[Spice-devel] [spice-gtk 06/13] http-proxy: add https proxy

Marc-André Lureau marcandre.lureau at gmail.com
Wed Feb 12 05:43:17 PST 2014 

On Wed, Feb 12, 2014 at 12:46 PM, Christophe Fergeau
<cfergeau at redhat.com> wrote:
> On Wed, Feb 12, 2014 at 12:04:25PM +0100, Marc-André Lureau wrote:
>> On Wed, Feb 12, 2014 at 11:59 AM, Christophe Fergeau
>> <cfergeau at redhat.com> wrote:
>> > Missed that initially, but tlsconn is leaked in error cases, and I think we
>> > will leak a reference to it in success case too. My understanding is that
>>
>> if error, function returns NULL
>
> tlsconn = g_tls_client_connection_new (io_stream,
>                                        G_SOCKET_CONNECTABLE(proxy_address),
>                                        error);
>
> if (!g_tls_connection_handshake (G_TLS_CONNECTION (tlsconn), cancellable, error))
>     goto error;
>
> error:
>   if (data_in != NULL)
>     g_object_unref (data_in);
>
>   g_free (buffer);
>   return NULL;
> }
>
> tlsconn will be leaked.

ack

>
>
>>
>> > we don't own the io_stream passed as an argument, so we need to ref it in
>> > the http case, but in the https case, we already own a ref on the io_stream
>> > (which is tlsconn), so we ref it one too many.
>>
>> Where do you see we ref something?
>> I remember I did check with valgrind and debugging than all references
>> where correct. But I could be wrong. Please give further details.
>>
>
>   tlsconn = g_tls_client_connection_new (io_stream,
>                                          G_SOCKET_CONNECTABLE(proxy_address),
>                                          error);
>   io_stream = tlsconn;
>
>   return g_object_ref (io_stream);
>
> I think we are taking an extra ref on tlsconn here (ref which is probably
> needed in the !tls case).
>> > tlsconn is leaked here (dunno if it's guaranteed to be NULL when error is
>> > set).
>> >
>> Yes it is guaratee, I can add a warning and  g_clear_object if you want.
>
> a g_warn_if_fail() cannot hurt as it's not explicit in the API doc (or
> fixing the API doc would work too ;)

I'll check for return value instead.

>
>>
>> >> +          return;
>> >> +        }
>> >> +
>> >> +      g_return_if_fail (tlsconn != NULL);
>> >> +
>> >> +      GTlsCertificateFlags tls_validation_flags = G_TLS_CERTIFICATE_VALIDATE_ALL;
>> >> +#ifdef DEBUG
>> >> +      tls_validation_flags -= G_TLS_CERTIFICATE_UNKNOWN_CA + G_TLS_CERTIFICATE_BAD_IDENTITY;
>> >> +#endif
>> >> +      g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (tlsconn),
>> >> +                                                    tls_validation_flags);
>> >> +      g_tls_connection_handshake_async (G_TLS_CONNECTION (tlsconn),
>> >> +                                        G_PRIORITY_DEFAULT, cancellable,
>> >> +                                        handshake_completed, data);
>> >
>> > A g_object_unref(tlsconn) is probably needed here.
>> >
>>
>> no, the async is running and we need to keep the ref.
>
> Ah, my bad, I thought glib async functions were ref'ing their arg as
> needed, but I'm wrong from a quick glance at gio/glib-networking.
>
> Christophe



-- 
Marc-André Lureau

More information about the Spice-devel mailing list