Re: [pulseaudio-discuss] [PATCH v2 05/10] raop: Fix resource leaks

2017-03-08 Thread Peter Meerwald-Stadler 

> > diff --git a/src/modules/raop/raop-client.c b/src/modules/raop/raop-client.c
> > index 4c3083e..03558f6 100644
> > --- a/src/modules/raop/raop-client.c
> > +++ b/src/modules/raop/raop-client.c
> > @@ -1223,7 +1223,7 @@ static void rtsp_auth_cb(pa_rtsp_client *rtsp, 
> > pa_rtsp_state_t state, pa_rtsp_st
> > static bool waiting = false;
> > const char *current = NULL;
> > char space[] = " ";
> > -char *token,*ath = NULL;
> > +char *token, *ath = NULL;
> > char *publ, *wath, *mth, *val;
> 
> Should we initialize mth to NULL here to prevent freeing a random address 
> later?
> This could happen when `wath = pa_xstrdup(pa_headerlist_gets(headers, 
> "WWW-Authenticate"));` becomes NULL.
> 
> > char *realm = NULL, *nonce = NULL, *response = NULL;
> > char comma[] = ",";
> > @@ -1260,9 +1260,6 @@ static void rtsp_auth_cb(pa_rtsp_client *rtsp, 
> > pa_rtsp_state_t state, pa_rtsp_st
> > pa_raop_basic_response(DEFAULT_USER_NAME, c->password, 
> > );
> > ath = pa_sprintf_malloc("Basic %s",
> > response);
> > -
> > -pa_xfree(response);
> > -pa_xfree(realm);
> > } else if (pa_safe_streq(mth, "Digest")) {
> > rtrim_char(realm, '\"');
> > rtrim_char(nonce, '\"');

yes, this is addressed in a followup patch

thanks, regards, p.

-- 

Peter Meerwald-Stadler
Mobile: +43 664 24 44 418
___
pulseaudio-discuss mailing list
pulseaudio-discuss@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss

Re: [pulseaudio-discuss] [PATCH v2 05/10] raop: Fix resource leaks

2017-03-06 Thread Hajime Fujita 

> On Mar 6, 2017, at 1:43 AM, Peter Meerwald-Stadler  wrote:
> 
> Coverity ID: #1398158, #1398159
> 
> Signed-off-by: Peter Meerwald-Stadler 
> ---
> src/modules/raop/raop-client.c | 14 ++
> 1 file changed, 6 insertions(+), 8 deletions(-)
> 
> diff --git a/src/modules/raop/raop-client.c b/src/modules/raop/raop-client.c
> index 4c3083e..03558f6 100644
> --- a/src/modules/raop/raop-client.c
> +++ b/src/modules/raop/raop-client.c
> @@ -1223,7 +1223,7 @@ static void rtsp_auth_cb(pa_rtsp_client *rtsp, 
> pa_rtsp_state_t state, pa_rtsp_st
> static bool waiting = false;
> const char *current = NULL;
> char space[] = " ";
> -char *token,*ath = NULL;
> +char *token, *ath = NULL;
> char *publ, *wath, *mth, *val;

Should we initialize mth to NULL here to prevent freeing a random address later?
This could happen when `wath = pa_xstrdup(pa_headerlist_gets(headers, 
"WWW-Authenticate"));` becomes NULL.

> char *realm = NULL, *nonce = NULL, *response = NULL;
> char comma[] = ",";
> @@ -1260,9 +1260,6 @@ static void rtsp_auth_cb(pa_rtsp_client *rtsp, 
> pa_rtsp_state_t state, pa_rtsp_st
> pa_raop_basic_response(DEFAULT_USER_NAME, c->password, 
> );
> ath = pa_sprintf_malloc("Basic %s",
> response);
> -
> -pa_xfree(response);
> -pa_xfree(realm);
> } else if (pa_safe_streq(mth, "Digest")) {
> rtrim_char(realm, '\"');
> rtrim_char(nonce, '\"');
> @@ -1271,17 +1268,18 @@ static void rtsp_auth_cb(pa_rtsp_client *rtsp, 
> pa_rtsp_state_t state, pa_rtsp_st
> ath = pa_sprintf_malloc("Digest username=\"%s\", 
> realm=\"%s\", nonce=\"%s\", uri=\"*\", response=\"%s\"",
> DEFAULT_USER_NAME, realm, nonce,
> response);
> -
> -pa_xfree(response);
> -pa_xfree(realm);
> -pa_xfree(nonce);
> } else {
> pa_log_error("unsupported authentication method: %s", 
> mth);
> +pa_xfree(realm);
> +pa_xfree(nonce);
> pa_xfree(wath);
> pa_xfree(mth);
> goto error;
> }
> 
> +pa_xfree(response);
> +pa_xfree(realm);
> +pa_xfree(nonce);
> pa_xfree(wath);
> pa_xfree(mth);
> 
> -- 
> 2.7.4
> 
> ___
> pulseaudio-discuss mailing list
> pulseaudio-discuss@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss

___
pulseaudio-discuss mailing list
pulseaudio-discuss@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss

[pulseaudio-discuss] [PATCH v2 05/10] raop: Fix resource leaks

2017-03-05 Thread Peter Meerwald-Stadler 
Coverity ID: #1398158, #1398159

Signed-off-by: Peter Meerwald-Stadler 
---
 src/modules/raop/raop-client.c | 14 ++
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/modules/raop/raop-client.c b/src/modules/raop/raop-client.c
index 4c3083e..03558f6 100644
--- a/src/modules/raop/raop-client.c
+++ b/src/modules/raop/raop-client.c
@@ -1223,7 +1223,7 @@ static void rtsp_auth_cb(pa_rtsp_client *rtsp, 
pa_rtsp_state_t state, pa_rtsp_st
 static bool waiting = false;
 const char *current = NULL;
 char space[] = " ";
-char *token,*ath = NULL;
+char *token, *ath = NULL;
 char *publ, *wath, *mth, *val;
 char *realm = NULL, *nonce = NULL, *response = NULL;
 char comma[] = ",";
@@ -1260,9 +1260,6 @@ static void rtsp_auth_cb(pa_rtsp_client *rtsp, 
pa_rtsp_state_t state, pa_rtsp_st
 pa_raop_basic_response(DEFAULT_USER_NAME, c->password, 
);
 ath = pa_sprintf_malloc("Basic %s",
 response);
-
-pa_xfree(response);
-pa_xfree(realm);
 } else if (pa_safe_streq(mth, "Digest")) {
 rtrim_char(realm, '\"');
 rtrim_char(nonce, '\"');
@@ -1271,17 +1268,18 @@ static void rtsp_auth_cb(pa_rtsp_client *rtsp, 
pa_rtsp_state_t state, pa_rtsp_st
 ath = pa_sprintf_malloc("Digest username=\"%s\", 
realm=\"%s\", nonce=\"%s\", uri=\"*\", response=\"%s\"",
 DEFAULT_USER_NAME, realm, nonce,
 response);
-
-pa_xfree(response);
-pa_xfree(realm);
-pa_xfree(nonce);
 } else {
 pa_log_error("unsupported authentication method: %s", mth);
+pa_xfree(realm);
+pa_xfree(nonce);
 pa_xfree(wath);
 pa_xfree(mth);
 goto error;
 }
 
+pa_xfree(response);
+pa_xfree(realm);
+pa_xfree(nonce);
 pa_xfree(wath);
 pa_xfree(mth);
 
-- 
2.7.4

___
pulseaudio-discuss mailing list
pulseaudio-discuss@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss