From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Tue, 16 May 2023 09:35:34 +0000 (+0200)
Subject: sample-plugins: Fix memleak in client-connect example plugin
X-Git-Tag: v2.7_alpha1~468
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2d36678a2be15f7c00a44354ab71e4521ee3a4f3;p=thirdparty%2Fopenvpn.git

sample-plugins: Fix memleak in client-connect example plugin

I was looking for memleaks in the code and found
this one with cppcheck. Only an example, but no
need to leave this bug in it.

Also fix fortify problem in keying-material-exporter-demo
so I can actually test the compilation of the sample
plugins.

v2:
 - remove unneccessary usages of snprintf, replace
   with strncpy.

Change-Id: Ibd1b282afc4a28768be3f165f84ab60ca4d24a9b
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230516093534.26384-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26668.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/sample/sample-plugins/client-connect/sample-client-connect.c b/sample/sample-plugins/client-connect/sample-client-connect.c
index 391de3446..eb2421265 100644
--- a/sample/sample-plugins/client-connect/sample-client-connect.c
+++ b/sample/sample-plugins/client-connect/sample-client-connect.c
@@ -454,6 +454,9 @@ openvpn_plugin_client_connect_v2(struct plugin_context *context,
     if (!rl->name || !rl->value)
     {
         plugin_log(PLOG_ERR, MODULE, "malloc(return_list->xx) failed");
+        free(rl->name);
+        free(rl->value);
+        free(rl);
         return OPENVPN_PLUGIN_FUNC_ERROR;
     }
 
@@ -509,6 +512,9 @@ openvpn_plugin_client_connect_defer_v2(struct plugin_context *context,
     if (!rl->name || !rl->value)
     {
         plugin_log(PLOG_ERR, MODULE, "malloc(return_list->xx) failed");
+        free(rl->name);
+        free(rl->value);
+        free(rl);
         return OPENVPN_PLUGIN_FUNC_ERROR;
     }
 
diff --git a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
index 6a0a1f694..71badf2cd 100644
--- a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
+++ b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
@@ -155,7 +155,7 @@ session_user_set(struct session *sess, X509 *x509)
 
         if (!strncasecmp(objbuf, "CN", 2))
         {
-            snprintf(sess->user, sizeof(sess->user) - 1, (char *)buf);
+            strncpy(sess->user, (char *)buf, sizeof(sess->user) - 1);
         }
 
         OPENSSL_free(buf);
@@ -234,7 +234,7 @@ tls_final(struct openvpn_plugin_args_func_in const *args,
         return OPENVPN_PLUGIN_FUNC_ERROR;
     }
 
-    snprintf(sess->key, sizeof(sess->key) - 1, "%s", key);
+    strncpy(sess->key, key, sizeof(sess->key) - 1);
     ovpn_note("app session key:  %s", sess->key);
 
     switch (plugin->type)