scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 12:00:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed memory leaks

Browse Source
This commit is contained in:
TLINDEN
2014-08-06 01:23:32 +02:00
parent 02930178b2
commit 7542128486
10 changed files with 79 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/pcp.h
View File

@@ -8,6 +8,7 @@ extern "C" {
#include "pcp/config.h" #include "pcp/config.h"
#include "pcp/base85.h" #include "pcp/base85.h"
#include "pcp/buffer.h" #include "pcp/buffer.h"
#include "pcp/config.h"
#include "pcp/context.h" #include "pcp/context.h"
#include "pcp/crypto.h" #include "pcp/crypto.h"
#include "pcp/defines.h" #include "pcp/defines.h"

2
libpcp/buffer.c
View File

@@ -329,6 +329,8 @@ size_t buffer_fd_read(Buffer *b, FILE *in, size_t len) {
if(s > 0) if(s > 0)
buffer_add(b, data, len); buffer_add(b, data, len);
ucfree(data, len); /* FIXME: re-use data */
return s; return s;
} }

11
libpcp/crypto.c
View File

@@ -276,14 +276,17 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t
pcp_rec_t *rec = pcp_rec_new(reccipher, nrec * PCP_ASYM_RECIPIENT_SIZE, NULL, cur); pcp_rec_t *rec = pcp_rec_new(reccipher, nrec * PCP_ASYM_RECIPIENT_SIZE, NULL, cur);
size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, rec); size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, rec);
pcp_rec_free(rec); pcp_rec_free(rec);
ucfree(symkey, crypto_secretbox_KEYBYTES);
return s; return s;
} }
else { else {
size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, NULL); size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, NULL);
ucfree(symkey, crypto_secretbox_KEYBYTES);
return s; return s;
} }
errdef1: errdef1:
ucfree(symkey, crypto_secretbox_KEYBYTES);
return 0; return 0;
} }
@@ -384,14 +387,12 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t
goto errec1; goto errec1;
return out_size + sym_size;
errec1:
memset(symkey, 0, crypto_secretbox_KEYBYTES); memset(symkey, 0, crypto_secretbox_KEYBYTES);
free(symkey); free(symkey);
free(recipients_cipher); free(recipients_cipher);
return out_size + sym_size;
errec1:
return 0; return 0;
} }

25
libpcp/key.c
View File

@@ -26,7 +26,7 @@
/* /*
* AS of 16/01/2014 I'm using scrypt() instead of my crafted key * AS of 16/01/2014 I'm using scrypt() instead of my crafted key
* derivation function. However, I create a hash from the pcp_scrypt() * derivation function. However, I create a hash from the pcp_scrypt()
* result anyway because I need a cure25519 secret. * result anyway because I need a curve25519 secret.
*/ */
byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) { byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
byte *key = ucmalloc(crypto_secretbox_KEYBYTES); byte *key = ucmalloc(crypto_secretbox_KEYBYTES);
@@ -43,9 +43,8 @@ byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
key[31] &= 127; key[31] &= 127;
key[31] |= 64; key[31] |= 64;
/* disabled, must be done outside /* done */
memset(passphrase, 0, plen); */ ucfree(scrypted, 64);
return key; return key;
} }
@@ -114,7 +113,10 @@ pcp_key_t * pcpkey_new () {
memcpy (key->secret, cs, 32); memcpy (key->secret, cs, 32);
memcpy (key->edpub, sp, 32); memcpy (key->edpub, sp, 32);
memcpy (key->edsecret, ss, 64); memcpy (key->edsecret, ss, 64);
memcpy (key->id, pcp_getkeyid(key), 17);
char *id = pcp_getkeyid(key);
memcpy (key->id, id, 17);
free(id);
key->ctime = (long)time(0); key->ctime = (long)time(0);
@@ -164,9 +166,10 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
buffer_free(both); buffer_free(both);
free(encryptkey); free(encryptkey);
if(es == 176) { if(es == 176) { /* FIXME: calc! */
/* success */ /* success */
memcpy(key->encrypted, encrypted, 176); memcpy(key->encrypted, encrypted, 176);
ucfree(encrypted, es);
arc4random_buf(key->secret, 32); arc4random_buf(key->secret, 32);
arc4random_buf(key->edsecret, 64); arc4random_buf(key->edsecret, 64);
arc4random_buf(key->mastersecret, 64); arc4random_buf(key->mastersecret, 64);
@@ -176,7 +179,8 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
} }
else { else {
fatal(ptx, "failed to encrypt the secret key!\n"); fatal(ptx, "failed to encrypt the secret key!\n");
free(key); ucfree(encrypted, es);
ucfree(key, sizeof(pcp_key_t));
return NULL; return NULL;
} }
@@ -191,18 +195,19 @@ pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
es = pcp_sodium_verify_mac(&decrypted, key->encrypted, 176, key->nonce, encryptkey); es = pcp_sodium_verify_mac(&decrypted, key->encrypted, 176, key->nonce, encryptkey);
memset(encryptkey, 0, 32); ucfree(encryptkey, 32);
free(encryptkey);
if(es == 0) { if(es == 0) {
/* success */ /* success */
memcpy(key->mastersecret, decrypted, 64); memcpy(key->mastersecret, decrypted, 64);
memcpy(key->edsecret, decrypted + 64, 64); memcpy(key->edsecret, decrypted + 64, 64);
memcpy(key->secret, decrypted +128, 32); memcpy(key->secret, decrypted +128, 32);
ucfree(decrypted, 176);
} }
else { else {
fatal(ptx, "failed to decrypt the secret key (got %d, expected 32)!\n", es); fatal(ptx, "failed to decrypt the secret key (got %d, expected 32)!\n", es);
free(key); ucfree(decrypted, 176);
ucfree(key, sizeof(pcp_key_t));
return NULL; return NULL;
} }

12
libpcp/vault.c
View File

@@ -156,14 +156,14 @@ int pcpvault_addkey(PCPCTX *ptx, vault_t *vault, void *item, uint8_t type) {
size_t itemsize; size_t itemsize;
void *saveitem = NULL; void *saveitem = NULL;
Buffer *blob = NULL; Buffer *blob = buffer_new(PCP_RAW_KEYSIZE, "bs");
if(type == PCP_KEY_TYPE_PUBLIC) { if(type == PCP_KEY_TYPE_PUBLIC) {
itemsize = PCP_RAW_PUBKEYSIZE; itemsize = PCP_RAW_PUBKEYSIZE;
saveitem = ucmalloc(sizeof(pcp_pubkey_t)); saveitem = ucmalloc(sizeof(pcp_pubkey_t));
memcpy(saveitem, item, sizeof(pcp_pubkey_t)); memcpy(saveitem, item, sizeof(pcp_pubkey_t));
pubkey2be((pcp_pubkey_t *)item); pubkey2be((pcp_pubkey_t *)item);
blob = pcp_keyblob(item, type); pcp_pubkeyblob(blob, (pcp_pubkey_t *)item);
} }
else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_NATIVE) { else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_NATIVE) {
pcp_keysig_t *sk = (pcp_keysig_t *)item; pcp_keysig_t *sk = (pcp_keysig_t *)item;
@@ -179,6 +179,7 @@ int pcpvault_addkey(PCPCTX *ptx, vault_t *vault, void *item, uint8_t type) {
memcpy(saveitem, item, sizeof(pcp_key_t)); memcpy(saveitem, item, sizeof(pcp_key_t));
key2be((pcp_key_t *)item); key2be((pcp_key_t *)item);
blob = pcp_keyblob(item, type); blob = pcp_keyblob(item, type);
pcp_seckeyblob(blob, (pcp_key_t *)item);
} }
@@ -274,7 +275,7 @@ void pcpvault_update_checksum(PCPCTX *ptx, vault_t *vault) {
byte *pcpvault_create_checksum(PCPCTX *ptx) { byte *pcpvault_create_checksum(PCPCTX *ptx) {
pcp_key_t *k = NULL; pcp_key_t *k = NULL;
Buffer *blob = NULL; Buffer *blob = buffer_new(PCP_RAW_KEYSIZE, "blob");;
size_t datapos = 0; size_t datapos = 0;
int numskeys = pcphash_count(ptx); int numskeys = pcphash_count(ptx);
@@ -287,7 +288,7 @@ byte *pcpvault_create_checksum(PCPCTX *ptx) {
pcphash_iterate(ptx, k) { pcphash_iterate(ptx, k) {
key2be(k); key2be(k);
blob = pcp_keyblob(k, PCP_KEY_TYPE_SECRET); pcp_seckeyblob(blob, (pcp_key_t *)k);
memcpy(&data[datapos], buffer_get(blob), PCP_RAW_KEYSIZE); memcpy(&data[datapos], buffer_get(blob), PCP_RAW_KEYSIZE);
buffer_clear(blob); buffer_clear(blob);
key2native(k); key2native(k);
@@ -298,7 +299,7 @@ byte *pcpvault_create_checksum(PCPCTX *ptx) {
pcphash_iteratepub(ptx, p) { pcphash_iteratepub(ptx, p) {
/* pcp_dumppubkey(p); */ /* pcp_dumppubkey(p); */
pubkey2be(p); pubkey2be(p);
blob = pcp_keyblob(p, PCP_KEY_TYPE_PUBLIC); pcp_pubkeyblob(blob, (pcp_pubkey_t *)p);
memcpy(&data[datapos], buffer_get(blob), PCP_RAW_PUBKEYSIZE); memcpy(&data[datapos], buffer_get(blob), PCP_RAW_PUBKEYSIZE);
buffer_clear(blob); buffer_clear(blob);
pubkey2native(p); pubkey2native(p);
@@ -371,6 +372,7 @@ int pcpvault_close(PCPCTX *ptx, vault_t *vault) {
} }
fclose(vault->fd); fclose(vault->fd);
} }
free(vault->filename);
free(vault); free(vault);
vault = NULL; vault = NULL;
} }

1
src/encryption.c
View File

@@ -106,6 +106,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
} }
secret = pcpkey_decrypt(ptx, secret, passphrase); secret = pcpkey_decrypt(ptx, secret, passphrase);
ucfree(passphrase, strlen(passphrase));
if(secret == NULL) if(secret == NULL)
goto errde3; goto errde3;

9
src/keymgmt.c
View File

@@ -173,13 +173,10 @@ char *pcp_normalize_id(char *keyid) {
} }
pcp_key_t *pcp_find_primary_secret() { pcp_key_t *pcp_find_primary_secret() {
pcp_key_t *key = NULL;
pcp_key_t *k; pcp_key_t *k;
pcphash_iterate(ptx, k) { pcphash_iterate(ptx, k) {
if(k->type == PCP_KEY_TYPE_MAINSECRET) { if(k->type == PCP_KEY_TYPE_MAINSECRET) {
key = ucmalloc(sizeof(pcp_key_t)); return k;
memcpy(key, k, sizeof(pcp_key_t));
return key;
} }
} }
@@ -187,9 +184,7 @@ pcp_key_t *pcp_find_primary_secret() {
int nkeys = pcphash_count(ptx); int nkeys = pcphash_count(ptx);
if(nkeys == 1) { if(nkeys == 1) {
pcphash_iterate(ptx, k) { pcphash_iterate(ptx, k) {
key = ucmalloc(sizeof(pcp_key_t)); return k;
memcpy(key, k, sizeof(pcp_key_t));
return key;
} }
} }

76
src/pcp.c
View File

@@ -317,60 +317,75 @@ int main (int argc, char **argv) {
current mode and other given parameters */ current mode and other given parameters */
extra = ucmalloc(strlen(argv[0])+1); extra = ucmalloc(strlen(argv[0])+1);
strncpy(extra, argv[0], strlen(argv[0])+1); strncpy(extra, argv[0], strlen(argv[0])+1);
int useex = 0;
switch (mode) { switch (mode) {
case PCP_MODE_DECRYPT: case PCP_MODE_DECRYPT:
if(infile == NULL) if(infile == NULL) {
infile = extra; infile = extra;
useex = 1;
}
break; break;
case PCP_MODE_ENCRYPT: case PCP_MODE_ENCRYPT:
if(infile == NULL) if(infile == NULL) {
infile = extra; infile = extra;
useex = 1;
}
else if(userec == 0 && useid == 0) { else if(userec == 0 && useid == 0) {
userec = 1; userec = 1;
int i; int i;
for (i=0; i<argc; i++) { for (i=0; i<argc; i++) {
p_add(&recipient, argv[i]); p_add(&recipient, argv[i]);
} }
free(extra);
} }
break; break;
case PCP_MODE_IMPORT: case PCP_MODE_IMPORT:
if(infile == NULL) if(infile == NULL) {
infile = extra; infile = extra;
useex = 1;
}
break; break;
case PCP_MODE_EXPORT_SECRET: case PCP_MODE_EXPORT_SECRET:
case PCP_MODE_EXPORT_PUBLIC: case PCP_MODE_EXPORT_PUBLIC:
if(outfile == NULL) if(outfile == NULL) {
outfile = extra; outfile = extra;
useex = 1;
}
else if(useid == 0 && userec == 0) { else if(useid == 0 && userec == 0) {
p_add(&recipient, extra); p_add(&recipient, extra);
useex = 1;
userec = 1; userec = 1;
} }
break; break;
case PCP_MODE_VERIFY: case PCP_MODE_VERIFY:
if(infile == NULL) if(infile == NULL) {
infile = extra; infile = extra;
useex = 1;
}
else if (useid == 0) { else if (useid == 0) {
id = extra; id = extra;
useid = 1; useid = 1;
useex = 1;
} }
break; break;
case PCP_MODE_SIGN: case PCP_MODE_SIGN:
if(infile == NULL) if(infile == NULL) {
infile = extra; infile = extra;
else if(outfile == NULL && detach == 0) useex = 1;
}
else if(outfile == NULL && detach == 0) {
outfile = extra; outfile = extra;
useex = 1;
}
break; break;
default:
free(extra); /* not used */
} }
if(useex)
free(extra);
} }
/* check if there's some enviroment we could use */ /* check if there's some enviroment we could use */
@@ -393,8 +408,6 @@ int main (int argc, char **argv) {
switch (mode) { switch (mode) {
case PCP_MODE_KEYGEN: case PCP_MODE_KEYGEN:
pcp_keygen(xpass); pcp_keygen(xpass);
if(xpass != NULL)
free(xpass);
break; break;
case PCP_MODE_LISTKEYS: case PCP_MODE_LISTKEYS:
@@ -406,7 +419,6 @@ int main (int argc, char **argv) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if(id != NULL) {
pcp_exportsecret(id, useid, outfile, armor, xpass); pcp_exportsecret(id, useid, outfile, armor, xpass);
free(id);
} }
} }
else { else {
@@ -421,10 +433,6 @@ int main (int argc, char **argv) {
break; break;
} }
pcp_exportpublic(id, xpass, outfile, exportformat, armor); pcp_exportpublic(id, xpass, outfile, exportformat, armor);
if(xpass != NULL)
free(xpass);
if(recipient != NULL)
free(recipient);
break; break;
case PCP_MODE_IMPORT: case PCP_MODE_IMPORT:
@@ -433,7 +441,6 @@ int main (int argc, char **argv) {
else { else {
if((in = fopen(infile, "rb")) == NULL) { if((in = fopen(infile, "rb")) == NULL) {
fatal(ptx, "Could not open input file %s\n", infile); fatal(ptx, "Could not open input file %s\n", infile);
free(infile);
break; break;
} }
} }
@@ -445,7 +452,6 @@ int main (int argc, char **argv) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if(id != NULL) {
pcpdelete_key(id); pcpdelete_key(id);
free(id);
} }
} }
else { else {
@@ -458,7 +464,6 @@ int main (int argc, char **argv) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if(id != NULL) {
pcpedit_key(id); pcpedit_key(id);
free(id);
} }
} }
else { else {
@@ -480,12 +485,6 @@ int main (int argc, char **argv) {
/* -i and -r specified */ /* -i and -r specified */
fatal(ptx, "You can't specify both -i and -r, use either -i or -r!\n"); fatal(ptx, "You can't specify both -i and -r, use either -i or -r!\n");
} }
if(id != NULL)
free(id);
if(xpass != NULL)
free(xpass);
if(recipient != NULL)
p_clean(recipient);
break; break;
@@ -494,14 +493,11 @@ int main (int argc, char **argv) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if(id != NULL) {
pcpdecrypt(id, useid, infile, outfile, xpass, signcrypt); pcpdecrypt(id, useid, infile, outfile, xpass, signcrypt);
free(id);
} }
} }
else { else {
pcpdecrypt(NULL, useid, infile, outfile, xpass, signcrypt); pcpdecrypt(NULL, useid, infile, outfile, xpass, signcrypt);
} }
if(xpass != NULL)
free(xpass);
break; break;
case PCP_MODE_SIGN: case PCP_MODE_SIGN:
@@ -520,7 +516,6 @@ int main (int argc, char **argv) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if(id != NULL) {
pcpverify(infile, sigfile, id, detach); pcpverify(infile, sigfile, id, detach);
free(id);
} }
} }
else { else {
@@ -538,7 +533,6 @@ int main (int argc, char **argv) {
break; break;
} }
pcpvault_close(ptx, vault); pcpvault_close(ptx, vault);
free(vaultfile);
} }
} }
else { else {
@@ -569,11 +563,9 @@ int main (int argc, char **argv) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if(id != NULL) {
pcptext_key(id); pcptext_key(id);
free(id);
} }
} }
pcpvault_close(ptx, vault); pcpvault_close(ptx, vault);
free(vaultfile);
} }
break; break;
@@ -587,5 +579,21 @@ int main (int argc, char **argv) {
fatals_ifany(ptx); fatals_ifany(ptx);
int e = ptx->pcp_exit; int e = ptx->pcp_exit;
ptx_clean(ptx); ptx_clean(ptx);
if(infile != NULL)
free(infile);
if(outfile != NULL)
free(outfile);
if(vaultfile != NULL)
free(vaultfile);
if(sigfile != NULL)
free(sigfile);
if(xpass != NULL)
ucfree(xpass, strlen(xpass));
if(recipient != NULL)
p_clean(recipient);
if(id != NULL)
free(id);
return e; return e;
} }

1
tests/cpptest.cpp
View File

@@ -70,6 +70,7 @@ void test0() {
if(strncmp(got, "HALLO", 5) != 0) { if(strncmp(got, "HALLO", 5) != 0) {
throw pcp::exception(CA); throw pcp::exception(CA);
} }
free(got);
} }
else else
throw pcp::exception(CA, "failed to decrypt"); throw pcp::exception(CA, "failed to decrypt");

4
tests/unittests.cfg
View File

@@ -184,7 +184,7 @@ temporarily disabled
*/ */
# #
# encryption tests # encryption tests
<test check-crypto-alicia-init> <test check-crypto-alicia-2-bobby>
# alicias part # alicias part
prepare = echo ${md5msg} > testmessage prepare = echo ${md5msg} > testmessage
<test check-crypto-alicia-import-secret> <test check-crypto-alicia-import-secret>
@@ -201,9 +201,7 @@ temporarily disabled
cmd = $pcp -V va -e -i ${idbobby} -I testmessage -O testencrypted -x a cmd = $pcp -V va -e -i ${idbobby} -I testmessage -O testencrypted -x a
expect = /for ${idbobby} successfully/ expect = /for ${idbobby} successfully/
</test> </test>
</test>
<test check-crypto-bobby-init>
# bobbys part # bobbys part
<test check-crypto-bobby-import-secret> <test check-crypto-bobby-import-secret>
cmd = $pcp -V vb -K -I key-bobby-sec -x b cmd = $pcp -V vb -K -I key-bobby-sec -x b