diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-05-27 19:55:45 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-05-27 19:55:45 +0000 |
commit | a8b1581a7df11ac9681b3d8829efe313ebe278fd (patch) | |
tree | b0650bdf163b72e7a64313948f752060a9d3d550 | |
parent | 70fa28d5394aa15ffefe2abda296069b161271fb (diff) | |
download | pki-a8b1581a7df11ac9681b3d8829efe313ebe278fd.tar.gz pki-a8b1581a7df11ac9681b3d8829efe313ebe278fd.tar.xz pki-a8b1581a7df11ac9681b3d8829efe313ebe278fd.zip |
Bugzilla Bug #499493 - run tps under valgrind
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@500 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
-rw-r--r-- | pki/base/tps/src/authentication/LDAP_Authentication.cpp | 7 | ||||
-rw-r--r-- | pki/base/tps/src/cms/CertEnroll.cpp | 19 | ||||
-rw-r--r-- | pki/base/tps/src/engine/RA.cpp | 61 | ||||
-rw-r--r-- | pki/base/tps/src/include/engine/RA.h | 1 | ||||
-rw-r--r-- | pki/base/tps/src/modules/tokendb/mod_tokendb.cpp | 50 | ||||
-rw-r--r-- | pki/base/tps/src/modules/tps/AP_Session.cpp | 41 | ||||
-rw-r--r-- | pki/base/tps/src/msg/RA_Extended_Login_Response_Msg.cpp | 4 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Enroll_Processor.cpp | 65 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Format_Processor.cpp | 49 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp | 28 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Processor.cpp | 13 | ||||
-rw-r--r-- | pki/base/tps/src/tus/tus_db.c | 12 | ||||
-rw-r--r-- | pki/dogtag/tps/pki-tps.spec | 4 |
13 files changed, 298 insertions, 56 deletions
diff --git a/pki/base/tps/src/authentication/LDAP_Authentication.cpp b/pki/base/tps/src/authentication/LDAP_Authentication.cpp index c0678f3e..da32898c 100644 --- a/pki/base/tps/src/authentication/LDAP_Authentication.cpp +++ b/pki/base/tps/src/authentication/LDAP_Authentication.cpp @@ -227,10 +227,15 @@ RA::Debug("LDAP_Authentication::Authenticate", "User bind required '%s' '(sensit v = ldap_get_values(ld, e, token); if (v != NULL) { RA::Debug("LDAP_Authentication::Authenticate", "Exposed %s=%s", token, v[0]); - params->Add(token, v[0]); + params->Add(token, PL_strdup(v[0])); RA::Debug("LDAP_Authentication::Authenticate", "Size %d", params->Size()); } token = strtok( NULL, "," ); + if( v != NULL ) { + ldap_value_free( v ); + v = NULL; + } + } free(m_dup_attributes); } diff --git a/pki/base/tps/src/cms/CertEnroll.cpp b/pki/base/tps/src/cms/CertEnroll.cpp index 7a2356fb..7b9a1d79 100644 --- a/pki/base/tps/src/cms/CertEnroll.cpp +++ b/pki/base/tps/src/cms/CertEnroll.cpp @@ -94,11 +94,16 @@ TOKENDB_PUBLIC int CertEnroll::RevokeCertificate(const char *reason, const char if (num != 0) { char *q = strstr(p, "error="); q = q+6; - o_status = q; + o_status = PL_strdup(q); RA::Debug("CertEnroll::RevokeCertificate", "status string=%s", q); } if (resp != NULL) { - delete resp; + if (content != NULL) { + resp->freeContent(); + content = NULL; + } + delete resp; + resp = NULL; } return num; } @@ -123,9 +128,17 @@ TOKENDB_PUBLIC int CertEnroll::UnrevokeCertificate(const char *serialno, const c if (num != 0) { char *q = strstr(p, "error="); q = q+6; - o_status = q; + o_status = PL_strdup(q); RA::Debug("CertEnroll::UnrevokeCertificate", "status string=%s", q); } + if (resp != NULL) { + if (content != NULL) { + resp->freeContent(); + content = NULL; + } + delete resp; + resp = NULL; + } return num; } diff --git a/pki/base/tps/src/engine/RA.cpp b/pki/base/tps/src/engine/RA.cpp index 36aa256b..e82c1643 100644 --- a/pki/base/tps/src/engine/RA.cpp +++ b/pki/base/tps/src/engine/RA.cpp @@ -172,6 +172,14 @@ RA::RA () */ RA::~RA () { + do_free(m_signedAuditSelectedEvents); + do_free(m_signedAuditSelectableEvents); + do_free(m_signedAuditNonSelectableEvents); + + if (m_cfg != NULL) { + delete m_cfg; + m_cfg = NULL; + } } TPS_PUBLIC ConfigStore *RA::GetConfigStore() @@ -184,6 +192,14 @@ PRLock *RA::GetVerifyLock() return m_verify_lock; } +void RA::do_free(char *p) +{ + if (p != NULL) { + PR_Free(p); + p = NULL; + } +} + int RA::InitializeSignedAudit() { // cfu @@ -502,18 +518,21 @@ loser: } int RA::testTokendb() { - // try to see if we can talk to the database - int st = 0; - LDAPMessage *ldapResult = NULL; - const char * filter = "(cn=0000000000080000*)"; - - if ((st = find_tus_db_entries(filter, 0, &ldapResult)) != LDAP_SUCCESS) { - RA::Debug("RA::testing", "response from token DB failed"); - } else { - RA::Debug("RA::testing", "response from token DB succeeded"); - } + // try to see if we can talk to the database + int st = 0; + LDAPMessage *ldapResult = NULL; + const char * filter = "(cn=0000000000080000*)"; - return st; + if ((st = find_tus_db_entries(filter, 0, &ldapResult)) != LDAP_SUCCESS) { + RA::Debug("RA::testing", "response from token DB failed"); + } else { + RA::Debug("RA::testing", "response from token DB succeeded"); + } + if (ldapResult != NULL) { + ldap_msgfree(ldapResult); + } + + return st; } /* @@ -939,6 +958,9 @@ void RA::RecoverKey(RA_Session *session, const char* cuid, else { status_s = status_b->string(); status = atoi(status_s); + if (status_s != NULL) { + PR_Free(status_s); + } } @@ -1151,6 +1173,9 @@ void RA::ServerSideKeyGen(RA_Session *session, const char* cuid, } else { status_s = status_b->string(); status = atoi(status_s); + if (status_s != NULL) { + PR_Free(status_s); + } } char * tmp = NULL; @@ -1349,6 +1374,9 @@ PK11SymKey *RA::ComputeSessionKey(RA_Session *session, else { status_s = status_b->string(); status = atoi(status_s); + if (status_s != NULL) { + PR_Free(status_s); + } } sessionKey_s = ra_pb->find_val_s(TKS_RESPONSE_SessionKey); @@ -1776,11 +1804,11 @@ void RA::AuditThis (RA_Log_Level level, const char *func_name, const char *fmt, } loser: + if (audit_msg) + PR_Free(audit_msg); if (m_audit_signed==true) { if (sign_ctxt) SGN_DestroyContext(sign_ctxt, PR_TRUE); - if (audit_msg) - PR_Free(audit_msg); if (sig_b64) PR_Free(sig_b64); if (out_sig_b64) @@ -2401,7 +2429,7 @@ int RA::tdb_update_certificates(char* cuid, char **tokentypes, char *userid, CER int i = 0; if ((rc = find_tus_db_entry(cuid, 0, &ldapResult)) != LDAP_SUCCESS) { - return rc; + goto loser; } /* update certificates */ @@ -2448,7 +2476,10 @@ int RA::tdb_update_certificates(char* cuid, char **tokentypes, char *userid, CER ktypes[i], "active"); } } - +loser: + if (ldapResult != NULL) { + ldap_msgfree(ldapResult); + } return rc; } diff --git a/pki/base/tps/src/include/engine/RA.h b/pki/base/tps/src/include/engine/RA.h index 29d00365..c18acace 100644 --- a/pki/base/tps/src/include/engine/RA.h +++ b/pki/base/tps/src/include/engine/RA.h @@ -148,6 +148,7 @@ class RA static void AuditThis(RA_Log_Level level, const char *func_name, const char *fmt, va_list ap); static void ErrorThis(RA_Log_Level level, const char *func_name, const char *fmt, va_list ap); static void DebugThis(RA_Log_Level level, const char *func_name, const char *fmt, va_list ap); + static void do_free(char *s); public: static int InitializeTokendb(char *cfg_path); static int InitializeSignedAudit(); diff --git a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp index f5627234..604f7bc4 100644 --- a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp +++ b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp @@ -1156,8 +1156,6 @@ LDAPMod **getModifications( char *query ) return NULL; } - mods = allocate_modifications( n ); - if( ( v = create_modification_date_change() ) == NULL ) { if( mods != NULL ) { free_modifications( mods, 0 ); @@ -2569,7 +2567,7 @@ mod_tokendb_handler( request_rec *rq ) char tokenType[512]; apr_table_t *post = NULL; /* used for POST data */ - char *statusString; + char *statusString = NULL; char *s1, *s2; char *end; char **attr_values; @@ -2678,10 +2676,6 @@ mod_tokendb_handler( request_rec *rq ) is_admin = tus_authorize(TOKENDB_ADMINISTRATORS_IDENTIFIER, userid); is_agent = tus_authorize(TOKENDB_AGENTS_IDENTIFIER, userid); is_operator = tus_authorize(TOKENDB_OPERATORS_IDENTIFIER, userid); - auth_filter = get_authorized_profiles(userid, is_admin); - - tokendbDebug("auth_filter"); - tokendbDebug(auth_filter); if( rq->uri != NULL ) { uri = PL_strdup( rq->uri ); @@ -2839,6 +2833,11 @@ mod_tokendb_handler( request_rec *rq ) } } + if( result != NULL ) { + ldap_msgfree( result ); + } + + /* Is this token physically damaged */ if( q == 1 ) { @@ -2922,6 +2921,7 @@ mod_tokendb_handler( request_rec *rq ) PL_strfree( attr_cn ); attr_cn = NULL; } + do_free(statusString); } if( attr_status != NULL ) { @@ -2948,6 +2948,12 @@ mod_tokendb_handler( request_rec *rq ) if( result != NULL ) { ldap_msgfree( result ); } + + if( certEnroll != NULL ) { + delete certEnroll; + certEnroll = NULL; + } + } /* change the tokenStatus to lost (reason: destroyed). */ @@ -3092,6 +3098,7 @@ mod_tokendb_handler( request_rec *rq ) PL_strfree( attr_cn ); attr_cn = NULL; } + do_free(statusString); } if( attr_status != NULL ) { @@ -3118,6 +3125,11 @@ mod_tokendb_handler( request_rec *rq ) if( result != NULL ) { ldap_msgfree( result ); } + + if( certEnroll != NULL ) { + delete certEnroll; + certEnroll = NULL; + } } /* revoke all the certs on the token. make http connection to CA */ @@ -3262,6 +3274,8 @@ mod_tokendb_handler( request_rec *rq ) RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); update_cert_status( attr_cn, "revoked" ); } + + do_free(statusString); } if( attr_status != NULL ) { @@ -3288,6 +3302,12 @@ mod_tokendb_handler( request_rec *rq ) if (result != NULL) { ldap_msgfree( result ); } + + if( certEnroll != NULL ) { + delete certEnroll; + certEnroll = NULL; + } + } rc = update_token_status_reason( cuidUserId, cuid, @@ -3412,6 +3432,8 @@ mod_tokendb_handler( request_rec *rq ) PL_strfree( attr_cn ); attr_cn = NULL; } + + do_free(statusString); } if( attr_serial != NULL ) { @@ -3542,6 +3564,7 @@ mod_tokendb_handler( request_rec *rq ) UnrevokeCertificate( serial, connid, statusString ); + do_free(statusString); } if( statusNum == 0 ) { @@ -3550,6 +3573,7 @@ mod_tokendb_handler( request_rec *rq ) serial, connid, statusString ); + do_free(statusString); } if( strcmp( revokeReason, "6" ) == 0 ) { @@ -3881,6 +3905,12 @@ mod_tokendb_handler( request_rec *rq ) } else { getFilter( filter, query ); } + + auth_filter = get_authorized_profiles(userid, is_admin); + + tokendbDebug("auth_filter"); + tokendbDebug(auth_filter); + char *complete_filter = add_profile_filter(filter, auth_filter); do_free(auth_filter); @@ -4539,7 +4569,9 @@ mod_tokendb_handler( request_rec *rq ) do_free(opAdmin); // save profile details - int nProfiles = atoi (get_post_field(post, "nProfiles", SHORT_LEN)); + char *nProfileStr = get_post_field(post, "nProfiles", SHORT_LEN); + int nProfiles = atoi (nProfileStr); + do_free(nProfileStr); for (int i=0; i< nProfiles; i++) { char p_name[256]; @@ -5116,7 +5148,7 @@ mod_tokendb_handler( request_rec *rq ) do_free(buf); } - + do_free(userid); do_free(uri); do_free(query); diff --git a/pki/base/tps/src/modules/tps/AP_Session.cpp b/pki/base/tps/src/modules/tps/AP_Session.cpp index ff33330b..02bff2ba 100644 --- a/pki/base/tps/src/modules/tps/AP_Session.cpp +++ b/pki/base/tps/src/modules/tps/AP_Session.cpp @@ -53,6 +53,7 @@ extern "C" #include "msg/RA_Status_Update_Response_Msg.h" #include "modules/tps/AP_Session.h" #include "main/Memory.h" +#include "apr_strings.h" /** * http parameters used in the protocol @@ -247,7 +248,7 @@ char *stripEmptyArgs( char *data ) } -int pblock_str2pblock( char *n_data, apr_array_header_t *tm_pblock ) +int pblock_str2pblock( char *n_data, apr_array_header_t *tm_pblock , request_rec *rec) { int element = 0; @@ -275,9 +276,9 @@ int pblock_str2pblock( char *n_data, apr_array_header_t *tm_pblock ) /* store the name/value pair as an entry in the pblock array */ ( ( apr_table_entry_t * ) tm_pblock->elts )[element].key = - PL_strdup(name); + apr_pstrdup(rec->pool, name); ( ( apr_table_entry_t * ) tm_pblock->elts )[element].val = - PL_strdup(value); + apr_pstrdup(rec->pool, value); /* increment the entry to the pblock array */ element++; @@ -362,7 +363,7 @@ RA_pblock *AP_Session::create_pblock( char *data ) return NULL; } - int tm_nargs = pblock_str2pblock( n_data, tm_pblock ); + int tm_nargs = pblock_str2pblock( n_data, tm_pblock , m_rq); apr_table_entry_t *pe = NULL; RA::Debug( LL_PER_PDU, @@ -605,6 +606,7 @@ RA_Msg *AP_Session::ReadMsg() { char *name = NULL; Buffer* value = NULL; + char *bufferStr = NULL; AuthParams *params = new AuthParams(); int i; @@ -618,8 +620,13 @@ RA_Msg *AP_Session::ReadMsg() name = ra_pb->get_name( i ); if( name != NULL ) { value = ra_pb->find_val( ( const char * ) name ); + bufferStr = value->string(); if( value != NULL ) { - params->Add( name, value->string() ); + params->Add( name, bufferStr ); + } + if (bufferStr != NULL) { + PR_Free(bufferStr); + bufferStr = NULL; } } } @@ -947,18 +954,34 @@ void AP_Session::WriteMsg( RA_Msg *msg ) int invalid_password = login_request_msg->IsInvalidPassword(); int is_blocked = login_request_msg->IsBlocked(); + char *title = Util::URLEncode( login_request_msg->GetTitle() ); + char *desc = Util::URLEncode( login_request_msg->GetDescription() ); + sprintf( msgbuf, "%s=%d&%s=%d&%s=%d&%s=%s&%s=%s", PARAM_MSG_TYPE, MSG_EXTENDED_LOGIN_REQUEST, "invalid_login", invalid_password, PARAM_BLOCKED, is_blocked, - "title", Util::URLEncode( login_request_msg->GetTitle() ), - "description", - Util::URLEncode( login_request_msg->GetDescription() ) ); + "title", title, + "description", desc); + if (title != NULL) { + PR_Free(title); + title = NULL; + } + + if (desc != NULL) { + PR_Free(desc); + desc = NULL; + } for( int i = 0; i < login_request_msg->GetLen(); i++ ) { char *p = login_request_msg->GetParam( i ); + char *encp = Util::URLEncode1( p ); sprintf( msgbuf, "%s&required_parameter%d=%s", - msgbuf, i, Util::URLEncode1( p ) ); + msgbuf, i, encp ); + if (encp != NULL) { + PR_Free(encp); + encp = NULL; + } } CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE ); diff --git a/pki/base/tps/src/msg/RA_Extended_Login_Response_Msg.cpp b/pki/base/tps/src/msg/RA_Extended_Login_Response_Msg.cpp index dca44a98..f1d66b55 100644 --- a/pki/base/tps/src/msg/RA_Extended_Login_Response_Msg.cpp +++ b/pki/base/tps/src/msg/RA_Extended_Login_Response_Msg.cpp @@ -41,6 +41,10 @@ TPS_PUBLIC RA_Extended_Login_Response_Msg::RA_Extended_Login_Response_Msg (AuthP */ TPS_PUBLIC RA_Extended_Login_Response_Msg::~RA_Extended_Login_Response_Msg () { + if( m_params != NULL ) { + delete m_params; + m_params = NULL; + } } /** diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp index 36138889..a37261f6 100644 --- a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp @@ -553,8 +553,8 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi RA::Debug("DoEnrollment", msg); } free(cert_string); - ktypes[index] = strdup(keyType); - origins[index] = strdup(cuid); + ktypes[index] = PL_strdup(keyType); + origins[index] = PL_strdup(cuid); if (serverKeygen) { //do PKCS#8 @@ -868,7 +868,14 @@ loser: PR_Free( (char *) pretty_cuid ); pretty_cuid = NULL; } - + if (pk_p != NULL) { + if (serverKeygen) { + SECKEY_DestroyPublicKey(pk_p); + } else { + free(pk_p); + } + pk_p = NULL; + } return status; } @@ -1277,6 +1284,28 @@ bool RA_Enroll_Processor::RequestUserId( char *description = PL_strdup(entry->GetAuthentication()->GetDescription(locale)); RA::Debug("RA_Enroll_Processor::RequestUserId", "description=%s", description); o_login = RequestExtendedLogin(a_session, 0 /* invalid_pw */, 0 /* blocked */, params, n, title, description); + + if (params != NULL) { + for (int nn=0; nn < n; nn++) { + if (params[nn] != NULL) { + PL_strfree(params[nn]); + params[nn] = NULL; + } + } + free(params); + params = NULL; + } + + if (title != NULL) { + PL_strfree(title); + title = NULL; + } + + if (description != NULL) { + PL_strfree(description); + description = NULL; + } + if (o_login == NULL) { RA::Error("RA_Enroll_Processor::Process", "login not provided"); @@ -2263,6 +2292,11 @@ op.enroll.certificates.caCert.label=caCert Label RA::Debug("RA_Enroll_Processor", "Set Issuer Info %s", issuer_val); Buffer *info = new Buffer((BYTE*)issuer, 224); rc = channel->SetIssuerInfo(info); + + if (info != NULL) { + delete info; + info = NULL; + } } } /* write lifecycle bit */ @@ -2330,6 +2364,7 @@ loser: tokenTypes[nn] = NULL; } free(tokenTypes); + tokenTypes = NULL; } if (certificates != NULL) { RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "before CERT_DestroyCertificate"); @@ -2348,7 +2383,23 @@ loser: } if (ktypes != NULL) { + for (int nn=0; nn < o_certNums; nn++) { + if (ktypes[nn] != NULL) + PL_strfree(ktypes[nn]); + ktypes[nn] = NULL; + } free(ktypes); + ktypes = NULL; + } + + if (origins != NULL) { + for (int nn=0; nn < o_certNums; nn++) { + if (origins[nn] != NULL) + PL_strfree(origins[nn]); + origins[nn] = NULL; + } + free(origins); + origins = NULL; } if( CardManagerAID != NULL ) { @@ -2387,12 +2438,12 @@ loser: delete token_status; token_status = NULL; } - /* + if( final_applet_version != NULL ) { PR_Free( (char *) final_applet_version ); final_applet_version = NULL; } - */ + if( appletVersion != NULL ) { PR_Free( (char *) appletVersion ); appletVersion = NULL; @@ -3612,12 +3663,12 @@ RA::Debug("RA_Enroll_Processor::ProcessRecovery", "keyType == %s ", keyTypeValue RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", " keyid, modulus and exponent are retrieved"); - ktypes[i] = strdup(keyTypeValue); + ktypes[i] = PL_strdup(keyTypeValue); // We now store the token id of the original token // that generates this certificate so we can // tell if the certificate should be operated // on or not during formation operation - origins[i] = strdup(lostTokenCUID); + origins[i] = PL_strdup(lostTokenCUID); certificates[i] = certs[0]; diff --git a/pki/base/tps/src/processor/RA_Format_Processor.cpp b/pki/base/tps/src/processor/RA_Format_Processor.cpp index b9ded0c8..dda751dd 100644 --- a/pki/base/tps/src/processor/RA_Format_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Format_Processor.cpp @@ -253,6 +253,10 @@ TPS_PUBLIC RA_Status RA_Format_Processor::Process(RA_Session *session, NameValue "%x.%x.%s", app_major_version, app_minor_version, buildid); appletVersion = strdup(version); + if (buildid != NULL) { + PR_Free(buildid); + buildid=NULL; + } } final_applet_version = strdup(appletVersion); @@ -328,7 +332,29 @@ locale), char *description = PL_strdup(entry->GetAuthentication()->GetDescription(locale)); RA::Debug("RA_Enroll_Processor::RequestUserId", "description=%s", description); login = RequestExtendedLogin(session, 0 /* invalid_pw */, 0 /* blocked */, params, n, title, description); - + + if (params != NULL) { + for (int nn=0; nn < n; nn++) { + if (params[nn] != NULL) { + PL_strfree(params[nn]); + params[nn] = NULL; + } + } + free(params); + params = NULL; + } + + if (title != NULL) { + PL_strfree(title); + title = NULL; + } + + if (description != NULL) { + PL_strfree(description); + description = NULL; + } + + RA::Debug("RA_Enroll_Processor::RequestUserId", "Extended Login Request detected calling RequestExtendedLogin() login=%x", login); } else { @@ -487,6 +513,12 @@ locale), RA::Audit(EV_UPGRADE, "op='applet_upgrade' app_ver='%s' new_app_ver='%s'", appletVersion, expected_version); + + if( final_applet_version != NULL ) { + PR_Free( (char *) final_applet_version ); + final_applet_version = NULL; + } + final_applet_version = expected_version; if (extensions != NULL && @@ -517,6 +549,11 @@ locale), RA::Debug("RA_Format_Processor", "Set Issuer Info %s", issuer_val); Buffer *info = new Buffer((BYTE*)issuer, 224); rc = channel->SetIssuerInfo(info); + + if (info != NULL) { + delete info; + info = NULL; + } } } @@ -745,6 +782,10 @@ locale), PL_strfree(attr_cn); attr_cn = NULL; } + if (statusString != NULL) { + PR_Free(statusString); + statusString = NULL; + } } } if (result != NULL) @@ -838,12 +879,10 @@ loser: PR_Free( (char *) appletVersion ); appletVersion = NULL; } - /* if( final_applet_version != NULL ) { PR_Free( (char *) final_applet_version ); final_applet_version = NULL; } - */ if( userid != NULL ) { PR_Free( (char *) userid ); userid = NULL; @@ -860,6 +899,10 @@ loser: delete authParams; authParams = NULL; } + if( login != NULL ) { + delete login; + login = NULL; + } #ifdef MEM_PROFILING MEM_dump_unfree(); diff --git a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp index f5c79fb7..e5db2b30 100644 --- a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp @@ -232,6 +232,10 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa "%x.%x.%s", app_major_version, app_minor_version, buildid); appletVersion = strdup(version); + if (buildid != NULL) { + PR_Free(buildid); + buildid = NULL; + } } final_applet_version = strdup(appletVersion); @@ -454,6 +458,28 @@ locale), RA::Debug("RA_Enroll_Processor::RequestUserId", "Extended Login Request detected calling RequestExtendedLogin() login=%x", login); + + if (params != NULL) { + for (int nn=0; nn < n; nn++) { + if (params[nn] != NULL) { + PL_strfree(params[nn]); + params[nn] = NULL; + } + } + free(params); + params = NULL; + } + + if (title != NULL) { + PL_strfree(title); + title = NULL; + } + + if (description != NULL) { + PL_strfree(description); + description = NULL; + } + } else { login = RequestLogin(session, 0 /* invalid_pw */, 0 /* blocked */); } @@ -751,12 +777,10 @@ loser: PR_Free( (char *) appletVersion ); appletVersion = NULL; } - /* if( final_applet_version != NULL ) { PR_Free( (char *) final_applet_version ); final_applet_version = NULL; } - */ if( keyVersion != NULL ) { PR_Free( (char *) keyVersion ); keyVersion = NULL; diff --git a/pki/base/tps/src/processor/RA_Processor.cpp b/pki/base/tps/src/processor/RA_Processor.cpp index f5128f57..6122a5ca 100644 --- a/pki/base/tps/src/processor/RA_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Processor.cpp @@ -851,12 +851,18 @@ bool RA_Processor::GetTokenType(const char *prefix, int major_version, int minor int RA_Processor::SelectCardManager(RA_Session *session, char *prefix, char *tokenType) { char configname[256]; + int rc; PR_snprintf((char *)configname, 256, "%s.%s.cardmgr_instance", prefix, tokenType); const char *cardmgr_instance = RA::GetConfigStore()->GetConfigAsString(configname); Buffer *CardManagerAID = RA::GetConfigStore()->GetConfigAsBuffer( cardmgr_instance, RA::CFG_DEF_CARDMGR_INSTANCE_AID); - return SelectApplet(session, 0x04, 0x00, CardManagerAID); + rc = SelectApplet(session, 0x04, 0x00, CardManagerAID); + if( CardManagerAID != NULL ) { + delete CardManagerAID; + CardManagerAID = NULL; + } + return rc; } /** @@ -2098,6 +2104,11 @@ int RA_Processor::EncryptData(Buffer &CUID, Buffer &version, Buffer &in, Buffer data = Util::SpecialURLEncode(in); else RA::Debug(LL_PER_PDU, "RA_Processor::EncryptData","Challenge to be generated on TKS"); + + if (zerob != NULL) { + delete zerob; + } + char *cuid = Util::SpecialURLEncode(CUID); char *versionID = Util::SpecialURLEncode(version); diff --git a/pki/base/tps/src/tus/tus_db.c b/pki/base/tps/src/tus/tus_db.c index 5984bbad..5fa5c898 100644 --- a/pki/base/tps/src/tus/tus_db.c +++ b/pki/base/tps/src/tus/tus_db.c @@ -3286,10 +3286,11 @@ char **get_attribute_values(LDAPMessage *entry, const char *attribute) ret = (char **) malloc ((sizeof (char *) * c) + 1); c = 0; for (i = 0; bvals[i] != NULL; i++ ) { - cert = CERT_DecodeCertFromPackage((char *) bvals[i]->bv_val, (int) - ( bvals[i]->bv_len ) ); - sprintf(buffer, "%s", BTOA_DataToAscii((unsigned char *)bvals[i]->bv_val, - (int)bvals[i]->bv_len)); + char *tmp = BTOA_DataToAscii((unsigned char *)bvals[i]->bv_val, + (int)bvals[i]->bv_len); + sprintf(buffer, "%s", tmp); + PORT_Free(tmp); + /* remove \r\n that javascript does not like */ for (j = 0; j < strlen(buffer); j++) { if (buffer[j] == '\r') { @@ -3303,7 +3304,8 @@ char **get_attribute_values(LDAPMessage *entry, const char *attribute) c++; } if (bvals != NULL) { - free_values(bvals, 1); + ldap_value_free_len(bvals); + bvals = NULL; } ret[c] = NULL; return ret; diff --git a/pki/dogtag/tps/pki-tps.spec b/pki/dogtag/tps/pki-tps.spec index 86d60382..0bdd072a 100644 --- a/pki/dogtag/tps/pki-tps.spec +++ b/pki/dogtag/tps/pki-tps.spec @@ -34,7 +34,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.1.0 -%define base_release 22 +%define base_release 23 %define base_group System Environment/Daemons %define base_vendor Red Hat, Inc. %define base_license LGPLv2 with exceptions @@ -313,6 +313,8 @@ fi ############################################################################### %changelog +* Wed May 27 2009 Ade Lee <alee@redhat.com> 1.1.0-23 +- Bugzilla Bug #499493 - run tps under valgrind * Tue May 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-22 - Bugzilla Bug #502398 - Restore Configuration Logging Capabilities to RA and TPS |