-bugfixes, fix memleaks

author: Schanzenbach, Martin <mschanzenbach@posteo.de> 2017-10-10 16:01:14 +0200
committer: Schanzenbach, Martin <mschanzenbach@posteo.de> 2017-10-10 16:01:14 +0200
commit: 1cfa320f0cb213aed0a3a04577d065a65f847d49 (patch)
tree: caf0db997af48e9599c964cfccc9953ed0baca24 /src
parent: df344790f7f2e7c39cfd951ce373c4ec52b6cda7 (diff)
download: gnunet-1cfa320f0cb213aed0a3a04577d065a65f847d49.tar.gz
gnunet-1cfa320f0cb213aed0a3a04577d065a65f847d49.zip
10 files changed, 211 insertions, 99 deletions
diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c
index 6940220d7..0efe6eaa9 100644
--- a/src/identity-provider/gnunet-idp.c
+++ b/src/identity-provider/gnunet-idp.c
@@ -32,6 +32,11 @@
 #include "gnunet_signatures.h"
 /**
+ * return value
+ */
+static int ret;
+/**
 * List attribute flag
 */
 static int list;
@@ -154,10 +159,6 @@ store_attr_cont (void *cls,
  if (GNUNET_SYSERR == success) {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "%s\n", emsg);
-  } else {
-    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                "Successfully added identity attribute %s=%s\n",
-                attr_name, attr_value);
  }
  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
@@ -172,6 +173,11 @@ process_attrs (void *cls,
    GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
    return;
  }
+  if (NULL == attr)
+  {
+    ret = 1;
+    return;
+  }
  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
              "%s: %s\n", attr->name, (char*)attr->data);
 }
@@ -190,11 +196,11 @@ static void
 process_rvk (void *cls, int success, const char* msg)
 {
  if (GNUNET_OK != success)
+  {
    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
                "Revocation failed.\n");
-  else
+    ret = 1;
-    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+  }
-                "Revocation successful.\n");
  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
@@ -335,7 +341,7 @@ run (void *cls,
     const char *cfgfile,
     const struct GNUNET_CONFIGURATION_Handle *c)
 {
+  ret = 0;
  if (NULL == ego_name)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
@@ -400,7 +406,8 @@ main(int argc, char *const argv[])
                                 &revoke_ticket),
    GNUNET_GETOPT_OPTION_END
  };
-  return GNUNET_PROGRAM_run (argc, argv, "ct",
+  GNUNET_PROGRAM_run (argc, argv, "ct",
-                             "ct", options,
+                      "ct", options,
-                             &run, NULL);
+                      &run, NULL);
+  return ret;
 }
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 6d99e8467..85291d69a 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -903,6 +903,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
  GNUNET_memcpy (write_ptr,
                 serialized_key,
                 size);
+  GNUNET_free (serialized_key);
  // ECDH keypair E = eG
  *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create();
  GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey,
@@ -944,6 +945,7 @@ issue_ticket_after_abe_bootstrap (void *cls,
  char *code_record_data;
  char **attrs;
  char *label;
+  char *policy;
  int attrs_len;
  int i;
  size_t code_record_len;
@@ -955,7 +957,13 @@ issue_ticket_after_abe_bootstrap (void *cls,
  attrs = GNUNET_malloc ((attrs_len + 1)*sizeof (char*));
  i = 0;
  for (le = ih->attrs->list_head; NULL != le; le = le->next) {
-    attrs[i] = (char*) le->attribute->name;
+    GNUNET_asprintf (&policy, "%s_%lu",
+                     le->attribute->name,
+                     le->attribute->attribute_version);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Adding attribute to key: %s\n",
+                policy);
+    attrs[i] = policy;
    i++;
  }
  attrs[i] = NULL;
@@ -984,12 +992,15 @@ issue_ticket_after_abe_bootstrap (void *cls,
                                              code_record,
                                              &store_ticket_issue_cont,
                                              ih);
+  //for (; i > 0; i--)
+  //  GNUNET_free (attrs[i-1]);
  GNUNET_free (ecdhe_privkey);
  GNUNET_free (label);
  GNUNET_free (attrs);
  GNUNET_free (code_record_data);
+  GNUNET_CRYPTO_cpabe_delete_key (rp_key,
+                                  GNUNET_YES);
  GNUNET_CRYPTO_cpabe_delete_master_key (abe_key);
-  GNUNET_CRYPTO_cpabe_delete_key (rp_key);
 }
@@ -1107,6 +1118,16 @@ ticket_reissue_proc (void *cls,
                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
                     const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
+static void
+revocation_reissue_tickets (struct TicketRevocationHandle *rh);
+static void reissue_next (void *cls)
+{
+  struct TicketRevocationHandle *rh = cls;
+  revocation_reissue_tickets (rh);
+}
 static void
 reissue_ticket_cont (void *cls,
@@ -1114,7 +1135,6 @@ reissue_ticket_cont (void *cls,
                     const char *emsg)
 {
  struct TicketRevocationHandle *rh = cls;
-  int ret;
  rh->ns_qe = NULL;
  if (GNUNET_SYSERR == success)
@@ -1125,25 +1145,10 @@ reissue_ticket_cont (void *cls,
    cleanup_revoke_ticket_handle (rh);
    return;
  }
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Continue DB iteration\n");
  rh->offset++;
-  GNUNET_assert (GNUNET_SYSERR != (ret =
+  GNUNET_SCHEDULER_add_now (&reissue_next, rh);
-                                   TKT_database->iterate_tickets (TKT_database->cls,
-                                                                  &rh->ticket.identity,
-                                                                  GNUNET_NO,
-                                                                  rh->offset,
-                                                                  &ticket_reissue_proc,
-                                                                  rh)));
-  if (GNUNET_NO == ret)
-  {
-    send_revocation_finished (rh, GNUNET_OK);
-    cleanup_revoke_ticket_handle (rh);
-  }
 }
-static void
-revocation_reissue_tickets (struct TicketRevocationHandle *rh);
 /**
 * Process ticket from database
@@ -1177,8 +1182,18 @@ ticket_reissue_proc (void *cls,
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Iteration done\n");
-    send_revocation_finished (rh, GNUNET_OK);
+    return;
-    cleanup_revoke_ticket_handle (rh);
+  }
+  if (0 == memcmp (&ticket->audience,
+                   &rh->ticket.audience,
+                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Do not reissue for this identity.!\n");
+    rh->offset++;
+    GNUNET_SCHEDULER_add_now (&reissue_next, rh);
    return;
  }
@@ -1196,19 +1211,20 @@ ticket_reissue_proc (void *cls,
                       le->attribute->name))
      {
        reissue_ticket = GNUNET_YES;
-        break;
+        le->attribute->attribute_version = le_rollover->attribute->attribute_version;
      }
    }
-    if (GNUNET_YES == reissue_ticket)
-      break;
  }
  if (GNUNET_NO == reissue_ticket)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Skipping ticket.\n");
    rh->offset++;
-    revocation_reissue_tickets (rh);
+    GNUNET_SCHEDULER_add_now (&reissue_next, rh);
    return;
  }
@@ -1222,7 +1238,7 @@ ticket_reissue_proc (void *cls,
  attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*));
  i = 0;
  for (le = attrs->list_head; NULL != le; le = le->next) {
-    GNUNET_asprintf (&policy, "%s:%lu",
+    GNUNET_asprintf (&policy, "%s_%lu",
                     le->attribute->name,
                     le->attribute->attribute_version);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -1235,7 +1251,7 @@ ticket_reissue_proc (void *cls,
                                           attr_arr);
  //TODO review this wireformat
-  code_record_len = serialize_abe_keyinfo2 (&rh->ticket,
+  code_record_len = serialize_abe_keyinfo2 (ticket,
                                            attrs,
                                            rp_key,
                                            &ecdhe_privkey,
@@ -1256,13 +1272,13 @@ ticket_reissue_proc (void *cls,
                                              code_record,
                                              &reissue_ticket_cont,
                                              rh);
-  for (; i > 0; i--)
+  //for (; i > 0; i--)
-    GNUNET_free (attr_arr[i-1]);
+  //  GNUNET_free (attr_arr[i-1]);
  GNUNET_free (ecdhe_privkey);
  GNUNET_free (label);
  GNUNET_free (attr_arr);
  GNUNET_free (code_record_data);
-  GNUNET_CRYPTO_cpabe_delete_key (rp_key);
+  GNUNET_CRYPTO_cpabe_delete_key (rp_key, GNUNET_YES);
 }
@@ -1278,7 +1294,7 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
  int ret;
  /* Done, issue new keys */
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Revocation Phase IV: Reissuing Tickets\n");
+              "Revocation Phase III: Reissuing Tickets\n");
  if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls,
                                                             &rh->ticket.identity,
                                                             GNUNET_NO,
@@ -1292,8 +1308,8 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
  {
    send_revocation_finished (rh, GNUNET_OK);
    cleanup_revoke_ticket_handle (rh);
+    return;
  }
 }
 /**
@@ -1322,9 +1338,11 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
  attribute_serialize (rh->attrs->list_head->attribute,
                       buf);
  rh->attrs->list_head->attribute->attribute_version++;
-  GNUNET_asprintf (&policy, "%s:%lu",
+  GNUNET_asprintf (&policy, "%s_%lu",
                   rh->attrs->list_head->attribute->name,
                   rh->attrs->list_head->attribute->attribute_version);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Encrypting with policy %s\n", policy);
  /**
   * Encrypt the attribute value and store in namestore
   */
@@ -1388,6 +1406,7 @@ attr_reenc_cont (void *cls,
  GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head,
                               rh->attrs->list_tail,
                               le);
+  GNUNET_assert (NULL != rh->rvk_attrs);
  GNUNET_CONTAINER_DLL_insert (rh->rvk_attrs->list_head,
                               rh->rvk_attrs->list_tail,
                               le);
@@ -1476,13 +1495,9 @@ handle_revoke_ticket_message (void *cls,
  struct TicketRevocationHandle *rh;
  struct IdpClient *idp = cls;
  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
-  size_t attrs_len;
  rh = GNUNET_new (struct TicketRevocationHandle);
-  attrs_len = ntohs (rm->attrs_len);
  ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1];
-  if (0 < attrs_len)
-    rh->rvk_attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len);
  rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
  rh->ticket = *ticket;
  rh->r_id = ntohl (rm->id);
@@ -1500,15 +1515,18 @@ handle_revoke_ticket_message (void *cls,
 static void
-cleanup_as_handle (struct AttributeStoreHandle *handle)
+cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
 {
-  if (NULL != handle->attribute)
+  if (NULL != handle->key)
-    GNUNET_free (handle->attribute);
+    GNUNET_CRYPTO_cpabe_delete_key (handle->key,
-  if (NULL != handle->abe_key)
+                                    GNUNET_YES);
-    GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);
+  if (NULL != handle->attrs)
+    attribute_list_destroy (handle->attrs);
  GNUNET_free (handle);
 }
 /**
 * Checks a ticket consume message
 *
@@ -1544,7 +1562,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *attr_le;
  char *data;
  char *data_tmp;
-  size_t attr_len;
+  ssize_t attr_len;
  size_t attrs_len;
  GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,
@@ -1560,14 +1578,17 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
                                            rd->data_size - sizeof (uint32_t),
                                            handle->key,
                                            (void**)&data);
-    attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry);
+    if (GNUNET_SYSERR != attr_len) 
-    attr_le->attribute = attribute_deserialize (data,
+    {
-                                                attr_len);
+      attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry);
-    attr_le->attribute->attribute_version = ntohl(*(uint32_t*)rd->data);
+      attr_le->attribute = attribute_deserialize (data,
-    GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,
+                                                  attr_len);
-                                 handle->attrs->list_tail,
+      attr_le->attribute->attribute_version = ntohl(*(uint32_t*)rd->data);
-                                 attr_le);
+      GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,
-    GNUNET_free (data);
+                                   handle->attrs->list_tail,
+                                   attr_le);
+      GNUNET_free (data);
+    }
  }
  if (NULL != handle->parallel_lookups_head)
    return; //Wait for more
@@ -1595,6 +1616,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
  attribute_list_serialize (handle->attrs,
                            data_tmp);
  GNUNET_MQ_send (handle->client->mq, env);
+  cleanup_consume_ticket_handle (handle);
 }
 void
@@ -1625,14 +1647,6 @@ abort_parallel_lookups2 (void *cls)
 }
-static void
-cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
-{
-  if (NULL != handle->key)
-    GNUNET_CRYPTO_cpabe_delete_key (handle->key);
-  GNUNET_free (handle);
-}
 static void
 process_consume_abe_key (void *cls, uint32_t rd_count,
@@ -1713,6 +1727,8 @@ process_consume_abe_key (void *cls, uint32_t rd_count,
                                 parallel_lookup);
    GNUNET_free (lookup_query);
  }
+  GNUNET_free (scopes);
+  GNUNET_free (buf);
  handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3),
                                                    &abort_parallel_lookups2,
                                                    handle);
@@ -1766,6 +1782,16 @@ handle_consume_ticket_message (void *cls,
 }
 static void
+cleanup_as_handle (struct AttributeStoreHandle *handle)
+{
+  if (NULL != handle->attribute)
+    GNUNET_free (handle->attribute);
+  if (NULL != handle->abe_key)
+    GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);
+  GNUNET_free (handle);
+}
+static void
 attr_store_cont (void *cls,
                 int32_t success,
                 const char *emsg)
@@ -1779,6 +1805,7 @@ attr_store_cont (void *cls,
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "Failed to store attribute %s\n",
                emsg);
+    cleanup_as_handle (as_handle);
    GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
    return;
  }
@@ -1816,9 +1843,11 @@ attr_store_task (void *cls)
                       buf);
  GNUNET_asprintf (&policy,
-                   "%s:%lu",
+                   "%s_%lu",
                   as_handle->attribute->name,
                   as_handle->attribute->attribute_version);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Encrypting with policy %s\n", policy);
  /**
   * Encrypt the attribute value and store in namestore
   */
@@ -1926,7 +1955,7 @@ static void
 cleanup_iter_handle (struct AttributeIterator *ai)
 {
  if (NULL != ai->abe_key)
-    GNUNET_free (ai->abe_key);
+    GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key);
  GNUNET_CONTAINER_DLL_remove (ai->client->op_head,
                               ai->client->op_tail,
                               ai);
@@ -1936,10 +1965,11 @@ cleanup_iter_handle (struct AttributeIterator *ai)
 static void
 attr_iter_error (void *cls)
 {
-  //struct AttributeIterator *ai = cls;
+  struct AttributeIterator *ai = cls;
  //TODO
  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
              "Failed to iterate over attributes\n");
+  cleanup_iter_handle (ai);
  GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
 }
@@ -1974,6 +2004,7 @@ attr_iter_cb (void *cls,
  char* attrs[2];
  char* data_tmp;
  char* policy;
+  uint32_t attr_ver;
  if (rd_count != 1)
  {
@@ -1985,8 +2016,9 @@ attr_iter_cb (void *cls,
    GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it);
    return;
  }
-  GNUNET_asprintf (&policy, "%s:%lu",
+  attr_ver = ntohl(*((uint32_t*)rd->data));
-                   label, *(uint32_t*)rd->data);
+  GNUNET_asprintf (&policy, "%s_%lu",
+                   label, attr_ver);
  attrs[0] = policy;
  attrs[1] = 0;
  key = GNUNET_CRYPTO_cpabe_create_key (ai->abe_key,
@@ -1995,8 +2027,10 @@ attr_iter_cb (void *cls,
                                               rd->data_size-sizeof (uint32_t),
                                               key,
                                               (void**)&attr_ser);
-  GNUNET_CRYPTO_cpabe_delete_key (key);
-  GNUNET_free (policy);
+  GNUNET_CRYPTO_cpabe_delete_key (key,
+                                  GNUNET_YES);
+  //GNUNET_free (policy);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Found attribute: %s\n", label);
  env = GNUNET_MQ_msg_extra (arm,
@@ -2012,6 +2046,8 @@ attr_iter_cb (void *cls,
                 msg_extra_len);
  GNUNET_MQ_send (ai->client->mq, env);
  GNUNET_free (attr_ser);
+  GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key);
+  ai->abe_key = NULL;
 }
@@ -2031,6 +2067,16 @@ iterate_after_abe_bootstrap (void *cls,
                                                     ai);
 }
+void
+iterate_next_after_abe_bootstrap (void *cls,
+                             struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
+{
+  struct AttributeIterator *ai = cls;
+  ai->abe_key = abe_key;
+  GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it);
+}
 /**
 * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ITERATION_START message
@@ -2121,7 +2167,10 @@ handle_iteration_next (void *cls,
    GNUNET_SERVICE_client_drop (idp->client);
    return;
  }
-  GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it);
+  bootstrap_abe (&ai->identity,
+                 &iterate_next_after_abe_bootstrap,
+                 ai,
+                 GNUNET_NO);
  GNUNET_SERVICE_client_continue (idp->client);
 }
diff --git a/src/identity-provider/identity_attribute.c b/src/identity-provider/identity_attribute.c
index a8d2b27e6..c7e833326 100644
--- a/src/identity-provider/identity_attribute.c
+++ b/src/identity-provider/identity_attribute.c
@@ -142,6 +142,7 @@ attribute_list_dup (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
    GNUNET_memcpy (result_le->attribute,
                   le->attribute,
                   len);
+    result_le->attribute->name = (const char*)&result_le->attribute[1];
    GNUNET_CONTAINER_DLL_insert (result->list_head,
                                 result->list_tail,
                                 result_le);
@@ -186,6 +187,7 @@ attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr,
  attr_ser = (struct Attribute*)result;
  attr_ser->attribute_type = htons (attr->attribute_type);
+  attr_ser->attribute_version = htonl (attr->attribute_version);
  name_len = strlen (attr->name);
  attr_ser->name_len = htons (name_len);
  write_ptr = (char*)&attr_ser[1];
@@ -221,6 +223,7 @@ attribute_deserialize (const char* data,
  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute)
                        + data_len + name_len + 1);
  attr->attribute_type = ntohs (attr_ser->attribute_type);
+  attr->attribute_version = ntohl (attr_ser->attribute_version);
  attr->data_size = ntohs (attr_ser->data_size);
  write_ptr =  (char*)&attr[1];
diff --git a/src/identity-provider/identity_attribute.h b/src/identity-provider/identity_attribute.h
index 8a8da12f1..3e8fadccf 100644
--- a/src/identity-provider/identity_attribute.h
+++ b/src/identity-provider/identity_attribute.h
@@ -36,6 +36,11 @@ struct Attribute
  uint32_t attribute_type;
  /**
+   * Attribute version
+   */
+  uint32_t attribute_version;
+  
+  /**
   * Name length
   */
  uint32_t name_len;
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c
index 99faf0ecd..6d28709df 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/identity-provider/identity_provider_api.c
@@ -501,12 +501,21 @@ handle_consume_ticket_result (void *cls,
                                        attrs_len);
    if (NULL != op->ar_cb)
    {
-      for (le = attrs->list_head; NULL != le; le = le->next)
+      if (NULL == attrs)
+      {
        op->ar_cb (op->cls,
                   &msg->identity,
-                   le->attribute);
+                   NULL);
+      }
+      else
+      {
+        for (le = attrs->list_head; NULL != le; le = le->next)
+          op->ar_cb (op->cls,
+                     &msg->identity,
+                     le->attribute);
+        attribute_list_destroy (attrs);
+      }
    }
-    attribute_list_destroy (attrs);
    op->ar_cb (op->cls,
               NULL,
               NULL);
diff --git a/src/identity-provider/test_idp.conf b/src/identity-provider/test_idp.conf
index 9669bef7e..e5d1c7186 100644
--- a/src/identity-provider/test_idp.conf
+++ b/src/identity-provider/test_idp.conf
@@ -15,7 +15,7 @@ PLUGINS =
 [identity-provider]
 AUTOSTART = YES
-PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/idplog
+PREFIX = valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=/tmp/idplog
 [gns]
 #PREFIX = valgrind --leak-check=full --track-origins=yes
diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh
index ab437c0e8..e47c13da6 100755
--- a/src/identity-provider/test_idp_consume.sh
+++ b/src/identity-provider/test_idp_consume.sh
@@ -29,10 +29,10 @@ gnunet-identity -C testego -c test_idp.conf
 gnunet-identity -C rpego -c test_idp.conf
 SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}')
 TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf > /dev/null 2>&1
+gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1
+gnunet-idp -e testego -a name -V John -c test_idp.conf
 TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}')
 echo "Consuming ticket $TICKET"
 gnunet-idp -e rpego -C $TICKET -c test_idp.conf
 curl http://localhost:7776/idp/tickets/testego
-#gnunet-arm -e -c test_idp.conf
+gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_revoke.sh b/src/identity-provider/test_idp_revoke.sh
index 57872c5b9..d5c2c3f77 100755
--- a/src/identity-provider/test_idp_revoke.sh
+++ b/src/identity-provider/test_idp_revoke.sh
@@ -24,14 +24,37 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
 TEST_ATTR="test"
 gnunet-arm -s -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
+gnunet-identity -C alice -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
+gnunet-identity -C bob -c test_idp.conf
-SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}')
+gnunet-identity -C eve -c test_idp.conf
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
+ALICE_KEY=$(gnunet-identity -d -c test_idp.conf | grep alice | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
+BOB_KEY=$(gnunet-identity -d -c test_idp.conf | grep bob | awk '{print $3}')
-gnunet-idp -e testego -a name -V John -c test_idp.conf
+EVE_KEY=$(gnunet-identity -d -c test_idp.conf | grep eve | awk '{print $3}')
-#gnunet-idp -e testego -D -c test_idp.conf
-TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}')
+gnunet-idp -e alice -a email -V john@doe.gnu -c test_idp.conf 
+gnunet-idp -e alice -a name -V John -c test_idp.conf
+TICKET_BOB=$(gnunet-idp -e alice -i "email,name" -r $BOB_KEY -c test_idp.conf | awk '{print $1}')
+#gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf
+TICKET_EVE=$(gnunet-idp -e alice -i "email" -r $EVE_KEY -c test_idp.conf | awk '{print $1}')
 #echo "Consuming $TICKET"
-gnunet-idp -e testego -R $TICKET -c test_idp.conf
+#gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf
+gnunet-idp -e alice -R $TICKET_EVE -c test_idp.conf
+gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf  > /dev/null 2>&1
+if test $? == 0
+then 
+  echo "Eve can still resolve attributes..."
+  gnunet-arm -e -c test_idp.conf
+  exit 1
+fi
+gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf > /dev/null 2>&1
+if test $? != 0
+then
+  echo "Bob cannot resolve attributes..."
+  gnunet-arm -e -c test_idp.conf
+  exit 1
+fi
 gnunet-arm -e -c test_idp.conf
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 78d31a9ec..2b6718557 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -2151,7 +2151,8 @@ struct GNUNET_CRYPTO_AbeKey *
 GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *msk,
                                char **attrs);
 void
-GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key);
+GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key,
+                                int delete_pub);
 /**
diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c
index f52cd5213..fcaa826ed 100644
--- a/src/util/crypto_abe.c
+++ b/src/util/crypto_abe.c
@@ -159,7 +159,10 @@ GNUNET_CRYPTO_cpabe_create_master_key (void)
 void
 GNUNET_CRYPTO_cpabe_delete_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key)
 {
-  gabe_msk_free (key->msk); //For some reason free of pub implicit?
+  gabe_msk_free (key->msk);
+  gabe_pub_free (key->pub);
+  //GNUNET_free (key->msk);
+  //gabe_msk_free (key->msk); //For some reason free of pub implicit?
  GNUNET_free (key);
 }
@@ -175,15 +178,19 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key,
  prv_key->prv = gabe_keygen(key->pub, key->msk, attrs);
  size = gabe_pub_serialize(key->pub, &tmp);
  prv_key->pub = gabe_pub_unserialize(tmp, size);
+  GNUNET_free (tmp);
  GNUNET_assert (NULL != prv_key->prv);
  return prv_key;
 }
 void
-GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key)
+GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key,
+                                int delete_pub)
 {
  //Memory management in gabe is buggy
-  //gabe_prv_free (prv);
+  gabe_prv_free (key->prv);
+  if (GNUNET_YES == delete_pub)
+    gabe_pub_free (key->pub);
  GNUNET_free (key);
 }
@@ -266,6 +273,7 @@ GNUNET_CRYPTO_cpabe_encrypt (const void *block,
  cph_buf_len = gabe_cph_serialize(cph,
                                &cph_buf);
  gabe_cph_free(cph);
+  GNUNET_free (cph);
  plt = GNUNET_memdup (block, size);
  aes_buf_len = aes_128_cbc_encrypt(plt, size, m, &aes_buf);
  GNUNET_free (plt);
@@ -293,14 +301,21 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block,
  read_cpabe(block, &cph_buf, &cph_buf_size, &aes_buf, &aes_buf_size);
  cph = gabe_cph_unserialize(key->pub, cph_buf, cph_buf_size);
  if( !gabe_dec(key->pub, key->prv, cph, m) ) {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "%s\n", gabe_error());
+    GNUNET_free (aes_buf);
+    GNUNET_free (cph_buf);
    gabe_cph_free(cph);
+    GNUNET_free (cph);
+    element_clear (m);
    return GNUNET_SYSERR;
  }
  gabe_cph_free(cph);
+  GNUNET_free (cph);
  plt_len = aes_128_cbc_decrypt(aes_buf, aes_buf_size, m, (char**)result);
+  GNUNET_free (cph_buf);
  GNUNET_free (aes_buf);
+  element_clear (m);
  //freeing is buggy in gabe
  //gabe_prv_free (prv);
  //gabe_pub_free (pub);
author	Schanzenbach, Martin <mschanzenbach@posteo.de>	2017-10-10 16:01:14 +0200
committer	Schanzenbach, Martin <mschanzenbach@posteo.de>	2017-10-10 16:01:14 +0200
commit	1cfa320f0cb213aed0a3a04577d065a65f847d49 (patch)
tree	caf0db997af48e9599c964cfccc9953ed0baca24 /src
parent	df344790f7f2e7c39cfd951ce373c4ec52b6cda7 (diff)
download	gnunet-1cfa320f0cb213aed0a3a04577d065a65f847d49.tar.gz gnunet-1cfa320f0cb213aed0a3a04577d065a65f847d49.zip