Merge pull request #264 from qzhuyan/fix/william/proper-memleak

fix mem leaks with invalid TLS configs
emqx · Feb 22, 2024 · 5f1068f · 5f1068f
2 parents 09abe30 + f1bd83b
commit 5f1068f
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 8 deletions.
diff --git a/c_src/quicer_config.c b/c_src/quicer_config.c
@@ -310,7 +310,8 @@ ClientLoadConfiguration(ErlNifEnv *env,
   // If Verify Peer...
   if (!parse_verify_options(env, *options, &CredConfig, FALSE, NULL))
     {
-      return ERROR_TUPLE_2(ATOM_VERIFY);
+      ret = ATOM_VERIFY;
+      goto done;
     }
 
   unsigned alpn_buffer_length = 0;

diff --git a/c_src/quicer_connection.c b/c_src/quicer_connection.c
@@ -772,7 +772,11 @@ async_connect3(ErlNifEnv *env,
   if (!IS_SAME_TERM(ATOM_OK, estatus))
     {
       res = ERROR_TUPLE_2(estatus);
-      goto Error;
+      if (!is_reuse_handle)
+        {
+          enif_release_resource(c_ctx);
+        }
+      return ERROR_TUPLE_2(ATOM_QUIC_REGISTRATION);
     }
 
   if (!is_reuse_handle)

diff --git a/c_src/quicer_listener.c b/c_src/quicer_listener.c
@@ -589,6 +589,7 @@ start_listener3(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
 
   if (!IS_SAME_TERM(ret, ATOM_OK))
     {
+      enif_release_resource(new_config_ctx);
       return ERROR_TUPLE_2(ret);
     }
 
@@ -600,6 +601,7 @@ start_listener3(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
   if (!l_ctx->Listener)
     {
       ret = ERROR_TUPLE_2(ATOM_CLOSED);
+      enif_release_resource(new_config_ctx);
       goto exit;
     }
 

diff --git a/c_src/quicer_tls.c b/c_src/quicer_tls.c
@@ -36,20 +36,20 @@ parse_cert_options(ErlNifEnv *env,
   if (!(certfile
         = str_from_map(env, ATOM_CERTFILE, &options, NULL, PATH_MAX + 1)))
     {
-      return FALSE;
+      goto error;
     }
   if (!(keyfile
         = str_from_map(env, ATOM_KEYFILE, &options, NULL, PATH_MAX + 1)))
     {
-      return FALSE;
+      goto error;
     }
 
   // Get password for Server CertFile
   if (enif_get_map_value(env, options, ATOM_PASSWORD, &tmp_term))
     {
       if (!(password = str_from_map(env, ATOM_PASSWORD, &options, NULL, 256)))
         {
-          return FALSE;
+          goto error;
         }
 
       QUIC_CERTIFICATE_FILE_PROTECTED *CertFile
@@ -59,7 +59,7 @@ parse_cert_options(ErlNifEnv *env,
 
       if (!CertFile)
         {
-          return FALSE;
+          goto error;
         }
       CertFile->CertificateFile = certfile;
       CertFile->PrivateKeyFile = keyfile;
@@ -74,7 +74,7 @@ parse_cert_options(ErlNifEnv *env,
               sizeof(QUIC_CERTIFICATE_FILE), QUICER_CERTIFICATE_FILE);
       if (!CertFile)
         {
-          return FALSE;
+          goto error;
         }
       CertFile->CertificateFile = certfile;
       CertFile->PrivateKeyFile = keyfile;
@@ -83,6 +83,11 @@ parse_cert_options(ErlNifEnv *env,
     }
 
   return TRUE;
+error:
+  free(certfile);
+  free(keyfile);
+  free(password);
+  return FALSE;
 }
 
 /*
@@ -330,7 +335,8 @@ eoptions_to_cred_config(ErlNifEnv *env,
   // Handle the certificate, key, password options
   if (!parse_cert_options(env, eoptions, CredConfig))
     {
-      return ATOM_QUIC_TLS;
+      ret = ATOM_QUIC_TLS;
+      goto exit;
     }
 
   // Handle the `verify` options