uac_auth: fix memory leak reported by Jeff Pyle <jpyle@fidelityvoice.…

…com> - affected modules: b2b_entities, uac, uac_registrant (cherry picked from commit 8689767)
OpenSIPS · Oct 15, 2013 · bf74841 · bf74841
1 parent 464d85a
commit bf74841
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 11 deletions.
diff --git a/modules/b2b_entities/dlg.c b/modules/b2b_entities/dlg.c
@@ -2324,6 +2324,8 @@ void b2b_tm_cback(struct cell *t, b2b_table htable, struct tmcb_params *ps)
 					extra_headers.len = new_hdr->len +
 								t->uac[0].extra_headers.len;
 					LM_DBG("[%.*s]\n", extra_headers.len, extra_headers.s);
+					pkg_free(new_hdr->s);
+					new_hdr->s = NULL; new_hdr->len = 0;
 
 					b2b_send_indlg_req(dlg, B2B_CLIENT, b2b_key, &t->method,
 							&extra_headers, &t->uac[0].body, 0);

diff --git a/modules/uac/auth.c b/modules/uac/auth.c
@@ -219,9 +219,13 @@ int uac_auth( struct sip_msg *msg)
 	if ( apply_urihdr_changes( msg, &t->uac[branch].uri, new_hdr)<0 )
 	{
 		LM_ERR("failed to apply changes\n");
+		pkg_free(new_hdr->s);
+		new_hdr->s = NULL; new_hdr->len = 0;
 		goto error;
 	}
 
+	pkg_free(new_hdr->s);
+	new_hdr->s = NULL; new_hdr->len = 0;
 	/* increas the Cseq nr */
 
 

diff --git a/modules/uac_auth/auth.c b/modules/uac_auth/auth.c
@@ -44,6 +44,7 @@
 
 static str nc = {"00000001", 8};
 static str cnonce = {"o", 1};
+static str auth_hdr = {NULL, 0};
 
 static struct uac_credential *crd_list = NULL;
 
@@ -415,7 +416,6 @@ str* build_authorization_hdr(int code, str *uri,
 		struct uac_credential *crd, struct authenticate_body *auth,
 		struct authenticate_nc_cnonce *auth_nc_cnonce, char *response)
 {
-	static str hdr;
 	char *p;
 	int len;
 	int response_len;
@@ -438,14 +438,17 @@ str* build_authorization_hdr(int code, str *uri,
 				NC_FIELD_LEN + auth_nc_cnonce->nc->len + FIELD_SEPARATOR_UQ_LEN +
 				CNONCE_FIELD_LEN + auth_nc_cnonce->cnonce->len + FIELD_SEPARATOR_LEN;
 
-	hdr.s = (char*)pkg_malloc( len + 1);
-	if (hdr.s==0)
+	if (auth_hdr.s || auth_hdr.len)
+		LM_WARN("potential memory leak at addr: %p\n", auth_hdr.s);
+
+	auth_hdr.s = (char*)pkg_malloc( len + 1);
+	if (auth_hdr.s==NULL)
 	{
 		LM_ERR("no more pkg mem\n");
 		goto error;
 	}
 
-	p = hdr.s;
+	p = auth_hdr.s;
 	/* header start */
 	if (code==401)
 	{
@@ -496,20 +499,20 @@ str* build_authorization_hdr(int code, str *uri,
 	add_string( p, FIELD_SEPARATOR_S ALGORITHM_FIELD_S CRLF,
 		FIELD_SEPARATOR_LEN+ALGORITHM_FIELD_LEN+CRLF_LEN);
 
-	hdr.len = p - hdr.s;
+	auth_hdr.len = p - auth_hdr.s;
 
-	if (hdr.len!=len)
+	if (auth_hdr.len!=len)
 	{
 		LM_CRIT("BUG: bad buffer computation "
-			"(%d<>%d)\n",len,hdr.len);
-		pkg_free( hdr.s );
+			"(%d<>%d)\n",len,auth_hdr.len);
+		pkg_free( auth_hdr.s );
+		auth_hdr.s = NULL; auth_hdr.len = 0;
 		goto error;
 	}
 
-	LM_DBG("hdr is <%.*s>\n",
-		hdr.len,hdr.s);
+	LM_DBG("auth_hdr is <%.*s>\n", auth_hdr.len, auth_hdr.s);
 
-	return &hdr;
+	return &auth_hdr;
 error:
 	return 0;
 }

diff --git a/modules/uac_registrant/registrant.c b/modules/uac_registrant/registrant.c
@@ -431,6 +431,8 @@ void reg_tm_cback(struct cell *t, int type, struct tmcb_params *ps)
 		} else {
 			rec->state = INTERNAL_ERROR_STATE;
 		}
+		pkg_free(new_hdr->s);
+		new_hdr->s = NULL; new_hdr->len = 0;
 		break;
 
 	case 423: /* Interval Too Brief */