[systemd-commits] 2 commits - src/journal-remote

Michal Schmidt michich at kemper.freedesktop.org
Tue Feb 17 01:36:40 PST 2015 

 src/journal-remote/microhttpd-util.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

New commits:
commit 32c3d7144cf9a5c8c03761d7f198142ca0f5f7b8
Author: Michal Schmidt <mschmidt at redhat.com>
Date:   Tue Feb 17 10:36:57 2015 +0100

    journal-remote: fix client_cert memory leak
    
    Found by Valgrind while testing the previous memory leak fix.

diff --git a/src/journal-remote/microhttpd-util.c b/src/journal-remote/microhttpd-util.c
index de9c6ab..a95fff1 100644
--- a/src/journal-remote/microhttpd-util.c
+++ b/src/journal-remote/microhttpd-util.c
@@ -239,10 +239,14 @@ static int get_auth_dn(gnutls_x509_crt_t client_cert, char **buf) {
         return 0;
 }
 
+static inline void gnutls_x509_crt_deinitp(gnutls_x509_crt_t *p) {
+        gnutls_x509_crt_deinit(*p);
+}
+
 int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) {
         const union MHD_ConnectionInfo *ci;
         gnutls_session_t session;
-        gnutls_x509_crt_t client_cert;
+        _cleanup_(gnutls_x509_crt_deinitp) gnutls_x509_crt_t client_cert = NULL;
         _cleanup_free_ char *buf = NULL;
         int r;
 

commit 9c3cf9693ac5c0a332ba376f99e6adea28b1bb0d
Author: Michal Schmidt <mschmidt at redhat.com>
Date:   Tue Feb 17 10:33:01 2015 +0100

    journal-remote: fix certificate status memory leak
    
    The output of gnutls_certificate_verification_status_print() needs to be
    freed.
    
    Noticed this while staring at verify_cert_authorized() to see what could
    possibly confuse gcc5 on armv7hl to segfault during compilation.

diff --git a/src/journal-remote/microhttpd-util.c b/src/journal-remote/microhttpd-util.c
index 34d9337..de9c6ab 100644
--- a/src/journal-remote/microhttpd-util.c
+++ b/src/journal-remote/microhttpd-util.c
@@ -179,6 +179,7 @@ static int verify_cert_authorized(gnutls_session_t session) {
                 return log_error_errno(r, "gnutls_certificate_verification_status_print failed: %m");
 
         log_info("Certificate status: %s", out.data);
+        gnutls_free(out.data);
 
         return status == 0 ? 0 : -EPERM;
 }

More information about the systemd-commits mailing list