<p>You usually have to declare the code in public domain.</p>
<div class="gmail_quote">On Jan 29, 2013 7:36 PM, "Arthur Mesh" <<a href="mailto:arthurmesh@gmail.com">arthurmesh@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
I am trying to figure out where bug reports should be submitted.<br>
<a href="https://www.stunnel.org/lists.html" target="_blank">https://www.stunnel.org/lists.html</a> references this mailing list, so here<br>
is my attempt at a bug report with a potential fix. If this is not an<br>
appropriate list, please redirect me.<br>
<br>
A coverity run has uncovered quite a few memory and other resource<br>
leaks, plus some potential NULL dereferences. Inline is an attempt to<br>
fix them. Imho, these are mostly self-explanatory, but if someone needs<br>
more details, I would be happy to provide those as well.<br>
<br>
Thanks<br>
<br>
diff -ru stunnel-4.54/src/options.c stunnel-4.54.p/src/options.c<br>
--- stunnel-4.54/src/options.c  2012-10-09 01:50:54.000000000 -0700<br>
+++ stunnel-4.54.p/src/options.c        2013-01-29 16:26:00.000000000 -0800<br>
@@ -1988,7 +1988,7 @@<br>
<br>
 int parse_conf(char *name, CONF_TYPE type) {<br>
     DISK_FILE *df;<br>
-    char line_text[CONFLINELEN], *errstr;<br>
+    char line_text[CONFLINELEN], *errstr = NULL;<br>
     char config_line[CONFLINELEN], *config_opt, *config_arg;<br>
     int line_number, i;<br>
     SERVICE_OPTIONS *section, *new_section;<br>
@@ -2104,7 +2104,8 @@<br>
         errstr=parse_service_option(CMD_END, section, NULL, NULL);<br>
     }<br>
     if(errstr) {<br>
-        s_log(LOG_ERR, "Service [%s]: %s", section->servname, errstr);<br>
+        s_log(LOG_ERR, "Service [%s]: %s", section ? section->servname : "",<br>
+              errstr);<br>
         return 1;<br>
     }<br>
<br>
@@ -2253,7 +2254,7 @@<br>
     }<br>
     new_global_options.debug_level=8;    /* illegal level */<br>
     for(fl=levels; fl->name; ++fl) {<br>
-        if(!strcasecmp(fl->name, string)) {<br>
+        if(string && !strcasecmp(fl->name, string)) {<br>
             new_global_options.debug_level=fl->value;<br>
             break;<br>
         }<br>
@@ -2428,6 +2429,7 @@<br>
             if(get_last_socket_error()!=S_ENOPROTOOPT) {<br>
                 s_log(LOG_ERR, "Failed to get %s OS default", ptr->opt_str);<br>
                 sockerror("getsockopt");<br>
+                close(fd);<br>
                 return 1; /* FAILED */<br>
             }<br>
             td=str_dup("write-only");<br>
@@ -2442,6 +2444,7 @@<br>
             ptr->opt_str, ta, tl, tr, td);<br>
         str_free(ta); str_free(tl); str_free(tr); str_free(td);<br>
     }<br>
+    close(fd);<br>
     return 0; /* OK */<br>
 }<br>
<br>
Only in stunnel-4.54.p/src: options.c.orig<br>
diff -ru stunnel-4.54/src/protocol.c stunnel-4.54.p/src/protocol.c<br>
--- stunnel-4.54/src/protocol.c 2012-10-09 01:46:47.000000000 -0700<br>
+++ stunnel-4.54.p/src/protocol.c       2013-01-29 16:26:00.000000000 -0800<br>
@@ -244,30 +244,36 @@<br>
 /**************************************** smtp */<br>
<br>
 static void smtp_client(CLI *c) {<br>
-    char *line;<br>
+    char *line = NULL;<br>
<br>
     do { /* copy multiline greeting */<br>
+        str_free(line); /* okay to str_free(NULL) */<br>
         line=fd_getline(c, c->remote_fd.fd);<br>
         fd_putline(c, c->local_wfd.fd, line);<br>
     } while(isprefix(line, "220-"));<br>
<br>
     fd_putline(c, c->remote_fd.fd, "EHLO localhost");<br>
     do { /* skip multiline reply */<br>
+        str_free(line);<br>
         line=fd_getline(c, c->remote_fd.fd);<br>
     } while(isprefix(line, "250-"));<br>
     if(!isprefix(line, "250 ")) { /* error */<br>
+        str_free(line);<br>
         s_log(LOG_ERR, "Remote server is not RFC 1425 compliant");<br>
         longjmp(c->err, 1);<br>
     }<br>
<br>
     fd_putline(c, c->remote_fd.fd, "STARTTLS");<br>
     do { /* skip multiline reply */<br>
+        str_free(line);<br>
         line=fd_getline(c, c->remote_fd.fd);<br>
     } while(isprefix(line, "220-"));<br>
     if(!isprefix(line, "220 ")) { /* error */<br>
+        str_free(line);<br>
         s_log(LOG_ERR, "Remote server is not RFC 2487 compliant");<br>
         longjmp(c->err, 1);<br>
     }<br>
+    str_free(line);<br>
 }<br>
<br>
 static void smtp_server(CLI *c) {<br>
@@ -290,21 +296,27 @@<br>
     line=fd_getline(c, c->remote_fd.fd);<br>
     if(!isprefix(line, "220")) {<br>
         s_log(LOG_ERR, "Unknown server welcome");<br>
+        str_free(line);<br>
         longjmp(c->err, 1);<br>
     }<br>
     fd_printf(c, c->local_wfd.fd, "%s + stunnel", line);<br>
+    str_free(line);<br>
     line=fd_getline(c, c->local_rfd.fd);<br>
     if(!isprefix(line, "EHLO ")) {<br>
         s_log(LOG_ERR, "Unknown client EHLO");<br>
+        str_free(line);<br>
         longjmp(c->err, 1);<br>
     }<br>
     fd_printf(c, c->local_wfd.fd, "250-%s Welcome", line);<br>
+    str_free(line);<br>
     fd_putline(c, c->local_wfd.fd, "250 STARTTLS");<br>
     line=fd_getline(c, c->local_rfd.fd);<br>
     if(!isprefix(line, "STARTTLS")) {<br>
         s_log(LOG_ERR, "STARTTLS expected");<br>
+        str_free(line);<br>
         longjmp(c->err, 1);<br>
     }<br>
+    str_free(line);<br>
     fd_putline(c, c->local_wfd.fd, "220 Go ahead");<br>
 }<br>
<br>
@@ -316,15 +328,19 @@<br>
     line=fd_getline(c, c->remote_fd.fd);<br>
     if(!isprefix(line, "+OK ")) {<br>
         s_log(LOG_ERR, "Unknown server welcome");<br>
+        str_free(line);<br>
         longjmp(c->err, 1);<br>
     }<br>
     fd_putline(c, c->local_wfd.fd, line);<br>
+    str_free(line);<br>
     fd_putline(c, c->remote_fd.fd, "STLS");<br>
     line=fd_getline(c, c->remote_fd.fd);<br>
     if(!isprefix(line, "+OK ")) {<br>
         s_log(LOG_ERR, "Server does not support TLS");<br>
+        str_free(line);<br>
         longjmp(c->err, 1);<br>
     }<br>
+    str_free(line);<br>
 }<br>
<br>
 static void pop3_server(CLI *c) {<br>
@@ -332,17 +348,21 @@<br>
<br>
     line=fd_getline(c, c->remote_fd.fd);<br>
     fd_printf(c, c->local_wfd.fd, "%s + stunnel", line);<br>
+    str_free(line);<br>
     line=fd_getline(c, c->local_rfd.fd);<br>
     if(isprefix(line, "CAPA")) { /* client wants RFC 2449 extensions */<br>
         fd_putline(c, c->local_wfd.fd, "+OK Stunnel capability list follows");<br>
         fd_putline(c, c->local_wfd.fd, "STLS");<br>
         fd_putline(c, c->local_wfd.fd, ".");<br>
+        str_free(line);<br>
         line=fd_getline(c, c->local_rfd.fd);<br>
     }<br>
     if(!isprefix(line, "STLS")) {<br>
+        str_free(line);<br>
         s_log(LOG_ERR, "Client does not want TLS");<br>
         longjmp(c->err, 1);<br>
     }<br>
+    str_free(line);<br>
     fd_putline(c, c->local_wfd.fd, "+OK Stunnel starts TLS negotiation");<br>
 }<br>
<br>
@@ -353,18 +373,22 @@<br>
<br>
     line=fd_getline(c, c->remote_fd.fd);<br>
     if(!isprefix(line, "* OK")) {<br>
+        str_free(line);<br>
         s_log(LOG_ERR, "Unknown server welcome");<br>
         longjmp(c->err, 1);<br>
     }<br>
     fd_putline(c, c->local_wfd.fd, line);<br>
+    str_free(line);<br>
     fd_putline(c, c->remote_fd.fd, "stunnel STARTTLS");<br>
     line=fd_getline(c, c->remote_fd.fd);<br>
     if(!isprefix(line, "stunnel OK")) {<br>
+        str_free(line);<br>
         fd_putline(c, c->local_wfd.fd,<br>
             "* BYE stunnel: Server does not support TLS");<br>
         s_log(LOG_ERR, "Server does not support TLS");<br>
         longjmp(c->err, 2); /* don't reset */<br>
     }<br>
+    str_free(line);<br>
 }<br>
<br>
 static void imap_server(CLI *c) {<br>
@@ -387,6 +411,7 @@<br>
     /* process server welcome and send it to client */<br>
     line=fd_getline(c, c->remote_fd.fd);<br>
     if(!isprefix(line, "* OK")) {<br>
+        str_free(line);<br>
         s_log(LOG_ERR, "Unknown server welcome");<br>
         longjmp(c->err, 1);<br>
     }<br>
@@ -396,22 +421,29 @@<br>
     if(capa)<br>
         *capa='K'; /* disable CAPABILITY within greeting */<br>
     fd_printf(c, c->local_wfd.fd, "%s (stunnel)", line);<br>
+    str_free(line);<br>
<br>
     while(1) { /* process client commands */<br>
         line=fd_getline(c, c->local_rfd.fd);<br>
         /* split line into id and tail */<br>
         id=str_dup(line);<br>
         tail=strchr(id, ' ');<br>
-        if(!tail)<br>
+        if(!tail) {<br>
+            str_free(line);<br>
+            str_free(id);<br>
             break;<br>
+        }<br>
         *tail++='\0';<br>
<br>
         if(isprefix(tail, "STARTTLS")) {<br>
             fd_printf(c, c->local_wfd.fd,<br>
                 "%s OK Begin TLS negotiation now", id);<br>
+            str_free(line);<br>
+            str_free(id);<br>
             return; /* success */<br>
         } else if(isprefix(tail, "CAPABILITY")) {<br>
             fd_putline(c, c->remote_fd.fd, line); /* send it to server */<br>
+            str_free(line);<br>
             line=fd_getline(c, c->remote_fd.fd); /* get the capabilites */<br>
             if(*line=='*') {<br>
                 /*<br>
@@ -421,6 +453,7 @@<br>
                  * LOGIN would fail as "unexpected command", anyway<br>
                  */<br>
                 fd_printf(c, c->local_wfd.fd, "%s STARTTLS", line);<br>
+                str_free(line);<br>
                 line=fd_getline(c, c->remote_fd.fd); /* next line */<br>
             }<br>
             fd_putline(c, c->local_wfd.fd, line); /* forward to the client */<br>
@@ -429,24 +462,35 @@<br>
                 fd_putline(c, c->local_wfd.fd,<br>
                     "* BYE unexpected server response");<br>
                 s_log(LOG_ERR, "Unexpected server response: %s", line);<br>
+                str_free(line);<br>
+                str_free(id);<br>
                 break;<br>
             }<br>
+            str_free(line);<br>
+            str_free(id);<br>
         } else if(isprefix(tail, "LOGOUT")) {<br>
             fd_putline(c, c->local_wfd.fd, "* BYE server terminating");<br>
             fd_printf(c, c->local_wfd.fd, "%s OK LOGOUT completed", id);<br>
+            str_free(id);<br>
+            str_free(line);<br>
             break;<br>
         } else {<br>
             fd_putline(c, c->local_wfd.fd, "* BYE stunnel: unexpected command");<br>
             fd_printf(c, c->local_wfd.fd, "%s BAD %s unexpected", id, tail);<br>
             s_log(LOG_ERR, "Unexpected client command %s", tail);<br>
+            str_free(line);<br>
+            str_free(id);<br>
             break;<br>
         }<br>
     }<br>
     /* clean server shutdown */<br>
     fd_putline(c, c->remote_fd.fd, "stunnel LOGOUT");<br>
     line=fd_getline(c, c->remote_fd.fd);<br>
-    if(*line=='*')<br>
+    if(*line=='*') {<br>
+        str_free(line);<br>
         line=fd_getline(c, c->remote_fd.fd);<br>
+    }<br>
+    str_free(line);<br>
     longjmp(c->err, 2); /* don't reset */<br>
 }<br>
<br>
@@ -458,15 +502,19 @@<br>
     line=fd_getline(c, c->remote_fd.fd);<br>
     if(!isprefix(line, "200 ") && !isprefix(line, "201 ")) {<br>
         s_log(LOG_ERR, "Unknown server welcome");<br>
+        str_free(line);<br>
         longjmp(c->err, 1);<br>
     }<br>
     fd_putline(c, c->local_wfd.fd, line);<br>
     fd_putline(c, c->remote_fd.fd, "STARTTLS");<br>
+    str_free(line);<br>
     line=fd_getline(c, c->remote_fd.fd);<br>
     if(!isprefix(line, "382 ")) {<br>
         s_log(LOG_ERR, "Server does not support TLS");<br>
+        str_free(line);<br>
         longjmp(c->err, 1);<br>
     }<br>
+    str_free(line);<br>
 }<br>
<br>
 /**************************************** connect */<br>
@@ -548,13 +596,17 @@<br>
         /* not "HTTP/1.0 200 Connection established" */<br>
         s_log(LOG_ERR, "CONNECT request rejected");<br>
         do { /* read all headers */<br>
+            str_free(line);<br>
             line=fd_getline(c, c->remote_fd.fd);<br>
         } while(*line);<br>
+        str_free(line);<br>
         longjmp(c->err, 1);<br>
     }<br>
+    str_free(line);<br>
     s_log(LOG_INFO, "CONNECT request accepted");<br>
     do {<br>
         line=fd_getline(c, c->remote_fd.fd); /* read all headers */<br>
+        str_free(line);<br>
     } while(*line);<br>
 }<br>
<br>
@@ -588,10 +640,13 @@<br>
     if(line[9]!='4' || line[10]!='0' || line[11]!='7') { /* code 407 */<br>
         s_log(LOG_ERR, "NTLM authorization request rejected");<br>
         do { /* read all headers */<br>
+            str_free(line);<br>
             line=fd_getline(c, c->remote_fd.fd);<br>
         } while(*line);<br>
+        str_free(line);<br>
         longjmp(c->err, 1);<br>
     }<br>
+    str_free(line);<br>
     ntlm2_txt=NULL;<br>
     do { /* read all headers */<br>
         line=fd_getline(c, c->remote_fd.fd);<br>
@@ -599,6 +654,7 @@<br>
             ntlm2_txt=str_dup(line+25);<br>
         else if(isprefix(line, "Content-Length: "))<br>
             content_length=atol(line+16);<br>
+        str_free(line);<br>
     } while(*line);<br>
     if(!ntlm2_txt) { /* no Proxy-Authenticate: NTLM header */<br>
         s_log(LOG_ERR, "Proxy-Authenticate: NTLM header not found");<br>
Only in stunnel-4.54.p/src: protocol.c.orig<br>
diff -ru stunnel-4.54/src/stunnel.c stunnel-4.54.p/src/stunnel.c<br>
--- stunnel-4.54/src/stunnel.c  2012-08-18 14:11:53.000000000 -0700<br>
+++ stunnel-4.54.p/src/stunnel.c        2013-01-29 16:26:00.000000000 -0800<br>
@@ -119,12 +119,16 @@<br>
         fatal("Could not open /dev/null");<br>
 #endif /* standard Unix */<br>
     main_initialize();<br>
-    if(main_configure(argc>1 ? argv[1] : NULL, argc>2 ? argv[2] : NULL))<br>
+    if(main_configure(argc>1 ? argv[1] : NULL, argc>2 ? argv[2] : NULL)) {<br>
+        close(fd);<br>
         return 1;<br>
+    }<br>
     if(service_options.next) { /* there are service sections -> daemon mode */<br>
 #if !defined(__vms) && !defined(USE_OS2)<br>
-        if(daemonize(fd))<br>
+        if(daemonize(fd)) {<br>
+            close(fd);<br>
             return 1;<br>
+        }<br>
         close(fd);<br>
         /* create_pid() must be called after drop_privileges()<br>
          * or it won't be possible to remove the file on exit */<br>
Only in stunnel-4.54.p/src: stunnel.c.orig<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
</blockquote></div>