Commit 9c528aa6 authored by venaas's avatar venaas Committed by venaas
Browse files

fixed out of bounds access and memory leak, thanks Hans! also renamed a variable

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@153 e88ac4ed-0b26-0410-9574-a7f39faa03bf
parent 88df24c1
...@@ -48,7 +48,7 @@ ...@@ -48,7 +48,7 @@
#include "radsecproxy.h" #include "radsecproxy.h"
static struct options options; static struct options options;
struct list *clconfs, *srvconfs, *realms, *tls; struct list *clconfs, *srvconfs, *realms, *tlsconfs;
static int client_udp_count = 0; static int client_udp_count = 0;
static int client_tls_count = 0; static int client_tls_count = 0;
...@@ -1463,7 +1463,7 @@ void *clientwr(void *arg) { ...@@ -1463,7 +1463,7 @@ void *clientwr(void *arg) {
for (i = 0; i < MAX_REQUESTS; i++) { for (i = 0; i < MAX_REQUESTS; i++) {
pthread_mutex_lock(&server->newrq_mutex); pthread_mutex_lock(&server->newrq_mutex);
while (!server->requests[i].buf && i < MAX_REQUESTS) while (i < MAX_REQUESTS && !server->requests[i].buf)
i++; i++;
if (i == MAX_REQUESTS) { if (i == MAX_REQUESTS) {
pthread_mutex_unlock(&server->newrq_mutex); pthread_mutex_unlock(&server->newrq_mutex);
...@@ -1771,7 +1771,7 @@ void tlsadd(char *value, char *cacertfile, char *cacertpath, char *certfile, cha ...@@ -1771,7 +1771,7 @@ void tlsadd(char *value, char *cacertfile, char *cacertpath, char *certfile, cha
SSL_CTX_set_verify_depth(ctx, MAX_CERT_DEPTH + 1); SSL_CTX_set_verify_depth(ctx, MAX_CERT_DEPTH + 1);
new = malloc(sizeof(struct tls)); new = malloc(sizeof(struct tls));
if (!new || !list_push(tls, new)) if (!new || !list_push(tlsconfs, new))
debugx(1, DBG_ERR, "malloc failed"); debugx(1, DBG_ERR, "malloc failed");
memset(new, 0, sizeof(struct tls)); memset(new, 0, sizeof(struct tls));
...@@ -1787,20 +1787,22 @@ void tlsfree() { ...@@ -1787,20 +1787,22 @@ void tlsfree() {
struct list_node *entry; struct list_node *entry;
struct tls *t; struct tls *t;
for (entry = list_first(tls); entry; entry = list_next(entry)) { for (entry = list_first(tlsconfs); entry; entry = list_next(entry)) {
t = (struct tls *)entry->data; t = (struct tls *)entry->data;
if (t->name)
free(t->name);
if (!t->count) if (!t->count)
SSL_CTX_free(t->ctx); SSL_CTX_free(t->ctx);
} }
list_destroy(tls); list_destroy(tlsconfs);
tls = NULL; tlsconfs = NULL;
} }
SSL_CTX *tlsgetctx(char *alt1, char *alt2) { SSL_CTX *tlsgetctx(char *alt1, char *alt2) {
struct list_node *entry; struct list_node *entry;
struct tls *t, *t1 = NULL, *t2 = NULL; struct tls *t, *t1 = NULL, *t2 = NULL;
for (entry = list_first(tls); entry; entry = list_next(entry)) { for (entry = list_first(tlsconfs); entry; entry = list_next(entry)) {
t = (struct tls *)entry->data; t = (struct tls *)entry->data;
if (!strcasecmp(t->name, alt1)) { if (!strcasecmp(t->name, alt1)) {
t1 = t; t1 = t;
...@@ -2284,8 +2286,8 @@ void getmainconfig(const char *configfile) { ...@@ -2284,8 +2286,8 @@ void getmainconfig(const char *configfile) {
if (!realms) if (!realms)
debugx(1, DBG_ERR, "malloc failed"); debugx(1, DBG_ERR, "malloc failed");
tls = list_create(); tlsconfs = list_create();
if (!tls) if (!tlsconfs)
debugx(1, DBG_ERR, "malloc failed"); debugx(1, DBG_ERR, "malloc failed");
getgeneralconfig(f, NULL, getgeneralconfig(f, NULL,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment