From f22401750505d281a092034342058fc588b62ea0 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 25 Nov 2018 15:38:58 +0100 Subject: fix a few more leaks --- src/auditor-lib/.gitignore | 3 +++ src/exchange/taler-exchange-httpd_refresh_reveal.c | 20 ++++++++++++++++++++ src/exchangedb/plugin_exchangedb_common.c | 3 ++- src/wire-plugins/plugin_wire_taler-bank.c | 19 ++++++++++++++----- 4 files changed, 39 insertions(+), 6 deletions(-) diff --git a/src/auditor-lib/.gitignore b/src/auditor-lib/.gitignore index 324d0af3e..ce6edcc39 100644 --- a/src/auditor-lib/.gitignore +++ b/src/auditor-lib/.gitignore @@ -1 +1,4 @@ test_auditor_api +test_exchange_api_home/.local/share/taler/auditors/ +test_exchange_api_home/.local/share/taler/exchange/live-keys/ +auditor.in diff --git a/src/exchange/taler-exchange-httpd_refresh_reveal.c b/src/exchange/taler-exchange-httpd_refresh_reveal.c index 39e17df17..8ac8636d9 100644 --- a/src/exchange/taler-exchange-httpd_refresh_reveal.c +++ b/src/exchange/taler-exchange-httpd_refresh_reveal.c @@ -250,6 +250,20 @@ refresh_reveal_preflight (void *cls, } +/** + * Helper function for #refresh_reveal_transaction() to free internal + * state of @a refresh_melt (but not the pointer itself!). + * + * @param refresh_melt memory to clean up + */ +static void +free_refresh_melt (struct TALER_EXCHANGEDB_RefreshMelt *refresh_melt) +{ + GNUNET_CRYPTO_rsa_signature_free (refresh_melt->session.coin.denom_sig.rsa_signature); + GNUNET_CRYPTO_rsa_public_key_free (refresh_melt->session.coin.denom_pub.rsa_public_key); +} + + /** * Execute a "/refresh/reveal". The client is revealing to us the * transfer keys for @a #TALER_CNC_KAPPA-1 sets of coins. Verify that the @@ -299,6 +313,8 @@ refresh_reveal_transaction (void *cls, GNUNET_break (0); *mhd_ret = TEH_RESPONSE_reply_internal_db_error (connection, TALER_EC_REFRESH_REVEAL_DB_FETCH_SESSION_ERROR); + if (refresh_melt.session.noreveal_index >= TALER_CNC_KAPPA) + free_refresh_melt (&refresh_melt); return GNUNET_DB_STATUS_HARD_ERROR; } @@ -385,6 +401,7 @@ refresh_reveal_transaction (void *cls, GNUNET_break_op (0); *mhd_ret = reply_refresh_reveal_missmatch (connection, &rc_expected); + free_refresh_melt (&refresh_melt); return GNUNET_DB_STATUS_HARD_ERROR; } } /* end of checking "rc_expected" */ @@ -417,6 +434,7 @@ refresh_reveal_transaction (void *cls, *mhd_ret = TEH_RESPONSE_reply_internal_error (connection, TALER_EC_REFRESH_REVEAL_COST_CALCULATION_OVERFLOW, "failed to add up refresh costs"); + free_refresh_melt (&refresh_melt); return GNUNET_DB_STATUS_HARD_ERROR; } } @@ -427,9 +445,11 @@ refresh_reveal_transaction (void *cls, *mhd_ret = TEH_RESPONSE_reply_external_error (connection, TALER_EC_REFRESH_REVEAL_AMOUNT_INSUFFICIENT, "melted coin value is insufficient to cover cost of operation"); + free_refresh_melt (&refresh_melt); return GNUNET_DB_STATUS_HARD_ERROR; } } + free_refresh_melt (&refresh_melt); return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; } diff --git a/src/exchangedb/plugin_exchangedb_common.c b/src/exchangedb/plugin_exchangedb_common.c index 8344974b4..26515670a 100644 --- a/src/exchangedb/plugin_exchangedb_common.c +++ b/src/exchangedb/plugin_exchangedb_common.c @@ -90,7 +90,8 @@ common_free_coin_transaction_list (void *cls, switch (list->type) { case TALER_EXCHANGEDB_TT_DEPOSIT: - GNUNET_free_non_null (list->details.deposit->receiver_wire_account); + if (NULL != list->details.deposit->receiver_wire_account) + json_decref (list->details.deposit->receiver_wire_account); if (NULL != list->details.deposit->coin.denom_pub.rsa_public_key) GNUNET_CRYPTO_rsa_public_key_free (list->details.deposit->coin.denom_pub.rsa_public_key); if (NULL != list->details.deposit->coin.denom_sig.rsa_signature) diff --git a/src/wire-plugins/plugin_wire_taler-bank.c b/src/wire-plugins/plugin_wire_taler-bank.c index 6075b25a0..8299e8e39 100644 --- a/src/wire-plugins/plugin_wire_taler-bank.c +++ b/src/wire-plugins/plugin_wire_taler-bank.c @@ -253,12 +253,11 @@ parse_payto (const char *account_url, } GNUNET_free (s); } - else + else if (1 != sscanf (account, + "%llu", + &no)) { - if (1 != sscanf (account, - "%llu", - &no)) - return TALER_EC_PAYTO_MALFORMED; + return TALER_EC_PAYTO_MALFORMED; } if (no > MAX_ACCOUNT_NO) return TALER_EC_PAYTO_MALFORMED; @@ -773,6 +772,8 @@ taler_bank_execute_wire_transfer (void *cls, parse_payto (destination_account_url, &destination_account)) { + GNUNET_free_non_null (origin_account.hostname); + GNUNET_free_non_null (origin_account.bank_base_url); GNUNET_break (0); return NULL; } @@ -780,6 +781,10 @@ taler_bank_execute_wire_transfer (void *cls, destination_account.hostname)) { GNUNET_break (0); + GNUNET_free_non_null (origin_account.hostname); + GNUNET_free_non_null (destination_account.hostname); + GNUNET_free_non_null (origin_account.bank_base_url); + GNUNET_free_non_null (destination_account.bank_base_url); return NULL; } @@ -798,6 +803,10 @@ taler_bank_execute_wire_transfer (void *cls, (uint64_t) destination_account.no, &execute_cb, eh); + GNUNET_free_non_null (origin_account.bank_base_url); + GNUNET_free_non_null (destination_account.bank_base_url); + GNUNET_free_non_null (origin_account.hostname); + GNUNET_free_non_null (destination_account.hostname); GNUNET_free (wire_s); if (NULL == eh->aaih) { -- cgit v1.2.3