From 847ee233f424bc3466c6183667be9f17f4270e2f Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Thu, 25 Oct 2018 12:49:42 +0200 Subject: [PATCH 1/5] Fixed resource leak in rpc_ntlm_http_request --- libfreerdp/core/gateway/ncacn_http.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libfreerdp/core/gateway/ncacn_http.c b/libfreerdp/core/gateway/ncacn_http.c index a1c891620..10813a8f6 100644 --- a/libfreerdp/core/gateway/ncacn_http.c +++ b/libfreerdp/core/gateway/ncacn_http.c @@ -44,6 +44,9 @@ static wStream* rpc_ntlm_http_request(HttpContext* http, const char* method, request = http_request_new(); + if (!request) + goto fail; + if (ntlmToken) base64NtlmToken = crypto_base64_encode(ntlmToken->pvBuffer, ntlmToken->cbBuffer); @@ -52,7 +55,7 @@ static wStream* rpc_ntlm_http_request(HttpContext* http, const char* method, if (!http_request_set_method(request, method) || !http_request_set_content_length(request, contentLength) || !http_request_set_uri(request, uri)) - return NULL; + goto fail; if (base64NtlmToken) { From f269a0ce5b5fac7a6576d2782b241c9b3bce172a Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Thu, 25 Oct 2018 13:08:00 +0200 Subject: [PATCH 2/5] Fixed sockfd/socketBio resource leak. --- libfreerdp/core/transport.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index 62b2777e1..9b186d654 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -224,22 +224,30 @@ wStream* transport_send_stream_init(rdpTransport* transport, int size) BOOL transport_attach(rdpTransport* transport, int sockfd) { - BIO* socketBio; + BIO* socketBio = NULL; BIO* bufferedBio; socketBio = BIO_new(BIO_s_simple_socket()); if (!socketBio) - return FALSE; + goto fail; BIO_set_fd(socketBio, sockfd, BIO_CLOSE); bufferedBio = BIO_new(BIO_s_buffered_socket()); if (!bufferedBio) - return FALSE; + goto fail; bufferedBio = BIO_push(bufferedBio, socketBio); transport->frontBio = bufferedBio; return TRUE; +fail: + + if (socketBio) + BIO_free_all(socketBio); + else + close(sockfd); + + return FALSE; } BOOL transport_connect_rdp(rdpTransport* transport) @@ -1093,7 +1101,7 @@ BOOL transport_disconnect(rdpTransport* transport) else { if (transport->frontBio) - BIO_free(transport->frontBio); + BIO_free_all(transport->frontBio); } if (transport->tsg) From 7aebf8ebd2c9c2a045c924d3db1d4c5b4228c1c5 Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Thu, 25 Oct 2018 13:08:16 +0200 Subject: [PATCH 3/5] Silence code analyzers, check correct variable for NULL. --- channels/audin/client/oss/audin_oss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/channels/audin/client/oss/audin_oss.c b/channels/audin/client/oss/audin_oss.c index 968b343d7..e1d73b2bf 100644 --- a/channels/audin/client/oss/audin_oss.c +++ b/channels/audin/client/oss/audin_oss.c @@ -157,7 +157,7 @@ static DWORD WINAPI audin_oss_thread_func(LPVOID arg) UINT error = 0; DWORD status; - if (arg == NULL) + if (oss == NULL) { error = ERROR_INVALID_PARAMETER; goto err_out; From 42014e80d0f12d2dddfa351e65b992a60b730eba Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Thu, 25 Oct 2018 13:13:14 +0200 Subject: [PATCH 4/5] Fixed sockfd/socketBio resource leak. --- libfreerdp/core/gateway/rpc.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/libfreerdp/core/gateway/rpc.c b/libfreerdp/core/gateway/rpc.c index 81db7c228..08813b20c 100644 --- a/libfreerdp/core/gateway/rpc.c +++ b/libfreerdp/core/gateway/rpc.c @@ -671,24 +671,36 @@ static BOOL rpc_channel_tls_connect(RpcChannel* channel, int timeout) socketBio = BIO_new(BIO_s_simple_socket()); if (!socketBio) + { + close(sockfd); return FALSE; + } BIO_set_fd(socketBio, sockfd, BIO_CLOSE); bufferedBio = BIO_new(BIO_s_buffered_socket()); if (!bufferedBio) + { + BIO_free_all(socketBio); return FALSE; + } bufferedBio = BIO_push(bufferedBio, socketBio); if (!BIO_set_nonblock(bufferedBio, TRUE)) + { + BIO_free_all(bufferedBio); return FALSE; + } if (channel->client->isProxy) { if (!proxy_connect(settings, bufferedBio, proxyUsername, proxyPassword, settings->GatewayHostname, settings->GatewayPort)) + { + BIO_free_all(bufferedBio); return FALSE; + } } channel->bio = bufferedBio; From 6339c43c802012f49f0c4c4a77df3670fb9ed74b Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Thu, 25 Oct 2018 13:19:22 +0200 Subject: [PATCH 5/5] Fixed sockfd/socketBio resource leak. --- libfreerdp/core/gateway/rdg.c | 10 +++++----- libfreerdp/core/gateway/rpc.c | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libfreerdp/core/gateway/rdg.c b/libfreerdp/core/gateway/rdg.c index b1bab4824..ca678cebc 100644 --- a/libfreerdp/core/gateway/rdg.c +++ b/libfreerdp/core/gateway/rdg.c @@ -328,7 +328,7 @@ static wStream* rdg_build_http_request(rdpRdg* rdg, const char* method, HttpRequest* request = NULL; const char* uri; - if (!rdg || !method ) + if (!rdg || !method) return NULL; uri = http_context_get_uri(rdg->http); @@ -693,9 +693,7 @@ static BOOL rdg_tls_connect(rdpRdg* rdg, rdpTls* tls, const char* peerAddress, i peerPort, timeout); if (sockfd < 0) - { return FALSE; - } socketBio = BIO_new(BIO_s_simple_socket()); @@ -710,8 +708,7 @@ static BOOL rdg_tls_connect(rdpRdg* rdg, rdpTls* tls, const char* peerAddress, i if (!bufferedBio) { - closesocket(sockfd); - BIO_free(socketBio); + BIO_free_all(socketBio); return FALSE; } @@ -722,7 +719,10 @@ static BOOL rdg_tls_connect(rdpRdg* rdg, rdpTls* tls, const char* peerAddress, i { if (!proxy_connect(settings, bufferedBio, proxyUsername, proxyPassword, settings->GatewayHostname, settings->GatewayPort)) + { + BIO_free_all(bufferedBio); return FALSE; + } } if (!status) diff --git a/libfreerdp/core/gateway/rpc.c b/libfreerdp/core/gateway/rpc.c index 08813b20c..54f35a4bc 100644 --- a/libfreerdp/core/gateway/rpc.c +++ b/libfreerdp/core/gateway/rpc.c @@ -672,7 +672,7 @@ static BOOL rpc_channel_tls_connect(RpcChannel* channel, int timeout) if (!socketBio) { - close(sockfd); + closesocket(sockfd); return FALSE; }