Commit b5c1f4c0 authored by David Woodhouse's avatar David Woodhouse

Add openconnect_vpninfo_free(); start to sanify string lifetime rules.

- openconnect_set_http_proxy() now takes ownership of the proxy string
- fix openconnect_clear_cookie() to clear string properly, and only if set
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 2d47e5e1
......@@ -1077,7 +1077,7 @@ int process_proxy(struct openconnect_info *vpninfo, int ssl_sock)
int openconnect_set_http_proxy(struct openconnect_info *vpninfo, char *proxy)
{
char *url = strdup(proxy);
char *url = proxy;
int ret;
if (!url)
......
......@@ -43,6 +43,42 @@ struct openconnect_info *openconnect_vpninfo_new (char *useragent,
return vpninfo;
}
static void free_optlist (struct vpn_option *opt)
{
struct vpn_option *next;
for (; opt; opt = next) {
next = opt->next;
free(opt->option);
free(opt->value);
free(opt);
}
}
void openconnect_vpninfo_free (struct openconnect_info *vpninfo)
{
openconnect_reset_ssl(vpninfo);
free_optlist(vpninfo->cookies);
free_optlist(vpninfo->cstp_options);
free_optlist(vpninfo->dtls_options);
free(vpninfo->hostname);
free(vpninfo->urlpath);
free(vpninfo->redirect_url);
free(vpninfo->proxy_type);
free(vpninfo->proxy);
free(vpninfo->csd_scriptname);
free(vpninfo->csd_stuburl);
/* These are const in openconnect itself, but for consistency of
the library API we do take ownership of the strings we're given,
and thus we have to free them too. */
free((void *)vpninfo->cafile);
free((void *)vpninfo->cert);
if (vpninfo->cert != vpninfo->sslkey)
free((void *)vpninfo->sslkey);
/* No need to free deflate streams; they weren't initialised */
free(vpninfo);
}
char *openconnect_get_hostname (struct openconnect_info *vpninfo)
{
return vpninfo->hostname;
......@@ -69,7 +105,6 @@ void openconnect_set_xmlsha1 (struct openconnect_info *vpninfo, char *xmlsha1, i
return;
memcpy (&vpninfo->xmlsha1, xmlsha1, size);
}
void openconnect_set_cafile (struct openconnect_info *vpninfo, char *cafile)
......@@ -110,7 +145,8 @@ char *openconnect_get_cookie (struct openconnect_info *vpninfo)
void openconnect_clear_cookie (struct openconnect_info *vpninfo)
{
memset(vpninfo->cookie, 0, sizeof(vpninfo->cookie));
if (vpninfo->cookie)
memset(vpninfo->cookie, 0, strlen(vpninfo->cookie));
}
void openconnect_reset_ssl (struct openconnect_info *vpninfo)
......
......@@ -459,7 +459,7 @@ int main(int argc, char **argv)
if (autoproxy)
vpninfo->proxy_factory = px_proxy_factory_new();
#endif
if (proxy && openconnect_set_http_proxy(vpninfo, proxy))
if (proxy && openconnect_set_http_proxy(vpninfo, strdup(proxy)))
exit(1);
if (use_syslog) {
......
......@@ -127,7 +127,7 @@ struct openconnect_info {
int uid_csd_given;
int no_http_keepalive;
char *cookie;
char *cookie; /* Pointer to within cookies list */
struct vpn_option *cookies;
struct vpn_option *cstp_options;
struct vpn_option *dtls_options;
......
......@@ -91,6 +91,10 @@ struct openconnect_info;
/* We don't want to have to pull in OpenSSL stuff just for this */
struct x509_st;
/* Unless otherwise specified, all functions which set strings will take ownership of those strings
and should free them later in openconnect_vpninfo_free() */
int openconnect_get_cert_sha1(struct openconnect_info *vpninfo,
struct x509_st *cert, char *buf);
int openconnect_set_http_proxy(struct openconnect_info *vpninfo, char *proxy);
......@@ -103,7 +107,11 @@ char *openconnect_get_hostname (struct openconnect_info *);
void openconnect_set_hostname (struct openconnect_info *, char *);
char *openconnect_get_urlpath (struct openconnect_info *);
void openconnect_set_urlpath (struct openconnect_info *, char *);
/* This function does *not* take ownership of the string; it's copied
into a static buffer in the vpninfo */
void openconnect_set_xmlsha1 (struct openconnect_info *, char *, int size);
void openconnect_set_cafile (struct openconnect_info *, char *);
void openconnect_setup_csd (struct openconnect_info *, uid_t, int silent, char *wrapper);
void openconnect_set_client_cert (struct openconnect_info *, char *cert, char *sslkey);
......@@ -111,8 +119,6 @@ struct x509_st *openconnect_get_peer_cert (struct openconnect_info *);
int openconnect_get_port (struct openconnect_info *);
char *openconnect_get_cookie (struct openconnect_info *);
void openconnect_clear_cookie (struct openconnect_info *);
void openconnect_clear_peer_addr (struct openconnect_info *);
void openconnect_clear_https_ctx (struct openconnect_info *);
void openconnect_reset_ssl (struct openconnect_info *vpninfo);
int openconnect_parse_url (struct openconnect_info *vpninfo, char *url);
......@@ -133,5 +139,6 @@ struct openconnect_info *openconnect_vpninfo_new (char *useragent,
openconnect_write_new_config_fn,
openconnect_process_auth_form_fn,
openconnect_progress_fn);
void openconnect_vpninfo_free (struct openconnect_info *vpninfo);
#endif /* __OPENCONNECT_H__ */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment