commit d4c299eeb58772fa9a76b8195ba8b803988f9938 Author: Zack Weinberg zackw@panix.com Date: Tue Jul 19 11:08:52 2011 -0700

Fix a memory leak in obfs2.c:derive_padding_key (and be scrupulous about tearing down everything at shutdown time, too) --- src/crypt.c | 4 ++-- src/main.c | 19 +++++++++++++++++-- src/protocols/obfs2.c | 10 ++-------- 3 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/src/crypt.c b/src/crypt.c index 98516e6..e338214 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -26,7 +26,7 @@ #endif

/** - Initializes the obfs2 crypto subsystem. + Initializes the crypto subsystem. */ int initialize_crypto(void) @@ -58,7 +58,7 @@ initialize_crypto(void) }

/** - Cleans up the obfs2 crypto subsystem. + Cleans up the crypto subsystem. */ void cleanup_crypto(void) diff --git a/src/main.c b/src/main.c index cf811fa..254be94 100644 --- a/src/main.c +++ b/src/main.c @@ -4,6 +4,7 @@

#include "util.h"

+#include "crypt.h" #include "network.h" #include "protocol.h"

@@ -14,6 +15,7 @@ #include <string.h>

#include <event2/event.h> +#include <event2/dns.h>

/* The character that seperates multiple listeners in the cli */ #define SEPARATOR "+" @@ -305,6 +307,12 @@ main(int argc, const char **argv) WSAStartup(0x101, &wsaData); #endif

+ /* Initialize crypto */ + if (initialize_crypto() < 0) { + log_warn("Can't initialize crypto; failing"); + return 1; + } + /* Initialize libevent */ the_event_base = event_base_new(); if (!the_event_base) { @@ -365,14 +373,21 @@ main(int argc, const char **argv) "%d survived.", n_protocols, actual_protocols,n_listeners);

- /* run the event loop if at least a listener was created. */ + /* run the event loop if at least one listener was created. */ if (n_listeners) event_base_dispatch(the_event_base);

log_info("Exiting.");

- close_obfsproxy_logfile(); free_all_listeners(); + evdns_base_free(get_evdns_base(), 0); + event_free(sig_int); + event_free(sig_term); + event_base_free(the_event_base); + + cleanup_crypto(); + + close_obfsproxy_logfile(); free(protocol_options); free(n_options_array); free(protocols); diff --git a/src/protocols/obfs2.c b/src/protocols/obfs2.c index f17af90..5c9aedc 100644 --- a/src/protocols/obfs2.c +++ b/src/protocols/obfs2.c @@ -27,7 +27,6 @@ downcast(struct protocol_t *proto) /* This function parses 'options' and fills the protocol parameters structure 'params'. - It then fills the obfs2 vtable and initializes the crypto subsystem.

Returns 0 on success, -1 on fail. */ @@ -43,12 +42,6 @@ obfs2_init(int n_options, const char *const *options) return NULL; }

- if (initialize_crypto() < 0) { - log_warn("Can't initialize crypto; failing"); - free(params); - return NULL; - } - return params; }

@@ -219,6 +212,7 @@ derive_padding_key(void *s, const uchar *seed, digest_update(c, state->secret_seed, OBFUSCATE_SEED_LENGTH); digest_update(c, (uchar*)keytype, strlen(keytype)); digest_getdigest(c, buf, sizeof(buf)); + digest_free(c);

if (seed_nonzero(state->secret_seed)) { digest_t *d; @@ -227,13 +221,13 @@ derive_padding_key(void *s, const uchar *seed, d = digest_new(); digest_update(d, buf, sizeof(buf)); digest_getdigest(d, buf, sizeof(buf)); + digest_free(d); } }

cryptstate = crypt_new(buf, 16); crypt_set_iv(cryptstate, buf+16, 16); memset(buf, 0, 16); - digest_free(c); return cryptstate; }