From c0c32a87c2e29d229c3855029b107496e15a4baa Mon Sep 17 00:00:00 2001 From: yasuoka Date: Fri, 16 Aug 2024 09:52:16 +0000 Subject: [PATCH] Free memory as much as possible. Also, fix a use-after-free when exiting. --- usr.sbin/radiusd/radiusd_eap2mschap.c | 14 +++++++++++--- usr.sbin/radiusd/radiusd_ipcp.c | 12 +++++++++--- usr.sbin/radiusd/radiusd_radius.c | 3 ++- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/usr.sbin/radiusd/radiusd_eap2mschap.c b/usr.sbin/radiusd/radiusd_eap2mschap.c index 7e38b295c14..236f7785cd5 100644 --- a/usr.sbin/radiusd/radiusd_eap2mschap.c +++ b/usr.sbin/radiusd/radiusd_eap2mschap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd_eap2mschap.c,v 1.2 2024/07/17 11:19:27 yasuoka Exp $ */ +/* $OpenBSD: radiusd_eap2mschap.c,v 1.3 2024/08/16 09:52:16 yasuoka Exp $ */ /* * Copyright (c) 2024 Internet Initiative Japan Inc. @@ -74,8 +74,12 @@ main(int argc, char *argv[]) module_start(eap2mschap.base); event_loop(0); + module_destroy(eap2mschap.base); + event_loop(0); + event_base_free(NULL); + exit(EXIT_SUCCESS); } @@ -140,10 +144,14 @@ eap2mschap_stop(void *ctx) evtimer_del(&self->ev_eapt); - RB_FOREACH_SAFE(req, access_reqt, &self->eapt, reqt) + RB_FOREACH_SAFE(req, access_reqt, &self->eapt, reqt) { + RB_REMOVE(access_reqt, &self->eapt, req); access_request_free(req); - TAILQ_FOREACH_SAFE(req, &self->reqq, next, reqt) + } + TAILQ_FOREACH_SAFE(req, &self->reqq, next, reqt) { + TAILQ_REMOVE(&self->reqq, req, next); access_request_free(req); + } } void diff --git a/usr.sbin/radiusd/radiusd_ipcp.c b/usr.sbin/radiusd/radiusd_ipcp.c index 60e9e46bddf..308b0b314d3 100644 --- a/usr.sbin/radiusd/radiusd_ipcp.c +++ b/usr.sbin/radiusd/radiusd_ipcp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd_ipcp.c,v 1.10 2024/08/16 09:50:09 yasuoka Exp $ */ +/* $OpenBSD: radiusd_ipcp.c,v 1.11 2024/08/16 09:52:16 yasuoka Exp $ */ /* * Copyright (c) 2024 Internet Initiative Japan Inc. @@ -252,6 +252,7 @@ main(int argc, char *argv[]) ipcp_fini(&module_ipcp); event_loop(0); + event_base_free(NULL); exit(EXIT_SUCCESS); } @@ -341,11 +342,14 @@ ipcp_fini(struct module_ipcp *self) struct user *user, *usert; struct module_ipcp_ctrlconn *ctrl, *ctrlt; struct module_ipcp_dae *dae, *daet; + struct ipcp_address *addr, *addrt; RB_FOREACH_SAFE(assign, assigned_ipv4_tree, &self->ipv4s, assignt) ipcp_ipv4_release(self, assign); - RB_FOREACH_SAFE(user, user_tree, &self->users, usert) + RB_FOREACH_SAFE(user, user_tree, &self->users, usert) { + RB_REMOVE(user_tree, &self->users, user); free(user); + } TAILQ_FOREACH_SAFE(ctrl, &self->ctrls, next, ctrlt) free(ctrl); TAILQ_FOREACH_SAFE(dae, &self->daes, next, daet) { @@ -355,6 +359,8 @@ ipcp_fini(struct module_ipcp *self) } free(dae); } + TAILQ_FOREACH_SAFE(addr, &self->addrs, next, addrt) + free(addr); if (evtimer_pending(&self->ev_timer, NULL)) evtimer_del(&self->ev_timer); module_destroy(self->base); @@ -1934,9 +1940,9 @@ parse_addr(const char *str0, int af, struct sockaddr *sa, socklen_t salen) free(str); return (-1); } + free(str); if (salen < ai->ai_addrlen) { freeaddrinfo(ai); - free(str); return (-1); } memcpy(sa, ai->ai_addr, ai->ai_addrlen); diff --git a/usr.sbin/radiusd/radiusd_radius.c b/usr.sbin/radiusd/radiusd_radius.c index 99a6798fd19..5ca35b84bad 100644 --- a/usr.sbin/radiusd/radiusd_radius.c +++ b/usr.sbin/radiusd/radiusd_radius.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd_radius.c,v 1.21 2024/07/01 03:17:00 yasuoka Exp $ */ +/* $OpenBSD: radiusd_radius.c,v 1.22 2024/08/16 09:52:16 yasuoka Exp $ */ /* * Copyright (c) 2013 Internet Initiative Japan Inc. @@ -139,6 +139,7 @@ main(int argc, char *argv[]) event_loop(0); module_destroy(module_radius.base); + event_base_free(NULL); exit(EXIT_SUCCESS); } -- 2.20.1