summaryrefslogtreecommitdiff
path: root/src/reclaim
diff options
context:
space:
mode:
authorMartin Schanzenbach <schanzen@gnunet.org>2020-12-27 21:43:47 +0900
committerMartin Schanzenbach <schanzen@gnunet.org>2020-12-27 21:43:47 +0900
commit7b32281b71e450827ff90f00451f5e5e98c0521e (patch)
treeda46c45025d48462e6d9139bf2fe5c407df95c32 /src/reclaim
parent75a3a90fb765da872383b8f85b2d4087186dc3db (diff)
-hunting memleaks
Diffstat (limited to 'src/reclaim')
-rw-r--r--src/reclaim/oidc_helper.c23
-rw-r--r--src/reclaim/plugin_reclaim_credential_jwt.c22
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c40
-rw-r--r--src/reclaim/plugin_rest_reclaim.c2
-rw-r--r--src/reclaim/reclaim_attribute.c31
-rw-r--r--src/reclaim/reclaim_credential.c32
6 files changed, 123 insertions, 27 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index 041a2fe47..84a90833c 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -193,6 +193,7 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key,
json_object_set_new (body, "iss", json_string (SERVER_ADDRESS));
// sub REQUIRED public key identity, not exceed 255 ASCII length
json_object_set_new (body, "sub", json_string (subject));
+ GNUNET_free (subject);
pres_val_str = NULL;
source_name = NULL;
int i = 0;
@@ -202,14 +203,14 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key,
GNUNET_asprintf (&source_name,
"src%d",
i);
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Adding new presentation source #%d\n", i);
aggr_sources_jwt = json_object ();
pres_val_str =
GNUNET_RECLAIM_presentation_value_to_string (ple->presentation->type,
ple->presentation->data,
ple->presentation->data_size);
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Presentation is: %s\n", pres_val_str);
json_object_set_new (aggr_sources_jwt,
GNUNET_RECLAIM_presentation_number_to_typename (
@@ -224,7 +225,9 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key,
for (le = attrs->list_head; NULL != le; le = le->next)
{
-
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Processing %s for userinfo body\n",
+ le->attribute->name);
if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential))
{
@@ -260,18 +263,6 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key,
int j = 0;
for (ple = presentations->list_head; NULL != ple; ple = ple->next)
{
- char *tmp;
- tmp = GNUNET_STRINGS_data_to_string_alloc (&le->attribute->credential,
- sizeof (le->attribute->credential));
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Checking : %s\n", tmp);
- GNUNET_free (tmp);
-
- tmp = GNUNET_STRINGS_data_to_string_alloc (&ple->presentation->credential_id,
- sizeof (ple->presentation->credential_id));
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- " against: %s\n", tmp);
- GNUNET_free (tmp);
if (GNUNET_YES ==
GNUNET_RECLAIM_id_is_equal (&ple->presentation->credential_id,
&le->attribute->credential))
@@ -289,7 +280,7 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key,
GNUNET_asprintf (&source_name,
"src%d",
j);
- json_object_set_new (aggr_names, le->attribute->data,
+ json_object_set_new (aggr_names, le->attribute->name,
json_string (source_name));
GNUNET_free (source_name);
}
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c
index f30ead570..c1e12f4a0 100644
--- a/src/reclaim/plugin_reclaim_credential_jwt.c
+++ b/src/reclaim/plugin_reclaim_credential_jwt.c
@@ -173,6 +173,7 @@ jwt_parse_attributes (void *cls,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt);
GNUNET_assert (NULL != decoded_jwt);
json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
+ GNUNET_free (decoded_jwt);
const char *key;
json_t *value;
json_object_foreach (json_val, key, value) {
@@ -197,6 +198,7 @@ jwt_parse_attributes (void *cls,
strlen (val_str));
GNUNET_free (val_str);
}
+ json_decref (json_val);
GNUNET_free (jwt_string);
return attrs;
}
@@ -260,11 +262,17 @@ jwt_get_issuer (void *cls,
GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
(void **) &decoded_jwt);
json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
+ GNUNET_free (decoded_jwt);
+ GNUNET_free (jwt_string);
+ if (NULL == json_val)
+ return NULL;
issuer_json = json_object_get (json_val, "iss");
- if ((NULL == issuer_json) || (! json_is_string (issuer_json)))
+ if ((NULL == issuer_json) || (! json_is_string (issuer_json))) {
+ json_decref (json_val);
return NULL;
+ }
issuer = GNUNET_strdup (json_string_value (issuer_json));
- GNUNET_free (jwt_string);
+ json_decref (json_val);
return issuer;
}
@@ -331,11 +339,17 @@ jwt_get_expiration (void *cls,
GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
(void **) &decoded_jwt);
json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
+ GNUNET_free (decoded_jwt);
+ GNUNET_free (jwt_string);
+ if (NULL == json_val)
+ return GNUNET_SYSERR;
exp_json = json_object_get (json_val, "exp");
- if ((NULL == exp_json) || (! json_is_integer (exp_json)))
+ if ((NULL == exp_json) || (! json_is_integer (exp_json))) {
+ json_decref (json_val);
return GNUNET_SYSERR;
+ }
exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000;
- GNUNET_free (jwt_string);
+ json_decref (json_val);
return GNUNET_OK;
}
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 5eb1ff093..0ee61755b 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -610,6 +610,10 @@ cleanup_handle (struct RequestHandle *handle)
GNUNET_free (handle->oidc->response_type);
GNUNET_free (handle->oidc->scope);
GNUNET_free (handle->oidc->state);
+ if (NULL != handle->oidc->claims)
+ GNUNET_free (handle->oidc->claims);
+ if (NULL != handle->oidc->code_challenge)
+ GNUNET_free (handle->oidc->code_challenge);
GNUNET_free (handle->oidc);
}
if (NULL!=handle->attr_idtoken_list)
@@ -1193,8 +1197,7 @@ attr_in_claims_request (struct RequestHandle *handle,
return GNUNET_YES;
/** Try claims parameter if not in scope */
- if ((NULL != handle->oidc->claims) &&
- (GNUNET_YES != ret))
+ if (NULL != handle->oidc->claims)
{
root = json_loads (handle->oidc->claims, JSON_DECODE_ANY, &error);
claims_j = json_object_get (root, claims_parameter);
@@ -1708,8 +1711,6 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
handle->ego_entry = ego_tail;
}
}
- handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Scope: %s\n", handle->oidc->scope);
if (NULL == handle->tld)
GNUNET_CONFIGURATION_iterate_section_values (cfg, "gns", tld_iter, handle);
if (NULL == handle->tld)
@@ -1872,11 +1873,18 @@ parse_credentials_post_body (struct RequestHandle *handle,
if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
->url_param_map,
&cache_key))
+ {
+ GNUNET_free (*client_id);
+ *client_id = NULL;
return GNUNET_SYSERR;
+ }
pass = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
&cache_key);
- if (NULL == pass)
+ if (NULL == pass) {
+ GNUNET_free (*client_id);
+ *client_id = NULL;
return GNUNET_SYSERR;
+ }
*client_secret = strdup (pass);
return GNUNET_OK;
}
@@ -1938,12 +1946,16 @@ check_authorization (struct RequestHandle *handle,
GNUNET_free (expected_pass);
handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_free (received_cpw);
+ GNUNET_free (received_cid);
return GNUNET_SYSERR;
}
GNUNET_free (expected_pass);
}
else
{
+ GNUNET_free (received_cpw);
+ GNUNET_free (received_cid);
handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
handle->edesc = GNUNET_strdup ("gnunet configuration failed");
handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -2102,9 +2114,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
handle->edesc = GNUNET_strdup ("invalid code");
handle->response_code = MHD_HTTP_BAD_REQUEST;
GNUNET_free (code);
+ if (NULL != code_verifier)
+ GNUNET_free (code_verifier);
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
+ if (NULL != code_verifier)
+ GNUNET_free (code_verifier);
// create jwt
if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg,
@@ -2116,6 +2132,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
handle->edesc = GNUNET_strdup ("gnunet configuration failed");
handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
GNUNET_free (code);
+ if (NULL != nonce)
+ GNUNET_free (nonce);
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
@@ -2131,6 +2149,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
handle->edesc = GNUNET_strdup ("No signing secret configured!");
handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
GNUNET_free (code);
+ if (NULL != nonce)
+ GNUNET_free (nonce);
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
@@ -2141,6 +2161,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
&expiration_time,
(NULL != nonce) ? nonce : NULL,
jwt_secret);
+ GNUNET_free (jwt_secret);
+ if (NULL != nonce)
+ GNUNET_free (nonce);
access_token = OIDC_access_token_new (&ticket);
/* Store mapping from access token to code so we can later
* fall back on the provided attributes in userinfo
@@ -2293,6 +2316,8 @@ consume_timeout (void*cls)
handle->edesc = GNUNET_strdup ("invalid code");
handle->response_code = MHD_HTTP_BAD_REQUEST;
GNUNET_free (cached_code);
+ if (NULL != nonce)
+ GNUNET_free (nonce);
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
@@ -2337,7 +2362,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
const struct EgoEntry *aud_ego;
const struct GNUNET_IDENTITY_PrivateKey *privkey;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Getting userinfo\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting userinfo\n");
GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
strlen (OIDC_AUTHORIZATION_HEADER_KEY),
&cache_key);
@@ -2403,7 +2428,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
GNUNET_free (authorization);
return;
}
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Consuming ticket\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Consuming ticket\n");
privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego);
handle->attr_userinfo_list =
GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
@@ -2617,6 +2642,7 @@ oidc_config_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
oidc_config_str = json_dumps (oidc_config, JSON_INDENT (1));
resp = GNUNET_REST_create_response (oidc_config_str);
handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ json_decref (oidc_config);
GNUNET_free (oidc_config_str);
cleanup_handle (handle);
}
diff --git a/src/reclaim/plugin_rest_reclaim.c b/src/reclaim/plugin_rest_reclaim.c
index 022744c82..84456b386 100644
--- a/src/reclaim/plugin_rest_reclaim.c
+++ b/src/reclaim/plugin_rest_reclaim.c
@@ -974,9 +974,11 @@ attr_collect (void *cls,
id_str = GNUNET_STRINGS_data_to_string_alloc (&attr->id,
sizeof(attr->id));
json_object_set_new (attr_obj, "id", json_string (id_str));
+ GNUNET_free (id_str);
id_str = GNUNET_STRINGS_data_to_string_alloc (&attr->credential,
sizeof(attr->credential));
json_object_set_new (attr_obj, "credential", json_string (id_str));
+ GNUNET_free (id_str);
json_array_append (handle->resp_object, attr_obj);
json_decref (attr_obj);
GNUNET_free (tmp_value);
diff --git a/src/reclaim/reclaim_attribute.c b/src/reclaim/reclaim_attribute.c
index 2217987ac..14690d7c9 100644
--- a/src/reclaim/reclaim_attribute.c
+++ b/src/reclaim/reclaim_attribute.c
@@ -102,6 +102,37 @@ init ()
NULL);
}
+/**
+ * Dual function to #init().
+ */
+void __attribute__ ((destructor))
+RECLAIM_ATTRIBUTE_fini ()
+{
+ struct Plugin *plugin;
+ const struct GNUNET_OS_ProjectData *pd = GNUNET_OS_project_data_get ();
+ const struct GNUNET_OS_ProjectData *dpd = GNUNET_OS_project_data_default ();
+
+ if (pd != dpd)
+ GNUNET_OS_init (dpd);
+
+ for (unsigned int i = 0; i < num_plugins; i++)
+ {
+ plugin = attr_plugins[i];
+ GNUNET_break (NULL ==
+ GNUNET_PLUGIN_unload (plugin->library_name,
+ plugin->api));
+ GNUNET_free (plugin->library_name);
+ GNUNET_free (plugin);
+ }
+ GNUNET_free (attr_plugins);
+
+ if (pd != dpd)
+ GNUNET_OS_init (pd);
+
+ attr_plugins = NULL;
+}
+
+
/**
* Convert a type name to the corresponding number
diff --git a/src/reclaim/reclaim_credential.c b/src/reclaim/reclaim_credential.c
index b85ba5955..05601c3d3 100644
--- a/src/reclaim/reclaim_credential.c
+++ b/src/reclaim/reclaim_credential.c
@@ -104,6 +104,38 @@ init ()
/**
+ * Dual function to #init().
+ */
+void __attribute__ ((destructor))
+RECLAIM_CREDENTIAL_fini ()
+{
+ struct Plugin *plugin;
+ const struct GNUNET_OS_ProjectData *pd = GNUNET_OS_project_data_get ();
+ const struct GNUNET_OS_ProjectData *dpd = GNUNET_OS_project_data_default ();
+
+ if (pd != dpd)
+ GNUNET_OS_init (dpd);
+
+ for (unsigned int i = 0; i < num_plugins; i++)
+ {
+ plugin = credential_plugins[i];
+ GNUNET_break (NULL ==
+ GNUNET_PLUGIN_unload (plugin->library_name,
+ plugin->api));
+ GNUNET_free (plugin->library_name);
+ GNUNET_free (plugin);
+ }
+ GNUNET_free (credential_plugins);
+
+ if (pd != dpd)
+ GNUNET_OS_init (pd);
+
+ credential_plugins = NULL;
+}
+
+
+
+/**
* Convert an credential type name to the corresponding number
*
* @param typename name to convert