From 103a4fe9bbd4a1ff33f0643bb749d4feed97905f Mon Sep 17 00:00:00 2001 From: onefang Date: Thu, 23 Apr 2020 17:23:14 +1000 Subject: Leaks-- --- src/sledjchisl/sledjchisl.c | 63 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 52 insertions(+), 11 deletions(-) diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c index 1e90f37..95d03fc 100644 --- a/src/sledjchisl/sledjchisl.c +++ b/src/sledjchisl/sledjchisl.c @@ -1683,6 +1683,9 @@ d("dbPull(Rd->database) %s = %s", where, (char *) obj.data); } me->unlock(me); me->free(me); + free(rows->fieldNames); + rows->rows->free(rows->rows); + free(rows); } void dbFreeRequest(dbRequest *req) @@ -3146,7 +3149,9 @@ T("free sesh %s %s", linky ? "linky" : "session", wipe ? "wipe" : "delete"); while(Rd->database->getnext(Rd->database, &obj, false) == true) Rd->database->remove(Rd->database, obj.name); Rd->database->unlock(Rd->database); + if (NULL != shs->name) free(shs->name); shs->name = NULL; + if (NULL != shs->UUID) free(shs->UUID); shs->UUID = NULL; shs->level = -256; // TODO - should I wipe the rest of Rd->shs as well? @@ -3279,6 +3284,8 @@ t("Write shs %s", tnm4); futimens(fd, shs->timeStamp); xclose(fd); free(tnm9); + free(tnm4); + free(tnm3); free(tnm2); free(tnm1); free(tnm0); @@ -3811,18 +3818,14 @@ W("Validated session linky."); qstrcpy(shs->munchie, sizeof(shs->munchie), munchie); qstrcpy(shs->salt, sizeof(shs->salt), tnm->getstr(tnm, "salt", false)); qstrcpy(shs->seshID, sizeof(shs->seshID), tnm->getstr(tnm, "seshID", false)); -// TODO - free this somewhere. -// shs->name = tnm->getstr(tnm, "name", true); -// shs->UUID = tnm->getstr(tnm, "UUID", true); shs->level = atoi(level); // TODO - get level from somewhere and stuff it in shs. shs->timeStamp[0].tv_nsec = UTIME_OMIT; shs->timeStamp[0].tv_sec = UTIME_OMIT; memcpy(&shs->timeStamp[1], &st.st_mtim, sizeof(struct timespec)); } -// TODO - free this somewhere. - shs->name = tnm->getstr(tnm, "name", true); - shs->UUID = tnm->getstr(tnm, "UUID", true); + shs->name = tnm->getstr(tnm, "name", true); // LEAKY! + shs->UUID = tnm->getstr(tnm, "UUID", true); // LEAKY! } qhashtbl_obj_t obj; @@ -4399,7 +4402,9 @@ static void accountAddWeb(reqData *Rd, inputForm *oF, inputValue *oV) static void accountLoginWeb(reqData *Rd, inputForm *oF, inputValue *oV) { + if (NULL != Rd->shs.name) free(Rd->shs.name); Rd->shs.name = NULL; + if (NULL != Rd->shs.UUID) free(Rd->shs.UUID); Rd->shs.UUID = NULL; accountWebHeaders(Rd, oF); accountWebFields(Rd, oF, oV); @@ -4553,6 +4558,7 @@ static int accountRead(reqData *Rd, char *uuid, char *firstName, char *lastName) if (NULL != firstName) { + free(first); first = xstrdup(firstName); if (NULL == lastName) { @@ -4564,11 +4570,15 @@ d("accountRead() single name |%s| |%s|", first, last); if (NULL != t) { *t++ = '\0'; + free(last); last = xstrdup(t); } } else + { + free(last); last = xstrdup(lastName); + } } d("accountRead() UUID %s, name %s %s", uuid, first, last); uuid_clear(binuuid); @@ -4722,7 +4732,11 @@ static int accountCreateSub(reqData *Rd, inputForm *iF, inputValue *iV) if (0 != ret) { wipe = TRUE; + if (NULL != Rd->shs.name) free(Rd->shs.name); + Rd->shs.name = NULL; + if (NULL != Rd->shs.UUID) free(Rd->shs.UUID); Rd->shs.UUID = NULL; + Rd->shs.level = -256; Rd->output = "accountLogin"; } } @@ -4752,7 +4766,11 @@ static int accountAddSub(reqData *Rd, inputForm *iF, inputValue *iV) { ret++; wipe = TRUE; + if (NULL != Rd->shs.name) free(Rd->shs.name); + Rd->shs.name = NULL; + if (NULL != Rd->shs.UUID) free(Rd->shs.UUID); Rd->shs.UUID = NULL; + Rd->shs.level = -256; Rd->output = "accountLogin"; } else @@ -4880,7 +4898,11 @@ d("Sub accountViewSub() %s %s %s", uuid, first, last); bitch(Rd, "Cannot view account.", "Account doesn't exist."); ret++; wipe = TRUE; + if (NULL != Rd->shs.name) free(Rd->shs.name); + Rd->shs.name = NULL; + if (NULL != Rd->shs.UUID) free(Rd->shs.UUID); Rd->shs.UUID = NULL; + Rd->shs.level = -256; Rd->output = "accountLogin"; } else @@ -4895,14 +4917,18 @@ d("Sub accountViewSub() %s %s %s", uuid, first, last); { ret++; wipe = TRUE; - Rd->shs.UUID = NULL; + if (NULL != Rd->shs.name) free(Rd->shs.name); + Rd->shs.name = NULL; + if (NULL != Rd->shs.UUID) free(Rd->shs.UUID); + Rd->shs.UUID = NULL; + Rd->shs.level = -256; Rd->output = "accountLogin"; } else { Rd->shs.level = atoi(getStrH(Rd->database, "UserAccounts.UserLevel")); - Rd->shs.name = getStrH(Rd->database, "Lua.name"); - Rd->shs.UUID = getStrH(Rd->database, "UserAccounts.PrincipalID"); + Rd->shs.name = Rd->database->getstr(Rd->database, "Lua.name", true); + Rd->shs.UUID = Rd->database->getstr(Rd->database, "UserAccounts.PrincipalID", true); free(h); I("Logged on %s %s Level %d %s", Rd->shs.UUID, Rd->shs.name, Rd->shs.level, getLevel(Rd->shs.level)); } @@ -4954,7 +4980,11 @@ static int accountOutSub(reqData *Rd, inputForm *iF, inputValue *iV) else { // log the user out if they are logged in + if (NULL != Rd->shs.name) free(Rd->shs.name); + Rd->shs.name = NULL; + if (NULL != Rd->shs.UUID) free(Rd->shs.UUID); Rd->shs.UUID = NULL; + Rd->shs.level = -256; Rd->output = "accountLogin"; } @@ -5011,7 +5041,11 @@ static void accountExploreValidatedVouchersWeb(reqData *Rd, inputForm *oF, input qlisttbl_t *list =getAccounts(Rd); // char *name = getStrH(Rd->stuff, "name"); + if (NULL != Rd->shs.name) free(Rd->shs.name); + Rd->shs.name = NULL; + if (NULL != Rd->shs.UUID) free(Rd->shs.UUID); Rd->shs.UUID = NULL; + Rd->shs.level = -256; accountWebHeaders(Rd, oF); accountWebFields(Rd, oF, oV); @@ -5620,6 +5654,7 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile) } free(Rd->outQuery); + Rd->outQuery = NULL; C("Ending dynamic page %s %s", Rd->RUri, form); } @@ -6133,7 +6168,7 @@ if ((strcmp("HTTP_COOKIE", ky) == 0) || (strcmp("CONTENT_LENGTH", ky) == 0) || ( Rd->Scheme = Rd->headers->getstr(Rd->headers, "REQUEST_SCHEME", false); Rd->Host = Rd->headers->getstr(Rd->headers, "HTTP_HOST", false); //char *SUri = Rd->headers->getstr(Rd->headers, "SCRIPT_URI", false); - Rd->RUri = Rd->headers->getstr(Rd->headers, "REQUEST_URI", false); + Rd->RUri = Rd->headers->getstr(Rd->headers, "REQUEST_URI", true); //char *Cookies = Rd->headers->getstr(Rd->headers, "HTTP_COOKIE", false); //char *Referer = Rd->headers->getstr(Rd->headers, "HTTP_REFERER", false); //char *RAddr = Rd->headers->getstr(Rd->headers, "REMOTE_ADDR", false); @@ -6169,7 +6204,7 @@ t("QUERY"); { T("ignoring QUERY"); Rd->queries = qhashtbl(0, 0); -// TODO - stop this from leaking. + free(Rd->RUri); Rd->RUri = xmprintf("%s%s", Rd->Script, Path); } t("BODY"); @@ -6352,6 +6387,11 @@ sendReply: fcgiDone: FCGI_Finish(); + if (NULL != Rd->outQuery) free(Rd->outQuery); + if (NULL != Rd->shs.name) free(Rd->shs.name); + Rd->shs.name = NULL; +// if (NULL != Rd->shs.UUID) free(Rd->shs.UUID); // LEAKY! But crashy! + Rd->shs.UUID = NULL; qgrow_free(Rd->reply); qlist_free(Rd->messages); qlist_free(Rd->errors); @@ -6365,6 +6405,7 @@ fcgiDone: qhashtbl_free(Rd->body); qhashtbl_free(Rd->queries); if (Rd->lnk) free(Rd->lnk); + free(Rd->RUri); struct timespec now; if (-1 == clock_gettime(CLOCK_REALTIME, &now)) -- cgit v1.1