diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2015-06-08 23:20:06 -0700 |
|---|---|---|
| committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2015-06-08 23:20:06 -0700 |
| commit | 4fdc960c33724f859be74a630e0d668a74f6637d (patch) | |
| tree | ce6ffab6267ae6effec954ef0226aa1ec749173c | |
| parent | 3d9bc5a3a8dd36188b0c09d536dcc3c0a8339c31 (diff) | |
Fix memory leaks when not using alloca
Reported by Oracle Parfait 1.5.1:
Error: Memory leak (CWE 401)
Memory leak of pointer client_auth allocated with FSalloc((prefix->num_auths * 24))
at line 256 of difs/dispatch.c in function 'ProcEstablishConnection'.
client_auth allocated at line 243 with FSalloc((prefix->num_auths * 24)).
client_auth leaks when (((Atom)ad) - ((Atom)(prefix + 8))) > ((stuff->length << 2) - 4) at line 252.
malloc called at line 372 of os/utils.c in function 'FSalloc'
at line 276 of difs/dispatch.c in function 'ProcEstablishConnection'.
client_auth allocated at line 243 with FSalloc((prefix->num_auths * 24)).
client_auth leaks when (i + 1) >= ((fsConnClientPrefix*)client->requestBuffer)[1].num_auths at line 251.
malloc called at line 372 of os/utils.c in function 'FSalloc'
Error: Memory leak (CWE 401)
Memory leak of pointer acp allocated with FSalloc((stuff->num_auths * 24))
at line 604 of difs/dispatch.c in function 'ProcCreateAC'.
acp allocated at line 590 with FSalloc((stuff->num_auths * 24)).
acp leaks when ((((Atom)ad) - ((Atom)client->requestBuffer)) + 8) > ((stuff->length << 2) - 4) at line 599.
malloc called at line 372 of os/utils.c in function 'FSalloc'
at line 622 of difs/dispatch.c in function 'ProcCreateAC'.
acp allocated at line 590 with FSalloc((stuff->num_auths * 24)).
acp leaks when (i + 1) >= ((fsCreateACReq*)client->requestBuffer)->num_auths at line 597.
malloc called at line 372 of os/utils.c in function 'FSalloc'
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
| -rw-r--r-- | difs/dispatch.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/difs/dispatch.c b/difs/dispatch.c index 36c82ef..60aa841 100644 --- a/difs/dispatch.c +++ b/difs/dispatch.c @@ -253,6 +253,7 @@ ProcEstablishConnection(ClientPtr client) int lengthword = stuff->length; SendErrToClient(client, FSBadLength, (pointer)&lengthword); + DEALLOCATE_LOCAL(client_auth); return (FSBadLength); } /* copy carefully in case wire data is not aligned */ @@ -273,6 +274,7 @@ ProcEstablishConnection(ClientPtr client) int lengthword = stuff->length; SendErrToClient(client, FSBadLength, (pointer)&lengthword); + DEALLOCATE_LOCAL(client_auth); return (FSBadLength); } @@ -292,6 +294,7 @@ ProcEstablishConnection(ClientPtr client) authp = (AuthContextPtr) fsalloc(sizeof(AuthContextRec)); if (!authp) { SendErrToClient(client, FSBadAlloc, (pointer) 0); + DEALLOCATE_LOCAL(client_auth); return FSBadAlloc; } authp->authname = @@ -303,6 +306,7 @@ ProcEstablishConnection(ClientPtr client) fsfree((char *) authp->authdata); fsfree((char *) authp); SendErrToClient(client, FSBadAlloc, (pointer) 0); + DEALLOCATE_LOCAL(client_auth); return FSBadAlloc; } memmove( authp->authname, client_auth[auth_index - 1].name, @@ -318,6 +322,7 @@ ProcEstablishConnection(ClientPtr client) fsfree((char *) authp->authdata); fsfree((char *) authp); SendErrToClient(client, FSBadAlloc, (pointer) 0); + DEALLOCATE_LOCAL(client_auth); return FSBadAlloc; } client->auth = client->default_auth = authp; @@ -601,6 +606,7 @@ ProcCreateAC(ClientPtr client) int lengthword = stuff->length; SendErrToClient(client, FSBadLength, (pointer)&lengthword); + DEALLOCATE_LOCAL(acp); return (FSBadLength); } /* copy carefully in case data is not aligned */ @@ -619,6 +625,8 @@ ProcCreateAC(ClientPtr client) int lengthword = stuff->length; SendErrToClient(client, FSBadLength, (pointer)&lengthword); + if (acp) + DEALLOCATE_LOCAL(acp); return (FSBadLength); } |