Commit b7eba2c8 authored by David Goulet's avatar David Goulet Committed by Ian Goldberg

Fix: memory leak in fragment reassembly

Fixes #38
Acked-by: MatthewGreen's avatarMatthew D. Green <matthewdgreen@gmail.com>
Signed-off-by: 's avatarDavid Goulet <dgoulet@ev0ke.net>
Signed-off-by: 's avatarIan Goldberg <iang@cs.uwaterloo.ca>
parent ba4cb1c1
......@@ -937,7 +937,6 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
OtrlMessageType msgtype;
int context_added = 0;
OtrlPolicy policy = OTRL_POLICY_DEFAULT;
int fragment_assembled = 0;
char *unfragmessage = NULL, *otrtag = NULL;
EncrData edata;
otrl_instag_t our_instance = 0, their_instance = 0;
......@@ -1021,7 +1020,6 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
return 1;
case OTRL_FRAGMENT_COMPLETE:
/* We've got a new complete message, in unfragmessage. */
fragment_assembled = 1;
message = unfragmessage;
otrtag = strstr(message, "?OTR");
break;
......@@ -1046,7 +1044,8 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
if (((version == 3) && !(policy & OTRL_POLICY_ALLOW_V3))
|| ((version == 2) && !(policy & OTRL_POLICY_ALLOW_V2))
|| ((version == 1) && !(policy & OTRL_POLICY_ALLOW_V1))) {
return 1;
edata.ignore_message = 1;
goto end;
}
/* Check the to and from instance tags */
if (version == 3) {
......@@ -1064,7 +1063,9 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
OTRL_MSGEVENT_RCVDMSG_FOR_OTHER_INSTANCE,
m_context, NULL, gcry_error(GPG_ERR_NO_ERROR));
}
return 1; /* ignore message intended for a different instance */
/* ignore message intended for a different instance */
edata.ignore_message = 1;
goto end;
}
if (their_instance >= OTRL_MIN_VALID_INSTAG) {
......@@ -1076,7 +1077,8 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
if (err || their_instance < OTRL_MIN_VALID_INSTAG) {
message_malformed(ops, opdata, context);
return 1;
edata.ignore_message = 1;
goto end;
}
if (context_added) {
......@@ -1098,7 +1100,8 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
if (msgtype == OTRL_MSGTYPE_DH_KEY) {
otrl_auth_copy_on_key(&(m_context->auth), &(context->auth));
} else if (msgtype != OTRL_MSGTYPE_DH_COMMIT) {
return 1; /* Ignore unexpected message */
edata.ignore_message = 1;
goto end;
}
/* Update the context list */
......@@ -1869,11 +1872,10 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
break;
}
end:
/* If we reassembled a fragmented message, we need to free the
* allocated memory now. */
if (fragment_assembled) {
free(unfragmessage);
}
free(unfragmessage);
if (edata.ignore_message == -1) edata.ignore_message = 0;
return edata.ignore_message;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment