();
>  	if (rsa ==NULL) {
> +		hx509_private_key_free(&privkey);
>  		hx509_context_free(&hctx);
>  		return NT_STATUS_INVALID_PARAMETER;
>  	}
> @@ -328,52 +330,62 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
>  	rsa->n = reverse_and_get_bignum(ctx, &(keypair->modulus));
>  	if (rsa->n == NULL) {
>  		RSA_free(rsa);
> +		hx509_private_key_free(&privkey);
>  		hx509_context_free(&hctx);
>  		return NT_STATUS_INVALID_PARAMETER;
>  	}
>  	rsa->d = reverse_and_get_bignum(ctx, &(keypair->private_exponent));
>  	if (rsa->d == NULL) {
>  		RSA_free(rsa);
> +		hx509_private_key_free(&privkey);
>  		hx509_context_free(&hctx);
>  		return NT_STATUS_INVALID_PARAMETER;
>  	}
>  	rsa->p = reverse_and_get_bignum(ctx, &(keypair->prime1));
>  	if (rsa->p == NULL) {
>  		RSA_free(rsa);
> +		hx509_private_key_free(&privkey);
>  		hx509_context_free(&hctx);
>  		return NT_STATUS_INVALID_PARAMETER;
>  	}
>  	rsa->q = reverse_and_get_bignum(ctx, &(keypair->prime2));
>  	if (rsa->q == NULL) {
>  		RSA_free(rsa);
> +		hx509_private_key_free(&privkey);
>  		hx509_context_free(&hctx);
>  		return NT_STATUS_INVALID_PARAMETER;
>  	}
>  	rsa->dmp1 = reverse_and_get_bignum(ctx, &(keypair->exponent1));
>  	if (rsa->dmp1 == NULL) {
>  		RSA_free(rsa);
> +		hx509_private_key_free(&privkey);
>  		hx509_context_free(&hctx);
>  		return NT_STATUS_INVALID_PARAMETER;
>  	}
>  	rsa->dmq1 = reverse_and_get_bignum(ctx, &(keypair->exponent2));
>  	if (rsa->dmq1 == NULL) {
>  		RSA_free(rsa);
> +		hx509_private_key_free(&privkey);
>  		hx509_context_free(&hctx);
>  		return NT_STATUS_INVALID_PARAMETER;
>  	}
>  	rsa->iqmp = reverse_and_get_bignum(ctx, &(keypair->coefficient));
>  	if (rsa->iqmp == NULL) {
>  		RSA_free(rsa);
> +		hx509_private_key_free(&privkey);
>  		hx509_context_free(&hctx);
>  		return NT_STATUS_INVALID_PARAMETER;
>  	}
>  	rsa->e = reverse_and_get_bignum(ctx, &(keypair->public_exponent));
>  	if (rsa->e == NULL) {
>  		RSA_free(rsa);
> +		hx509_private_key_free(&privkey);
>  		hx509_context_free(&hctx);
>  		return NT_STATUS_INVALID_PARAMETER;
>  	}
>  
> +	*pk = privkey;
> +
>  	hx509_private_key_assign_rsa(*pk, rsa);
>  
>  	hx509_context_free(&hctx);
> -- 
> 1.7.1
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150402/9aa1259b/attachment.pgp>


More information about the samba-technical mailing list