[PATCH] Coverity: Memory leak fixed in rpc_server
Ira Cooper
ira at samba.org
Thu Apr 2 05:32:00 MDT 2015
Reviewed-by: Ira Cooper <ira at samba.org>
On Wed, Apr 01, 2015 at 10:13:47AM -0400, Rajesh Joseph wrote:
> Hi all,
>
> This is a fix for coverity bug CID 1273079.
> Please review the patch and let me know if you have any comments.
>
> Thanks & Regards,
> Rajesh
> From aec8dbdb092131793e74133f766af7b10201da47 Mon Sep 17 00:00:00 2001
> From: Rajesh Joseph <rjoseph at redhat.com>
> Date: Tue, 31 Mar 2015 18:58:54 +0530
> Subject: [PATCH 1/2] rpc_server: Coverity fix for CID 1273079
>
> leaked_storage: Variable pk going out of scope leaks the storage it points to.
>
> On failure get_pk_from_raw_keypair_params function should free up
> the private key (pk) it allocates internally.
>
> Signed-off-by: Rajesh Joseph <rjoseph at redhat.com>
> Reviewed-by: Guenther Deschner <gd at samba.org>
> ---
> source4/rpc_server/backupkey/dcesrv_backupkey.c | 14 +++++++++++++-
> 1 files changed, 13 insertions(+), 1 deletions(-)
>
> diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
> index b3b7074..3edd1b6 100644
> --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
> +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
> @@ -306,6 +306,7 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
> hx509_context hctx;
> RSA *rsa;
> struct hx509_private_key_ops *ops;
> + hx509_private_key privkey = NULL;
>
> hx509_context_init(&hctx);
> ops = hx509_find_private_alg(&_hx509_signature_rsa_with_var_num.algorithm);
> @@ -314,13 +315,14 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
> return NT_STATUS_INTERNAL_ERROR;
> }
>
> - if (hx509_private_key_init(pk, ops, NULL) != 0) {
> + if (hx509_private_key_init(&privkey, ops, NULL) != 0) {
> hx509_context_free(&hctx);
> return NT_STATUS_NO_MEMORY;
> }
>
> rsa = RSA_new();
> if (rsa ==NULL) {
> + hx509_private_key_free(&privkey);
> hx509_context_free(&hctx);
> return NT_STATUS_INVALID_PARAMETER;
> }
> @@ -328,52 +330,62 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
> rsa->n = reverse_and_get_bignum(ctx, &(keypair->modulus));
> if (rsa->n == NULL) {
> RSA_free(rsa);
> + hx509_private_key_free(&privkey);
> hx509_context_free(&hctx);
> return NT_STATUS_INVALID_PARAMETER;
> }
> rsa->d = reverse_and_get_bignum(ctx, &(keypair->private_exponent));
> if (rsa->d == NULL) {
> RSA_free(rsa);
> + hx509_private_key_free(&privkey);
> hx509_context_free(&hctx);
> return NT_STATUS_INVALID_PARAMETER;
> }
> rsa->p = reverse_and_get_bignum(ctx, &(keypair->prime1));
> if (rsa->p == NULL) {
> RSA_free(rsa);
> + hx509_private_key_free(&privkey);
> hx509_context_free(&hctx);
> return NT_STATUS_INVALID_PARAMETER;
> }
> rsa->q = reverse_and_get_bignum(ctx, &(keypair->prime2));
> if (rsa->q == NULL) {
> RSA_free(rsa);
> + hx509_private_key_free(&privkey);
> hx509_context_free(&hctx);
> return NT_STATUS_INVALID_PARAMETER;
> }
> rsa->dmp1 = reverse_and_get_bignum(ctx, &(keypair->exponent1));
> if (rsa->dmp1 == NULL) {
> RSA_free(rsa);
> + hx509_private_key_free(&privkey);
> hx509_context_free(&hctx);
> return NT_STATUS_INVALID_PARAMETER;
> }
> rsa->dmq1 = reverse_and_get_bignum(ctx, &(keypair->exponent2));
> if (rsa->dmq1 == NULL) {
> RSA_free(rsa);
> + hx509_private_key_free(&privkey);
> hx509_context_free(&hctx);
> return NT_STATUS_INVALID_PARAMETER;
> }
> rsa->iqmp = reverse_and_get_bignum(ctx, &(keypair->coefficient));
> if (rsa->iqmp == NULL) {
> RSA_free(rsa);
> + hx509_private_key_free(&privkey);
> hx509_context_free(&hctx);
> return NT_STATUS_INVALID_PARAMETER;
> }
> rsa->e = reverse_and_get_bignum(ctx, &(keypair->public_exponent));
> if (rsa->e == NULL) {
> RSA_free(rsa);
> + hx509_private_key_free(&privkey);
> hx509_context_free(&hctx);
> return NT_STATUS_INVALID_PARAMETER;
> }
>
> + *pk = privkey;
> +
> hx509_private_key_assign_rsa(*pk, rsa);
>
> hx509_context_free(&hctx);
> --
> 1.7.1
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150402/9aa1259b/attachment.pgp>
More information about the samba-technical
mailing list