fixed memory leaks

libpcp/buffer.c

@@ -329,6 +329,8 @@ size_t buffer_fd_read(Buffer *b, FILE *in, size_t len) {
   if(s > 0)
     buffer_add(b, data, len);
 
+  ucfree(data, len); /* FIXME: re-use data */
+
   return s;
 }
 

libpcp/crypto.c

@@ -276,14 +276,17 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t
     pcp_rec_t *rec = pcp_rec_new(reccipher, nrec * PCP_ASYM_RECIPIENT_SIZE, NULL, cur);
     size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, rec);
     pcp_rec_free(rec);
+    ucfree(symkey, crypto_secretbox_KEYBYTES);
     return s;
   }
   else {
     size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, NULL);
+    ucfree(symkey, crypto_secretbox_KEYBYTES);
     return s;
   }
 
  errdef1:
+  ucfree(symkey, crypto_secretbox_KEYBYTES);
   return 0;
 }
 
@@ -384,14 +387,12 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t
     goto errec1;
 
 
-  return out_size + sym_size;
-
-  
-
- errec1:
   memset(symkey, 0, crypto_secretbox_KEYBYTES);
   free(symkey);
   free(recipients_cipher);
+  return out_size + sym_size;
+
+ errec1:
 
   return 0;
 }

libpcp/key.c

@@ -26,7 +26,7 @@
 /*
  * AS of 16/01/2014 I'm using scrypt() instead of my crafted key
  * derivation function. However, I create a hash from the pcp_scrypt()
- * result anyway because I need a cure25519 secret.
+ * result anyway because I need a curve25519 secret.
  */
 byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
   byte *key = ucmalloc(crypto_secretbox_KEYBYTES);
@@ -43,9 +43,8 @@ byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
   key[31] &= 127;
   key[31] |= 64;
 
-  /* disabled, must be done outside 
-     memset(passphrase, 0, plen); */
-
+  /* done */
+  ucfree(scrypted, 64);
   return key;
 }
 
@@ -114,8 +113,11 @@ pcp_key_t * pcpkey_new () {
   memcpy (key->secret, cs, 32);
   memcpy (key->edpub, sp, 32);
   memcpy (key->edsecret, ss, 64);
-  memcpy (key->id, pcp_getkeyid(key), 17);
-  
+
+  char *id = pcp_getkeyid(key);
+  memcpy (key->id, id, 17);
+  free(id);
+
   key->ctime = (long)time(0);
 
   key->version = PCP_KEY_VERSION;
@@ -164,9 +166,10 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
   buffer_free(both);
   free(encryptkey);
 
-  if(es == 176) {
+  if(es == 176) { /* FIXME: calc! */
     /*  success */
     memcpy(key->encrypted, encrypted, 176);
+    ucfree(encrypted, es);
     arc4random_buf(key->secret, 32);
     arc4random_buf(key->edsecret, 64);
     arc4random_buf(key->mastersecret, 64);
@@ -176,7 +179,8 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
   }
   else {
     fatal(ptx, "failed to encrypt the secret key!\n");
-    free(key);
+    ucfree(encrypted, es);
+    ucfree(key, sizeof(pcp_key_t));
     return NULL;
   }
 
@@ -191,18 +195,19 @@ pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
   
   es = pcp_sodium_verify_mac(&decrypted, key->encrypted, 176, key->nonce, encryptkey);
 
-  memset(encryptkey, 0, 32);
-  free(encryptkey);
+  ucfree(encryptkey, 32);
 
   if(es == 0) {
     /*  success */
     memcpy(key->mastersecret, decrypted, 64);
     memcpy(key->edsecret, decrypted + 64, 64);    
     memcpy(key->secret, decrypted +128, 32);
+    ucfree(decrypted, 176);
   }
   else {
     fatal(ptx, "failed to decrypt the secret key (got %d, expected 32)!\n", es);
-    free(key);
+    ucfree(decrypted, 176);
+    ucfree(key, sizeof(pcp_key_t));
     return NULL;
   }
 

libpcp/vault.c

@@ -156,14 +156,14 @@ int pcpvault_addkey(PCPCTX *ptx, vault_t *vault, void *item, uint8_t type) {
   size_t itemsize;
 
   void *saveitem = NULL;
-  Buffer *blob = NULL;
+  Buffer *blob = buffer_new(PCP_RAW_KEYSIZE, "bs");
 
   if(type == PCP_KEY_TYPE_PUBLIC) {
     itemsize = PCP_RAW_PUBKEYSIZE;
     saveitem = ucmalloc(sizeof(pcp_pubkey_t));
     memcpy(saveitem, item, sizeof(pcp_pubkey_t));
     pubkey2be((pcp_pubkey_t *)item);
-    blob = pcp_keyblob(item, type);
+    pcp_pubkeyblob(blob, (pcp_pubkey_t *)item);
   }
   else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_NATIVE) {
     pcp_keysig_t *sk = (pcp_keysig_t *)item;
@@ -179,6 +179,7 @@ int pcpvault_addkey(PCPCTX *ptx, vault_t *vault, void *item, uint8_t type) {
     memcpy(saveitem, item, sizeof(pcp_key_t));
     key2be((pcp_key_t *)item);
     blob = pcp_keyblob(item, type);
+    pcp_seckeyblob(blob, (pcp_key_t *)item);
   }
 
 
@@ -274,7 +275,7 @@ void pcpvault_update_checksum(PCPCTX *ptx, vault_t *vault) {
 
 byte *pcpvault_create_checksum(PCPCTX *ptx) {
   pcp_key_t *k = NULL;
-  Buffer *blob = NULL;
+  Buffer *blob = buffer_new(PCP_RAW_KEYSIZE, "blob");;
   size_t datapos = 0;
 
   int numskeys = pcphash_count(ptx);
@@ -287,7 +288,7 @@ byte *pcpvault_create_checksum(PCPCTX *ptx) {
 
   pcphash_iterate(ptx, k) {
     key2be(k);
-    blob = pcp_keyblob(k, PCP_KEY_TYPE_SECRET);
+    pcp_seckeyblob(blob, (pcp_key_t *)k);
     memcpy(&data[datapos], buffer_get(blob), PCP_RAW_KEYSIZE);
     buffer_clear(blob);
     key2native(k);
@@ -298,7 +299,7 @@ byte *pcpvault_create_checksum(PCPCTX *ptx) {
   pcphash_iteratepub(ptx, p) {
     /* pcp_dumppubkey(p); */
     pubkey2be(p);
-    blob = pcp_keyblob(p, PCP_KEY_TYPE_PUBLIC);
+    pcp_pubkeyblob(blob, (pcp_pubkey_t *)p);
     memcpy(&data[datapos], buffer_get(blob), PCP_RAW_PUBKEYSIZE);
     buffer_clear(blob);
     pubkey2native(p);
@@ -371,6 +372,7 @@ int pcpvault_close(PCPCTX *ptx, vault_t *vault) {
       }
       fclose(vault->fd);
     }
+    free(vault->filename);
     free(vault);
     vault = NULL;
   }