[Pkg-privacy-commits] [libotr] 197/225: Fix: memory leak in fragment reassembly

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository libotr.

commit b7eba2c8ce8bd07fde9a9835960d59d7188f443e
Author: David Goulet <dgoulet at ev0ke.net>
Date:   Mon Oct 13 13:42:22 2014 -0400

    Fix: memory leak in fragment reassembly
    
    Fixes #38
    
    Acked-by: Matthew D. Green <matthewdgreen at gmail.com>
    Signed-off-by: David Goulet <dgoulet at ev0ke.net>
    Signed-off-by: Ian Goldberg <iang at cs.uwaterloo.ca>
---
 src/message.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/message.c b/src/message.c
index 747e656..bbf36d9 100644
--- a/src/message.c
+++ b/src/message.c
@@ -937,7 +937,6 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
     OtrlMessageType msgtype;
     int context_added = 0;
     OtrlPolicy policy = OTRL_POLICY_DEFAULT;
-    int fragment_assembled = 0;
     char *unfragmessage = NULL, *otrtag = NULL;
     EncrData edata;
     otrl_instag_t our_instance = 0, their_instance = 0;
@@ -1021,7 +1020,6 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
 		return 1;
 	    case OTRL_FRAGMENT_COMPLETE:
 		/* We've got a new complete message, in unfragmessage. */
-		fragment_assembled = 1;
 		message = unfragmessage;
 		otrtag = strstr(message, "?OTR");
 		break;
@@ -1046,7 +1044,8 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
     if (((version == 3) && !(policy & OTRL_POLICY_ALLOW_V3))
 	|| ((version == 2) && !(policy & OTRL_POLICY_ALLOW_V2))
 	|| ((version == 1) && !(policy & OTRL_POLICY_ALLOW_V1))) {
-	    return 1;
+	    edata.ignore_message = 1;
+	    goto end;
     }
     /* Check the to and from instance tags */
     if (version == 3) {
@@ -1064,7 +1063,9 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
 			    OTRL_MSGEVENT_RCVDMSG_FOR_OTHER_INSTANCE,
 			    m_context, NULL, gcry_error(GPG_ERR_NO_ERROR));
 		}
-		return 1; /* ignore message intended for a different instance */
+		/* ignore message intended for a different instance */
+		edata.ignore_message = 1;
+		goto end;
 	    }
 
 	    if (their_instance >= OTRL_MIN_VALID_INSTAG) {
@@ -1076,7 +1077,8 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
 
 	if (err || their_instance < OTRL_MIN_VALID_INSTAG) {
 	    message_malformed(ops, opdata, context);
-	    return 1;
+	    edata.ignore_message = 1;
+	    goto end;
 	}
 
 	if (context_added) {
@@ -1098,7 +1100,8 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
 	    if (msgtype == OTRL_MSGTYPE_DH_KEY) {
 		otrl_auth_copy_on_key(&(m_context->auth), &(context->auth));
 	    } else if (msgtype != OTRL_MSGTYPE_DH_COMMIT) {
-		return 1;  /* Ignore unexpected message */
+		edata.ignore_message = 1;
+		goto end;
 	    }
 
 	    /* Update the context list */
@@ -1869,11 +1872,10 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
 	    break;
     }
 
+end:
     /* If we reassembled a fragmented message, we need to free the
      * allocated memory now. */
-    if (fragment_assembled) {
-	free(unfragmessage);
-    }
+    free(unfragmessage);
 
     if (edata.ignore_message == -1) edata.ignore_message = 0;
     return edata.ignore_message;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git