[GIT PULL] Fix resource leaks and other minor issues

Kevin Cernekee cernekee at gmail.com
Wed Mar 19 00:36:19 EDT 2014


Most of these changes (particularly the ones on error paths) are
compile-tested only.

Other outstanding items from the Coverity scan:

openconnect_obtain_cookie() still has a few potential leaks on error
paths, e.g. involving orig_*.  It might be best to split steps 1-3 (?)
into their own function which can free its own resources.  But this is
not something I want to touch before 6.00 is out.

start_cstp_connection() has a couple of possible strcmp(foo, NULL)
comparisons if various IP-related headers are missing.  Also, the
behavior gets a little weird for cases like "Reconnect gave different
Legacy IP address" because it already overwrote the good address with
the bad address.  Maybe what we really want to do is leverage the new
ip_info struct to maintain parallel copies of the new and old info, then
overwrite vpninfo->ip_info with the new info only after it has been
validated.

There are a number of unchecked return values for things like
setsockopt() and fcntl().  Not sure if they are worth fixing.


The following changes since commit a812940474a42dfa71a4748fd99ceddf425ccb99:

  Import translations from GNOME (2014-03-16 09:09:21 +0000)

are available in the git repository at:

  git://github.com/cernekee/openconnect coverity-20140318

for you to fetch changes up to c0246ffe7befcf5504170e48b717fff9199aa4e9:

  dtls: Free OpenSSL contexts when the library instance is freed (2014-03-18 20:52:43 -0700)

----------------------------------------------------------------
Kevin Cernekee (11):
      gnutls: Fix double free() prompting for passphrase
      http: fetch_config() argument names are swapped
      xml: Make sure the config file descriptor gets closed on all error paths
      http: Don't leak the auth form when handling <client-cert-request>
      http: Don't leak form_path on error
      tun: Don't leak tun_fd on ioctl errors
      gnutls: Fix inverted return value check in GnuTLS 2.12 compatibility code
      cstp: Fix misplaced parentheses
      jni: Fix a couple of leaked strings
      dtls: Add missing dtls_reconnect() stub for !HAVE_DTLS case
      dtls: Free OpenSSL contexts when the library instance is freed

 cstp.c                 |    2 +-
 dtls.c                 |   21 +++++++++++++++++++++
 gnutls.c               |    3 ++-
 http.c                 |   11 +++++++----
 jni.c                  |    5 +++++
 library.c              |    2 +-
 openconnect-internal.h |    1 +
 tun.c                  |    2 ++
 xml.c                  |   16 +++++++++-------
 9 files changed, 49 insertions(+), 14 deletions(-)

-- 
1.7.9.5




More information about the openconnect-devel mailing list