commit 1daf4fcfd6fd667c2403710ac5da37e1f1961347
parent 919852cfd49e2f5a5781c1a8c501bbdc8fb4b35d
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 26 Oct 2025 02:20:30 +0200
fix leaks (#10505)
Diffstat:
4 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -3346,11 +3346,16 @@ handle_output_token (struct PayContext *pc,
break;
}
GNUNET_assert (NULL != details.priv.private_key);
+ GNUNET_free (details.token_family.slug);
+ GNUNET_free (details.token_family.name);
+ GNUNET_free (details.token_family.description);
+ json_decref (details.token_family.description_i18n);
+ GNUNET_CRYPTO_blind_sign_pub_decref (details.pub.public_key);
+ GNUNET_free (details.token_family.cipher_spec);
/* Depending on the token family, decide if the token envelope
* is mandatory or optional. (Simplified logic here: adapt as needed.) */
mandatory = test_tfk_mandatory (details.token_family.kind);
-
/* Actually sign the number of token envelopes specified in 'count'.
* 'output_index' is the offset into the parse_wallet_data arrays. */
if (GNUNET_OK !=
@@ -3365,6 +3370,7 @@ handle_output_token (struct PayContext *pc,
GNUNET_break_op (0);
return GNUNET_NO;
}
+ GNUNET_CRYPTO_blind_sign_priv_decref (details.priv.private_key);
return GNUNET_OK;
}
@@ -4934,7 +4940,7 @@ pay_context_cleanup (void *cls)
if (NULL != pc->output_tokens)
{
for (unsigned int i = 0; i<pc->output_tokens_len; i++)
- GNUNET_CRYPTO_blind_sig_incref (pc->output_tokens[i].sig.signature);
+ GNUNET_CRYPTO_blinded_sig_decref (pc->output_tokens[i].sig.signature);
GNUNET_free (pc->output_tokens);
pc->output_tokens = NULL;
}
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -1418,9 +1418,6 @@ phase_check_contract (struct OrderContext *oc)
{
struct TALER_PrivateContractHashP h_control;
- json_dumpf (oc->serialize_order.contract,
- stderr,
- JSON_INDENT (2));
switch (TALER_JSON_contract_hash (oc->serialize_order.contract,
&h_control))
{
@@ -2119,6 +2116,7 @@ add_output_token_family (struct OrderContext *oc,
"invalid cipher stored in local database for token family");
return GNUNET_SYSERR;
}
+ GNUNET_free (key_details.token_family.cipher_spec);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Storing new key for slug %s of %s\n",
slug,
diff --git a/src/backenddb/pg_lookup_token_family_key.c b/src/backenddb/pg_lookup_token_family_key.c
@@ -160,13 +160,24 @@ TMH_PG_lookup_token_family_key (
{
if (0 == strcmp (kind,
"discount"))
+ {
details->token_family.kind = TALER_MERCHANTDB_TFK_Discount;
+ }
else if (0 == strcmp (kind,
"subscription"))
+ {
details->token_family.kind = TALER_MERCHANTDB_TFK_Subscription;
+ }
else
{
GNUNET_free (kind);
+ GNUNET_free (details->token_family.slug);
+ GNUNET_free (details->token_family.name);
+ GNUNET_free (details->token_family.description);
+ json_decref (details->token_family.description_i18n);
+ GNUNET_CRYPTO_blind_sign_pub_decref (details->pub.public_key);
+ GNUNET_CRYPTO_blind_sign_priv_decref (details->priv.private_key);
+ GNUNET_free (details->token_family.cipher_spec);
GNUNET_break (0);
return GNUNET_DB_STATUS_HARD_ERROR;
}
diff --git a/src/util/contract_serialize.c b/src/util/contract_serialize.c
@@ -183,8 +183,8 @@ TALER_MERCHANT_json_from_contract_choice (
GNUNET_JSON_pack_string ("description",
choice->description)),
GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_steal ("description_i18n",
- choice->description_i18n)),
+ GNUNET_JSON_pack_object_incref ("description_i18n",
+ choice->description_i18n)),
(order)
? GNUNET_JSON_pack_allow_null (
TALER_JSON_pack_amount (
@@ -316,8 +316,8 @@ TALER_MERCHANT_json_from_token_family (
family->name),
GNUNET_JSON_pack_string ("description",
family->description),
- GNUNET_JSON_pack_object_steal ("description_i18n",
- family->description_i18n),
+ GNUNET_JSON_pack_object_incref ("description_i18n",
+ family->description_i18n),
GNUNET_JSON_pack_array_steal ("keys",
keys),
GNUNET_JSON_pack_object_steal ("details",
