From 66dfc4fd5b1ed49d645c19d5133e01cd96191c0a Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Fri, 25 Apr 2014 21:14:10 +0800 Subject: [PATCH 01/13] winpr: fix error malloc size. --- winpr/libwinpr/utils/collections/ListDictionary.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/winpr/libwinpr/utils/collections/ListDictionary.c b/winpr/libwinpr/utils/collections/ListDictionary.c index b89620f6e..ca65d8a08 100644 --- a/winpr/libwinpr/utils/collections/ListDictionary.c +++ b/winpr/libwinpr/utils/collections/ListDictionary.c @@ -144,8 +144,8 @@ int ListDictionary_GetKeys(wListDictionary* listDictionary, ULONG_PTR** ppKeys) } } - pKeys = (ULONG_PTR*) malloc(sizeof(ULONG_PTR*) * count); - ZeroMemory(pKeys, sizeof(ULONG_PTR*) * count); + pKeys = (ULONG_PTR*) malloc(sizeof(ULONG_PTR) * count); + ZeroMemory(pKeys, sizeof(ULONG_PTR) * count); index = 0; From 196f5315aec93ba6241bacb4b36b1266213c90bc Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 11:32:51 +0800 Subject: [PATCH 02/13] libwinpr: fix memory leak in case realloc() failed. --- winpr/libwinpr/utils/collections/BufferPool.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/winpr/libwinpr/utils/collections/BufferPool.c b/winpr/libwinpr/utils/collections/BufferPool.c index 885064b78..3a0fda5b4 100644 --- a/winpr/libwinpr/utils/collections/BufferPool.c +++ b/winpr/libwinpr/utils/collections/BufferPool.c @@ -277,6 +277,9 @@ void* BufferPool_Take(wBufferPool* pool, int size) return buffer; out_error: + if (buffer) + free(buffer); + if (pool->synchronized) LeaveCriticalSection(&pool->lock); return NULL; From 88760cbd8300b527e9241951b862cbb30d629ae0 Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 11:36:35 +0800 Subject: [PATCH 03/13] libwinpr: fix memory leak in case TimerQueue is NULL. --- winpr/libwinpr/synch/timer.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/winpr/libwinpr/synch/timer.c b/winpr/libwinpr/synch/timer.c index d6b06691b..0f0c41572 100644 --- a/winpr/libwinpr/synch/timer.c +++ b/winpr/libwinpr/synch/timer.c @@ -648,12 +648,15 @@ BOOL CreateTimerQueueTimer(PHANDLE phNewTimer, HANDLE TimerQueue, WINPR_TIMER_QUEUE* timerQueue; WINPR_TIMER_QUEUE_TIMER* timer; + if (!TimerQueue) + return FALSE; + timespec_gettimeofday(&CurrentTime); timerQueue = (WINPR_TIMER_QUEUE*) TimerQueue; timer = (WINPR_TIMER_QUEUE_TIMER*) malloc(sizeof(WINPR_TIMER_QUEUE_TIMER)); - if (!timer || !TimerQueue) + if (!timer) return FALSE; WINPR_HANDLE_SET_TYPE(timer, HANDLE_TYPE_TIMER_QUEUE_TIMER); From dcbf5bd0ed643f56beb03a0540e95197ac42f386 Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 11:53:08 +0800 Subject: [PATCH 04/13] libwinpr: fix memory leak in case of error. --- winpr/libwinpr/pipe/pipe.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/winpr/libwinpr/pipe/pipe.c b/winpr/libwinpr/pipe/pipe.c index d1c26e5fc..6e82a0b6a 100644 --- a/winpr/libwinpr/pipe/pipe.c +++ b/winpr/libwinpr/pipe/pipe.c @@ -145,7 +145,7 @@ HANDLE CreateNamedPipeA(LPCSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD if (pNamedPipe->serverfd == -1) { fprintf(stderr, "CreateNamedPipeA: socket error, %s\n", strerror(errno)); - return INVALID_HANDLE_VALUE; + goto err_out; } ZeroMemory(&s, sizeof(struct sockaddr_un)); @@ -157,7 +157,7 @@ HANDLE CreateNamedPipeA(LPCSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD if (status != 0) { fprintf(stderr, "CreateNamedPipeA: bind error, %s\n", strerror(errno)); - return INVALID_HANDLE_VALUE; + goto err_out; } status = listen(pNamedPipe->serverfd, 2); @@ -165,7 +165,7 @@ HANDLE CreateNamedPipeA(LPCSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD if (status != 0) { fprintf(stderr, "CreateNamedPipeA: listen error, %s\n", strerror(errno)); - return INVALID_HANDLE_VALUE; + goto err_out; } UnixChangeFileMode(pNamedPipe->lpFilePath, 0xFFFF); @@ -181,6 +181,13 @@ HANDLE CreateNamedPipeA(LPCSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD } return hNamedPipe; +err_out: + if (pNamedPipe) { + if (pNamedPipe->serverfd != -1) + close(pNamedPipe->serverfd); + free(pNamedPipe); + } + return INVALID_HANDLE_VALUE; } HANDLE CreateNamedPipeW(LPCWSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, From 8ce32773f32a71106a7bfdde22a63e8ada990c14 Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 12:00:07 +0800 Subject: [PATCH 05/13] core: fix memory leak in case of error out. --- libfreerdp/core/license.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libfreerdp/core/license.c b/libfreerdp/core/license.c index 42e7dc8ef..dc96014a9 100644 --- a/libfreerdp/core/license.c +++ b/libfreerdp/core/license.c @@ -1057,6 +1057,7 @@ void license_send_platform_challenge_response_packet(rdpLicense* license) if (!rc4) { fprintf(stderr, "%s: unable to allocate a rc4\n", __FUNCTION__); + free(buffer); return; } crypto_rc4(rc4, HWID_LENGTH, license->HardwareId, buffer); From 24fce3a74996628c6ecdcd0e8622400744ccc731 Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 12:05:52 +0800 Subject: [PATCH 06/13] core: fix memory leak in case of error out. --- libfreerdp/core/gateway/tsg.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libfreerdp/core/gateway/tsg.c b/libfreerdp/core/gateway/tsg.c index a4cbd9a2a..62a84a6a9 100644 --- a/libfreerdp/core/gateway/tsg.c +++ b/libfreerdp/core/gateway/tsg.c @@ -373,6 +373,10 @@ BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu) default: fprintf(stderr, "Unexpected Message Type: 0x%X\n", (int) MessageSwitchValue); + free(tsgCaps); + free(versionCaps); + free(packetCapsResponse); + free(packet); return FALSE; } @@ -619,6 +623,7 @@ BOOL TsProxyAuthorizeTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu) { fprintf(stderr, "status: E_PROXY_NAP_ACCESSDENIED (0x%08X)\n", E_PROXY_NAP_ACCESSDENIED); fprintf(stderr, "Ensure that the Gateway Connection Authorization Policy is correct\n"); + free(packet); return FALSE; } From 69eee0709de0e1125c0d8479b1fffd488757e0ec Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 12:08:30 +0800 Subject: [PATCH 07/13] core: fix memory leak in case of error out. --- libfreerdp/core/gateway/ncacn_http.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libfreerdp/core/gateway/ncacn_http.c b/libfreerdp/core/gateway/ncacn_http.c index 2820d8e0d..76e76d603 100644 --- a/libfreerdp/core/gateway/ncacn_http.c +++ b/libfreerdp/core/gateway/ncacn_http.c @@ -329,6 +329,7 @@ rdpNtlmHttp* ntlm_http_new() out_free_ntlm: ntlm_free(ntlm_http->ntlm); out_free: + free(ntlm_http); return NULL; } From cb2fc70a5db050aa3d63413c25b34a09a0bd1f92 Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 12:16:34 +0800 Subject: [PATCH 08/13] codec: fix memory leak in case of realloc() failed. --- libfreerdp/codec/region.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libfreerdp/codec/region.c b/libfreerdp/codec/region.c index c7fe1f112..4ad0213f4 100644 --- a/libfreerdp/codec/region.c +++ b/libfreerdp/codec/region.c @@ -737,8 +737,10 @@ BOOL region16_intersect_rect(REGION16 *dst, const REGION16 *src, const RECTANGLE free(dst->data); dst->data = realloc(newItems, newItems->size); - if (!dst->data) + if (!dst->data) { + free(newItems); return FALSE; + } dst->extents = newExtents; return region16_simplify_bands(dst); From 5cb781983096fd32e47c46b7fa1961ac7b5f1a50 Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 12:19:28 +0800 Subject: [PATCH 09/13] client-common: fix memory leak in case of error out. --- client/common/file.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/common/file.c b/client/common/file.c index c73be9198..62114f485 100644 --- a/client/common/file.c +++ b/client/common/file.c @@ -674,6 +674,7 @@ BOOL freerdp_client_write_rdp_file(const rdpFile* file, const char* name, BOOL u if (freerdp_client_write_rdp_file_buffer(file, buffer, length + 1) != length) { fprintf(stderr, "freerdp_client_write_rdp_file: error writing to output buffer\n"); + free(buffer); return FALSE; } From 7b1e773929050f5f8f3574f956abc30cf8b2edf3 Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 12:24:56 +0800 Subject: [PATCH 10/13] serial: fix memory leak in case of error out. --- channels/serial/client/serial_tty.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/channels/serial/client/serial_tty.c b/channels/serial/client/serial_tty.c index 8e051e930..b71bd5753 100644 --- a/channels/serial/client/serial_tty.c +++ b/channels/serial/client/serial_tty.c @@ -426,8 +426,10 @@ BOOL serial_tty_read(SERIAL_TTY* tty, BYTE* buffer, UINT32* Length) ptermios = (struct termios*) calloc(1, sizeof(struct termios)); - if (tcgetattr(tty->fd, ptermios) < 0) + if (tcgetattr(tty->fd, ptermios) < 0) { + free(ptermios); return FALSE; + } /** * If a timeout is set, do a blocking read, which times out after some time. From cad2578867ec879d5b26db345880fa3b1351d7d9 Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 13:13:12 +0800 Subject: [PATCH 11/13] libwinpr: minor fix print uninitialized variable. --- winpr/libwinpr/rpc/ndr.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/winpr/libwinpr/rpc/ndr.c b/winpr/libwinpr/rpc/ndr.c index 3434238c2..efc58d809 100644 --- a/winpr/libwinpr/rpc/ndr.c +++ b/winpr/libwinpr/rpc/ndr.c @@ -241,7 +241,6 @@ CLIENT_CALL_RETURN NdrClientCall(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING MIDL_STUB_MESSAGE stubMsg; INTERPRETER_FLAGS flags; INTERPRETER_OPT_FLAGS optFlags; - INTERPRETER_OPT_FLAGS2 extFlags; NDR_PROC_HEADER* procHeader; NDR_OI2_PROC_HEADER* oi2ProcHeader; CLIENT_CALL_RETURN client_call_return; @@ -297,6 +296,7 @@ CLIENT_CALL_RETURN NdrClientCall(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING if (optFlags.HasExtensions) { + INTERPRETER_OPT_FLAGS2 extFlags; NDR_PROC_HEADER_EXTS* extensions = (NDR_PROC_HEADER_EXTS*) pFormat; pFormat += extensions->Size; @@ -324,14 +324,13 @@ CLIENT_CALL_RETURN NdrClientCall(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING } } #endif + fprintf(stderr, "ExtFlags: "); + NdrPrintExtFlags(extFlags); + fprintf(stderr, "\n"); } stubMsg.StackTop = (unsigned char*) stackTop; - fprintf(stderr, "ExtFlags: "); - NdrPrintExtFlags(extFlags); - fprintf(stderr, "\n"); - NdrProcessParams(&stubMsg, pFormat, NDR_PHASE_SIZE, fpuStack, numberParams); fprintf(stderr, "stubMsg BufferLength: %d\n", (int) stubMsg.BufferLength); From e8f34b845e1cca4d3ca773f00e1d251cdd0b41cb Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 13:43:52 +0800 Subject: [PATCH 12/13] serial: fix memory leak in case of error out. --- channels/serial/client/serial_tty.c | 1 + 1 file changed, 1 insertion(+) diff --git a/channels/serial/client/serial_tty.c b/channels/serial/client/serial_tty.c index b71bd5753..a7d365471 100644 --- a/channels/serial/client/serial_tty.c +++ b/channels/serial/client/serial_tty.c @@ -450,6 +450,7 @@ BOOL serial_tty_read(SERIAL_TTY* tty, BYTE* buffer, UINT32* Length) tcsetattr(tty->fd, TCSANOW, ptermios); tty->timeout = timeout; + free(ptermios); } ZeroMemory(buffer, *Length); From e64a64dcd62162b56293d5f987e8b60c5203e83e Mon Sep 17 00:00:00 2001 From: Zhang Zhaolong Date: Sat, 26 Apr 2014 13:44:28 +0800 Subject: [PATCH 13/13] core: fix memory leak in case of error out. --- libfreerdp/core/gateway/tsg.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libfreerdp/core/gateway/tsg.c b/libfreerdp/core/gateway/tsg.c index 62a84a6a9..f130f73ab 100644 --- a/libfreerdp/core/gateway/tsg.c +++ b/libfreerdp/core/gateway/tsg.c @@ -360,6 +360,10 @@ BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu) if (MsgBytes > TSG_MESSAGING_MAX_MESSAGE_LENGTH) { fprintf(stderr, "Out of Spec Message Length %d", MsgBytes); + free(tsgCaps); + free(versionCaps); + free(packetCapsResponse); + free(packet); return FALSE; } offset += MsgBytes;