Fix a batch of resource leaks spotted by Coverity.

2025-01-09 17:38:00 +00:00 · 2022-09-07 13:52:58 +01:00 · 2022-09-07 13:52:58 +01:00 · 1f6d93f0c8
commit 1f6d93f0c8
parent 16d5bb7269
4 changed files with 12 additions and 2 deletions
--- a/crypto/ntru.c
+++ b/crypto/ntru.c
@ -1242,12 +1242,12 @@ ptrlen ntru_decode_pubkey(uint16_t *pubkey, unsigned p, unsigned q,
    } else {
        /* Do the decoding */
        ntru_decode(sched, pubkey, encoded);
-        ntru_encode_schedule_free(sched);

        /* Unbias the coefficients */
        ntru_bias(pubkey, pubkey, q-q/2, p, q);
    }

+    ntru_encode_schedule_free(sched);
    return encoded;
 }

@ -1328,13 +1328,13 @@ ptrlen ntru_decode_ciphertext(uint16_t *ct, NTRUKeyPair *keypair,
    } else {
        /* Do the decoding */
        ntru_decode(sched, ct, encoded);
-        ntru_encode_schedule_free(sched);

        /* Undo the scaling and bias */
        ntru_scale(ct, ct, 3, p, q);
        ntru_bias(ct, ct, q - 3 * ciphertext_bias(q), p, q);
    }

+    ntru_encode_schedule_free(sched);
    return encoded;        /* also useful to the caller, optionally */
 }

@ -1649,6 +1649,7 @@ static bool ssh_ntru_client_getkey(ecdh_key *dh, ptrlen remoteKey,
        if (!ok) {
            ssh_hash_free(h);
            smemclr(hashdata, sizeof(hashdata));
+            strbuf_free(otherkey);
            return false;
        }

@ -1778,6 +1779,7 @@ static bool ssh_ntru_server_getkey(ecdh_key *dh, ptrlen remoteKey,
        ntru_encrypt(ciphertext, nk->plaintext, pubkey, p_LIVE, q_LIVE);
        ntru_encode_ciphertext(ciphertext, p_LIVE, q_LIVE,
                               BinarySink_UPCAST(nk->ciphertext_encoded));
+        ring_free(ciphertext, p_LIVE);

        /* Compute the confirmation hash, and write it into another
         * strbuf. */
@ -1793,6 +1795,9 @@ static bool ssh_ntru_server_getkey(ecdh_key *dh, ptrlen remoteKey,

        /* And put the NTRU session hash into the main hash object. */
        put_data(h, hashdata, 32);
+
+        /* Now we can free the public key */
+        ring_free(pubkey, p_LIVE);
    }

    /*
@ -1809,6 +1814,7 @@ static bool ssh_ntru_server_getkey(ecdh_key *dh, ptrlen remoteKey,
        if (!ok) {
            ssh_hash_free(h);
            smemclr(hashdata, sizeof(hashdata));
+            strbuf_free(otherkey);
            return false;
        }

--- a/ssh/kex2-client.c
+++ b/ssh/kex2-client.c
@ -962,6 +962,7 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
                } else {
                    ppl_logevent("Rejected host key certificate: %s",
                                 error->s);
+                    strbuf_free(error);
                    /* now fall through into normal host key checking */
                }
            }
--- a/unix/storage.c
+++ b/unix/storage.c
@ -679,6 +679,8 @@ host_ca *host_ca_load(const char *name)
        sfree(line);
    }

+    fclose(fp);
+
    if (eb) {
        if (!hca->validity_expression) {
            hca->validity_expression = cert_expr_expression(eb);
--- a/windows/puttygen.c
+++ b/windows/puttygen.c
@ -1256,6 +1256,7 @@ void add_certificate(HWND hwnd, struct MainDlgState *state,
        message_box(hwnd, msg, "PuTTYgen Error", MB_OK | MB_ICONERROR,
                    HELPCTXID(errors_cantloadkey));
        sfree(msg);
+        strbuf_free(pub);
        return;
    }