[Minor] Fix some leaks on error paths

Found by: coverity scan

src/lua/lua_config.c

@@ -1614,9 +1614,9 @@ rspamd_register_symbol_fromlua (lua_State *L,
 
 			rspamd_symcache_set_allowed_settings_ids (cfg->cache, name,
 					ids, nids);
-
-			g_free (ids);
 		}
+
+		g_free (ids);
 	}
 
 	if (forbidden_ids) {
@@ -1636,9 +1636,9 @@ rspamd_register_symbol_fromlua (lua_State *L,
 
 			rspamd_symcache_set_forbidden_settings_ids (cfg->cache, name,
 					ids, nids);
-
-			g_free (ids);
 		}
+
+		g_free (ids);
 	}
 
 	return ret;
@@ -4417,9 +4417,10 @@ lua_config_init_subsystem (lua_State *L)
 				rspamd_symcache_init (cfg->cache);
 			}
 			else {
+				int ret = luaL_error (L, "invalid param: %s", parts[i]);
 				g_strfreev (parts);
 
-				return luaL_error (L, "invalid param: %s", parts[i]);
+				return ret;
 			}
 		}
 

src/lua/lua_cryptobox.c

@@ -706,6 +706,9 @@ lua_cryptobox_signature_load (lua_State *L)
 						alg = RSPAMD_CRYPTOBOX_MODE_25519;
 					}
 					else {
+						munmap (data, st.st_size);
+						close (fd);
+
 						return luaL_error (L, "invalid keypair algorithm: %s", str);
 					}
 				}
@@ -1192,6 +1195,7 @@ lua_cryptobox_hash_create (lua_State *L)
 		t = lua_check_text (L, 1);
 
 		if (!t) {
+			REF_RELEASE (h);
 			return luaL_error (L, "invalid arguments");
 		}
 
@@ -1243,6 +1247,7 @@ lua_cryptobox_hash_create_specific (lua_State *L)
 		t = lua_check_text (L, 2);
 
 		if (!t) {
+			REF_RELEASE (h);
 			return luaL_error (L, "invalid arguments");
 		}
 
@@ -1289,6 +1294,7 @@ lua_cryptobox_hash_create_keyed (lua_State *L)
 			t = lua_check_text (L, 2);
 
 			if (!t) {
+				REF_RELEASE (h);
 				return luaL_error (L, "invalid arguments");
 			}
 
@@ -1332,13 +1338,19 @@ lua_cryptobox_hash_create_specific_keyed (lua_State *L)
 	if (key != NULL && type != NULL) {
 		h = rspamd_lua_hash_create (type, key, keylen);
 
+		if (h == NULL) {
+			return luaL_error (L, "invalid hash type: %s", type);
+		}
+
 		if (lua_type (L, 3) == LUA_TSTRING) {
 			s = lua_tolstring (L, 3, &len);
 		}
 		else if (lua_type (L, 3) == LUA_TUSERDATA) {
 			t = lua_check_text (L, 3);
 
 			if (!t) {
+				REF_RELEASE (h);
+
 				return luaL_error (L, "invalid arguments");
 			}
 
@@ -1962,6 +1974,7 @@ lua_cryptobox_encrypt_memory (lua_State *L)
 	struct rspamd_lua_text *t, *res;
 	gsize len = 0, outlen = 0;
 	GError *err = NULL;
+	bool owned_pk = false;
 
 	if (lua_type (L, 1) == LUA_TUSERDATA) {
 		if (rspamd_lua_check_udata_maybe (L, 1, "rspamd{cryptobox_keypair}")) {
@@ -1979,13 +1992,14 @@ lua_cryptobox_encrypt_memory (lua_State *L)
 		pk = rspamd_pubkey_from_base32 (b32, blen, RSPAMD_KEYPAIR_KEX,
 				lua_toboolean (L, 3) ?
 				RSPAMD_CRYPTOBOX_MODE_NIST : RSPAMD_CRYPTOBOX_MODE_25519);
+		owned_pk = true;
 	}
 
 	if (lua_isuserdata (L, 2)) {
 		t = lua_check_text (L, 2);
 
 		if (!t) {
-			return luaL_error (L, "invalid arguments");
+			goto err;
 		}
 
 		data = t->start;
@@ -1997,7 +2011,7 @@ lua_cryptobox_encrypt_memory (lua_State *L)
 
 
 	if (!(kp || pk) || !data) {
-		return luaL_error (L, "invalid arguments");
+		goto err;
 	}
 
 	if (kp) {
@@ -2008,7 +2022,7 @@ lua_cryptobox_encrypt_memory (lua_State *L)
 			return ret;
 		}
 	}
-	else if (pk) {
+	else {
 		if (!rspamd_pubkey_encrypt (pk, data, len, &out, &outlen, &err)) {
 			gint ret = luaL_error (L, "cannot encrypt data: %s", err->message);
 			g_error_free (err);
@@ -2023,7 +2037,18 @@ lua_cryptobox_encrypt_memory (lua_State *L)
 	res->len = outlen;
 	rspamd_lua_setclass (L, "rspamd{text}", -1);
 
+	if (owned_pk) {
+		rspamd_pubkey_unref (pk);
+	}
+
 	return 1;
+err:
+
+	if (owned_pk) {
+		rspamd_pubkey_unref (pk);
+	}
+
+	return luaL_error (L, "invalid arguments");
 }
 
 /***
@@ -2045,6 +2070,7 @@ lua_cryptobox_encrypt_file (lua_State *L)
 	struct rspamd_lua_text *res;
 	gsize len = 0, outlen = 0;
 	GError *err = NULL;
+	bool own_pk = false;
 
 	if (lua_type (L, 1) == LUA_TUSERDATA) {
 		if (rspamd_lua_check_udata_maybe (L, 1, "rspamd{cryptobox_keypair}")) {
@@ -2062,13 +2088,14 @@ lua_cryptobox_encrypt_file (lua_State *L)
 		pk = rspamd_pubkey_from_base32 (b32, blen, RSPAMD_KEYPAIR_KEX,
 				lua_toboolean (L, 3) ?
 				RSPAMD_CRYPTOBOX_MODE_NIST : RSPAMD_CRYPTOBOX_MODE_25519);
+		own_pk = true;
 	}
 
 	filename = luaL_checkstring (L, 2);
 	data = rspamd_file_xmap (filename, PROT_READ, &len, TRUE);
 
 	if (!(kp || pk) || !data) {
-		return luaL_error (L, "invalid arguments");
+		goto err;
 	}
 
 	if (kp) {
@@ -2098,8 +2125,17 @@ lua_cryptobox_encrypt_file (lua_State *L)
 	res->len = outlen;
 	rspamd_lua_setclass (L, "rspamd{text}", -1);
 	munmap (data, len);
+	if (own_pk) {
+		rspamd_pubkey_unref (pk);
+	}
 
 	return 1;
+
+err:
+	if (own_pk) {
+		rspamd_pubkey_unref (pk);
+	}
+	return luaL_error (L, "invalid arguments");
 }
 
 /***
@@ -2178,12 +2214,15 @@ lua_cryptobox_decrypt_file (lua_State *L)
 	GError *err = NULL;
 
 	kp = lua_check_cryptobox_keypair (L, 1);
+	if (!kp) {
+		return luaL_error (L, "invalid arguments; keypair is expected");
+	}
+
 	filename = luaL_checkstring (L, 2);
 	data = rspamd_file_xmap (filename, PROT_READ, &len, TRUE);
-
-
-	if (!kp || !data) {
-		return luaL_error (L, "invalid arguments");
+	if (!data) {
+		return luaL_error (L, "invalid arguments; cannot mmap %s: %s",
+				filename, strerror(errno));
 	}
 
 	if (!rspamd_keypair_decrypt (kp, data, len, &out, &outlen, &err)) {
@@ -2446,6 +2485,7 @@ lua_cryptobox_pbkdf (lua_State *L)
 
 	if (pwlen == 0) {
 		lua_pushnil (L);
+		g_free (password);
 
 		return 1;
 	}

src/lua/lua_dns_resolver.c

@@ -504,16 +504,18 @@ lua_dns_resolver_resolve_common (lua_State *L,
 	}
 
 	return 1;
+
 err:
+	/* Callback is not called in this case */
+	if (cbdata->cbref != -1) {
+		luaL_unref (L, LUA_REGISTRYINDEX, cbdata->cbref);
+	}
+
 	if (!pool) {
 		/* Free resources */
 		g_free (cbdata->to_resolve);
 		g_free (cbdata->user_str);
-	}
-
-	/* Callback is not called in this case */
-	if (cbdata->cbref != -1) {
-		luaL_unref (L, LUA_REGISTRYINDEX, cbdata->cbref);
+		g_free (cbdata);
 	}
 
 	lua_pushnil (L);

src/lua/lua_html.cxx

@@ -565,7 +565,7 @@ lua_html_tag_get_flags (lua_State *L)
 	struct lua_html_tag *ltag = lua_check_html_tag (L, 1);
 	gint i = 1;
 
-	if (ltag->tag) {
+	if (ltag && ltag->tag) {
 		/* Push flags */
 		lua_createtable (L, 4, 0);
 		if (ltag->tag->flags & FL_HREF) {

src/lua/lua_http.c

@@ -441,15 +441,15 @@ lua_http_make_connection (struct lua_http_cbdata *cbd)
 
 		if (cbd->task) {
 			cbd->conn->log_tag = cbd->task->task_pool->tag.uid;
+
+			if (cbd->item) {
+				rspamd_symcache_item_async_inc (cbd->task, cbd->item, M);
+			}
 		}
 		else if (cbd->cfg) {
 			cbd->conn->log_tag = cbd->cfg->cfg_pool->tag.uid;
 		}
 
-		if (cbd->item) {
-			rspamd_symcache_item_async_inc (cbd->task, cbd->item, M);
-		}
-
 		struct rspamd_http_message *msg = cbd->msg;
 
 		/* Message is now owned by a connection object */
@@ -652,10 +652,13 @@ lua_http_request (lua_State *L)
 
 		if (lua_type (L, -1) == LUA_TUSERDATA) {
 			task = lua_check_task (L, -1);
-			ev_base = task->event_loop;
-			resolver = task->resolver;
-			session = task->s;
-			cfg = task->cfg;
+
+			if (task) {
+				ev_base = task->event_loop;
+				resolver = task->resolver;
+				session = task->s;
+				cfg = task->cfg;
+			}
 		}
 		lua_pop (L, 1);
 
@@ -823,7 +826,10 @@ lua_http_request (lua_State *L)
 				}
 				else {
 					t = lua_check_text (L, -1);
-					body = rspamd_fstring_append (body, t->start, t->len);
+
+					if (t) {
+						body = rspamd_fstring_append(body, t->start, t->len);
+					}
 				}
 
 				lua_pop (L, 1);
@@ -1043,7 +1049,7 @@ lua_http_request (lua_State *L)
 		cbd->session = session;
 	}
 
-	if (rspamd_parse_inet_address (&cbd->addr,
+	if (msg->host && rspamd_parse_inet_address (&cbd->addr,
 			msg->host->str, msg->host->len, RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) {
 		/* Host is numeric IP, no need to resolve */
 		gboolean ret;

src/lua/lua_kann.c

@@ -803,11 +803,11 @@ lua_kann_new_weight_conv1d (lua_State *L)
 static int
 lua_kann_new_leaf (lua_State *L)
 {
-	gint dim = luaL_checkinteger (L, 1), i, *ar;
+	int dim = luaL_checkinteger (L, 1), i, *ar;
 	kad_node_t *t;
 
 	if (dim >= 1 && dim < KAD_MAX_DIM && lua_istable (L, 2)) {
-		ar = g_malloc0 (sizeof (ar) * dim);
+		ar = g_new0 (int, dim);
 
 		for (i = 0; i < dim; i ++) {
 			lua_rawgeti (L, 2, i + 1);
@@ -962,6 +962,10 @@ lua_kann_load (lua_State *L)
 
 		t = lua_check_text (L, 1);
 
+		if (!t) {
+			return luaL_error (L, "invalid arguments");
+		}
+
 #ifndef HAVE_FMEMOPEN
 		return luaL_error (L, "no support of loading from memory on your system");
 #endif
@@ -1043,7 +1047,7 @@ lua_kann_train1 (lua_State *L)
 		}
 
 		if (n_out <= 0) {
-			return luaL_error (L, "invalid outputs count: %d", n_in);
+			return luaL_error (L, "invalid outputs count: %d", n_out);
 		}
 
 		if (n != rspamd_lua_table_size (L, 3) || n == 0) {

src/lua/lua_redis.c

@@ -1348,6 +1348,8 @@ lua_redis_make_request_sync (lua_State *L)
 			rspamd_inet_address_free (ip);
 		}
 		msg_err ("bad arguments for redis request");
+		lua_redis_free_args (args, arglens, nargs);
+
 		lua_pushboolean (L, FALSE);
 	}
 

src/lua/lua_rsa.c

@@ -450,7 +450,6 @@ lua_rsa_signature_load (lua_State *L)
 			lua_pushnil (L);
 		}
 		else {
-			sig = g_malloc (sizeof (rspamd_fstring_t));
 			if (fstat (fd, &st) == -1 ||
 				(data =
 				mmap (NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0))
@@ -660,8 +659,10 @@ lua_rsa_sign_memory (lua_State *L)
 
 	if (rsa != NULL && data != NULL) {
 		signature = rspamd_fstring_sized_new (RSA_size (rsa));
+
+		guint siglen = signature->len;
 		ret = RSA_sign (NID_sha256, data, sz,
-				signature->str, (guint *)&signature->len, rsa);
+				signature->str, &siglen, rsa);
 
 		if (ret != 1) {
 			rspamd_fstring_free (signature);
@@ -670,6 +671,7 @@ lua_rsa_sign_memory (lua_State *L)
 					ERR_error_string (ERR_get_error (), NULL));
 		}
 		else {
+			signature->len = siglen;
 			psig = lua_newuserdata (L, sizeof (rspamd_fstring_t *));
 			rspamd_lua_setclass (L, "rspamd{rsa_signature}", -1);
 			*psig = signature;