Ignore:
Timestamp:
Sep 25, 2013 5:27:41 PM (6 years ago)
Author:
Mei-Hui Su <mei@…>
Branches:
abac0-leak, master
Children:
7764378, 91a6b20
Parents:
c0fe894
Message:

1) ran with valgrind and did some leak patching

File:
1 edited

Legend:

Unmodified
Added
Removed
  • libabac/abac_verifier.c

    rf43e42c rf2622ee  
    8585 * Load an ID certificate.
    8686 */
    87 static int _load_id(abac_list_t *id_certs, abac_id_t *cert,
     87static int _load_id(abac_list_t *id_certs, abac_id_t **cert,
    8888        abac_keyid_map_t *km) {
    8989    abac_id_cert_t *id_cert = NULL;
     
    9292    int ret;
    9393
    94     assert(cert);
     94    assert(*cert);
    9595
    9696    // get the key ID
    97     keyid = abac_id_keyid(cert);
     97    keyid = abac_id_keyid(*cert);
    9898
    9999    // if we already have this cert 'error' with success
     
    105105           incoming does, then need to bring that bit of
    106106           information in */
    107            if(abac_id_has_privkey(cert) &&
     107           if(abac_id_has_privkey(*cert) &&
    108108                       !abac_id_has_privkey(id_cert->cert)) {
    109                abac_id_pass_privkey_from_id(id_cert->cert, cert);
     109               abac_id_pass_privkey_from_id(id_cert->cert, *cert);
    110110           }
    111         ret = ABAC_CERT_SUCCESS;
    112         goto error;
    113     }
    114 
    115     ret = abac_id_still_valid(cert);
     111        /* free the new one and set the ptr to dup of old */
     112        abac_id_free(*cert);
     113        *cert=abac_id_dup(id_cert->cert);
     114        ret = ABAC_CERT_SUCCESS;
     115        goto error;
     116    }
     117
     118    ret = abac_id_still_valid(*cert);
    116119    if (!ret) {
    117120        ret = ABAC_CERT_INVALID;
     
    122125    id_cert = abac_xmalloc(sizeof(abac_id_cert_t));
    123126    id_cert->keyid = abac_xstrdup(keyid);
    124     id_cert->cert = cert;
     127    id_cert->cert = *cert;
    125128    abac_list_add(id_certs, id_cert);
    126129    /* Add the new id and issuer to the keyid <-> name map */
    127     if ( km && keyid && cert ) {
    128         if ( (nick= abac_id_issuer(cert)) ) {
     130    if ( km && keyid && *cert ) {
     131        if ( (nick= abac_id_issuer(*cert)) ) {
    129132            /* If the issuer starts with /CN=, as many do,
    130133             * trim the /CN= off */
     
    142145error:
    143146    // No one owns cert, so delete it.
    144     if (cert != NULL) free(cert);
    145     if (keyid != NULL) free(keyid);
     147    if (*cert != NULL) abac_id_free(*cert);
     148
    146149    return ret;
    147150}
     
    165168        return ABAC_CERT_INVALID;
    166169
    167     return _load_id(id_certs,cert, km);
     170    return _load_id(id_certs,&cert, km);
    168171}
    169172
     
    179182    if (cert == NULL)
    180183        return ABAC_CERT_INVALID;
    181     return _load_id(id_certs,cert, km);
     184
     185    return _load_id(id_certs,&cert, km);
    182186}
    183187
    184188/**
    185189 * Load an ID cert from a char ptr of a X509 pem data
    186  * this is called from parse_privilege(..)
     190 * this is called from parse_privilege/parse_abac
    187191 */
    188192int abac_verifier_load_id_chars(abac_list_t *id_certs,char *naked_pem,
     
    194198    char *pem=make_pem_from_naked_pem(new_naked_pem);
    195199    int len=strlen(pem);
     200    free(new_naked_pem);
     201
    196202    abac_chunk_t chunk = { pem, len };
    197     free(new_naked_pem);
    198     return abac_verifier_load_id_chunk(id_certs,chunk, km);
     203    int rc=abac_verifier_load_id_chunk(id_certs,chunk, km);
     204/* ??? MEI */
     205    abac_chunk_free(chunk);
     206    return rc;
     207   
    199208}
    200209/**
     
    269278    cred->tail = tail_role;
    270279    cred->cert = cert;
     280
    271281    /* acme's cert */
    272282    cred->issuer = abac_id_dup(issuer->cert);
     
    274284    *cred_ret = cred;
    275285
     286    free(attr_string);
     287
    276288    return ABAC_CERT_SUCCESS;
    277289
    278290error:
     291    free(attr_string);
    279292    if (head_role != NULL) abac_role_free(head_role);
    280293    if (tail_role != NULL) abac_role_free(tail_role);
     
    291304    if(sz) {
    292305        abac_list_foreach(attr_list, attr,
     306            /* attr is being used to build cred_ret, so, don't remove it */
    293307            int ret=_load_attribute_cert(id_certs, attr, &cred_ret, km);
    294308            if(ret==ABAC_CERT_SUCCESS) {
     
    297311        );
    298312    }
     313/* ??? MEI, attr is being reused, just free the list ptr */
     314    abac_list_free(attr_list);
    299315    return sz;
    300316}
Note: See TracChangeset for help on using the changeset viewer.