Skip to content

Commit a17d236

Browse files
Chenjpmarkt-asf
Chenjp
authored and
markt-asf
committed
Centralize cleanup
Avoid sslconf mem-leak with tcn_throw ex, which is unlikely to happen in real world.
1 parent 019a79a commit a17d236

1 file changed

Lines changed: 39 additions & 34 deletions

File tree

native/src/sslconf.c

Lines changed: 39 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -153,26 +153,25 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, check)(TCN_STDARGS, jlong cctx,
153153
TCN_ASSERT(c->cctx != 0);
154154
if (!J2S(cmd)) {
155155
tcn_Throw(e, "Can not check null SSL_CONF command");
156-
return SSL_THROW_RETURN;
156+
rc = SSL_THROW_RETURN;
157+
goto cleanup;
157158
}
158159
if (!strcmp(J2S(cmd), "NO_OCSP_CHECK")) {
159160
if (!strcasecmp(J2S(value), "false"))
160161
c->no_ocsp_check = 0;
161162
else
162163
c->no_ocsp_check = 1;
163-
TCN_FREE_CSTRING(cmd);
164-
TCN_FREE_CSTRING(value);
165-
return 1;
164+
rc = 1;
165+
goto cleanup;
166166
}
167167

168168
if (!strcmp(J2S(cmd), "OCSP_SOFT_FAIL")) {
169169
if (!strcasecmp(J2S(value), "false"))
170170
c->ocsp_soft_fail = 0;
171171
else
172172
c->ocsp_soft_fail = 1;
173-
TCN_FREE_CSTRING(cmd);
174-
TCN_FREE_CSTRING(value);
175-
return 1;
173+
rc = 1;
174+
goto cleanup;
176175
}
177176

178177
if (!strcmp(J2S(cmd), "OCSP_TIMEOUT")) {
@@ -183,9 +182,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, check)(TCN_STDARGS, jlong cctx,
183182
// Tomcat configures timeout is millisecond. APR uses microseconds.
184183
c->ocsp_timeout = i * 1000;
185184
}
186-
TCN_FREE_CSTRING(cmd);
187-
TCN_FREE_CSTRING(value);
188-
return 1;
185+
rc = 1;
186+
goto cleanup;
189187
}
190188

191189
if (!strcmp(J2S(cmd), "OCSP_VERIFY_FLAGS")) {
@@ -195,9 +193,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, check)(TCN_STDARGS, jlong cctx,
195193
if (!errno) {
196194
c->ocsp_verify_flags = i;
197195
}
198-
TCN_FREE_CSTRING(cmd);
199-
TCN_FREE_CSTRING(value);
200-
return 1;
196+
rc = 1;
197+
goto cleanup;
201198
}
202199

203200
SSL_ERR_clear();
@@ -207,35 +204,42 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, check)(TCN_STDARGS, jlong cctx,
207204
char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
208205
ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH);
209206
tcn_Throw(e, "Could not determine SSL_CONF command type for '%s' (%s)", J2S(cmd), err);
210-
return 0;
207+
rc = 0;
208+
goto cleanup;
211209
}
212210

213211
if (value_type == SSL_CONF_TYPE_UNKNOWN) {
214212
tcn_Throw(e, "Invalid SSL_CONF command '%s', type unknown", J2S(cmd));
215-
return SSL_THROW_RETURN;
213+
rc = SSL_THROW_RETURN;
214+
goto cleanup;
216215
}
217216

218217
if (value_type == SSL_CONF_TYPE_FILE) {
219218
if (!J2S(value)) {
220219
tcn_Throw(e, "SSL_CONF command '%s' needs a non-empty file argument", J2S(cmd));
221-
return SSL_THROW_RETURN;
220+
rc = SSL_THROW_RETURN;
221+
goto cleanup;
222222
}
223223
if (check_file(c->pool, J2S(value))) {
224224
tcn_Throw(e, "SSL_CONF command '%s' file '%s' does not exist or is empty", J2S(cmd), J2S(value));
225-
return SSL_THROW_RETURN;
225+
rc = SSL_THROW_RETURN;
226+
goto cleanup;
226227
}
227228
}
228229
else if (value_type == SSL_CONF_TYPE_DIR) {
229230
if (!J2S(value)) {
230231
tcn_Throw(e, "SSL_CONF command '%s' needs a non-empty directory argument", J2S(cmd));
231-
return SSL_THROW_RETURN;
232+
rc = SSL_THROW_RETURN;
233+
goto cleanup;
232234
}
233235
if (check_dir(c->pool, J2S(value))) {
234236
tcn_Throw(e, "SSL_CONF command '%s' directory '%s' does not exist", J2S(cmd), J2S(value));
235-
return SSL_THROW_RETURN;
237+
rc = SSL_THROW_RETURN;
238+
goto cleanup;
236239
}
237240
}
238241

242+
cleanup:
239243
TCN_FREE_CSTRING(cmd);
240244
TCN_FREE_CSTRING(value);
241245
return rc;
@@ -277,7 +281,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong cctx,
277281
TCN_ASSERT(c->cctx != 0);
278282
if (!J2S(cmd)) {
279283
tcn_Throw(e, "Can not apply null SSL_CONF command");
280-
return SSL_THROW_RETURN;
284+
rc = SSL_THROW_RETURN;
285+
goto cleanup;
281286
}
282287
#ifndef HAVE_EXPORT_CIPHERS
283288
if (!strcmp(J2S(cmd), "CipherString")) {
@@ -289,7 +294,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong cctx,
289294
buf = malloc(len * sizeof(char));
290295
if (buf == NULL) {
291296
tcn_Throw(e, "Could not allocate memory to adjust cipher string");
292-
return SSL_THROW_RETURN;
297+
rc = SSL_THROW_RETURN;
298+
goto cleanup;
293299
}
294300
memcpy(buf, SSL_CIPHERS_ALWAYS_DISABLED, strlen(SSL_CIPHERS_ALWAYS_DISABLED));
295301
memcpy(buf + strlen(SSL_CIPHERS_ALWAYS_DISABLED), J2S(value), strlen(J2S(value)));
@@ -301,18 +307,16 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong cctx,
301307
c->no_ocsp_check = 0;
302308
else
303309
c->no_ocsp_check = 1;
304-
TCN_FREE_CSTRING(cmd);
305-
TCN_FREE_CSTRING(value);
306-
return 1;
310+
rc = 1;
311+
goto cleanup;
307312
}
308313
if (!strcmp(J2S(cmd), "OCSP_SOFT_FAIL")) {
309314
if (!strcasecmp(J2S(value), "false"))
310315
c->ocsp_soft_fail = 0;
311316
else
312317
c->ocsp_soft_fail = 1;
313-
TCN_FREE_CSTRING(cmd);
314-
TCN_FREE_CSTRING(value);
315-
return 1;
318+
rc = 1;
319+
goto cleanup;
316320
}
317321
if (!strcmp(J2S(cmd), "OCSP_TIMEOUT")) {
318322
int i;
@@ -322,9 +326,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong cctx,
322326
// Tomcat configures timeout is millisecond. APR uses microseconds.
323327
c->ocsp_timeout = i * 1000;
324328
}
325-
TCN_FREE_CSTRING(cmd);
326-
TCN_FREE_CSTRING(value);
327-
return 1;
329+
rc = 1;
330+
goto cleanup;
328331
}
329332
if (!strcmp(J2S(cmd), "OCSP_VERIFY_FLAGS")) {
330333
int i;
@@ -333,9 +336,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong cctx,
333336
if (!errno) {
334337
c->ocsp_verify_flags = i;
335338
}
336-
TCN_FREE_CSTRING(cmd);
337-
TCN_FREE_CSTRING(value);
338-
return 1;
339+
rc = 1;
340+
goto cleanup;
339341
}
340342
SSL_ERR_clear();
341343
rc = SSL_CONF_cmd(c->cctx, J2S(cmd), buf != NULL ? buf : J2S(value));
@@ -348,8 +350,11 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong cctx,
348350
} else {
349351
tcn_Throw(e, "Could not apply SSL_CONF command '%s' with value '%s'", J2S(cmd), buf != NULL ? buf : J2S(value));
350352
}
351-
return SSL_THROW_RETURN;
353+
rc = SSL_THROW_RETURN;
354+
goto cleanup;
352355
}
356+
357+
cleanup:
353358
#ifndef HAVE_EXPORT_CIPHERS
354359
if (buf != NULL) {
355360
free(buf);

0 commit comments

Comments
 (0)