Plug TLS context leak in nc(1) server and client mode. Move

tls_free(3) directly after close(2) to catch all cases. based on a patch from Nan Xiao; OK tb@ deraadt@
author: bluhm <> 2018-10-04 17:04:50 +0000
committer: bluhm <> 2018-10-04 17:04:50 +0000
commit: 4262a9f00da30d97050510800e73eea3457e4a79 (patch)
tree: 5a9ca17f4f5bed77a7002f4c4d7746b6548b7fda /src/usr.bin/nc/netcat.c
parent: a478d0a0a5b599e6c7df2af4128c98006f857b68 (diff)
download: openbsd-4262a9f00da30d97050510800e73eea3457e4a79.tar.gz
openbsd-4262a9f00da30d97050510800e73eea3457e4a79.tar.bz2
openbsd-4262a9f00da30d97050510800e73eea3457e4a79.zip
1 files changed, 10 insertions, 12 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index 341e7e5048..3798dc760f 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.194 2018/09/07 09:55:29 bluhm Exp $ */
+/* $OpenBSD: netcat.c,v 1.195 2018/10/04 17:04:50 bluhm Exp $ */
 /*
 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
 * Copyright (c) 2015 Bob Beck.  All rights reserved.
@@ -543,8 +543,6 @@ main(int argc, char *argv[])
                        err(1, "pledge");
        }
        if (lflag) {
-                struct tls *tls_cctx = NULL;
-                int connfd;
                ret = 0;
                if (family == AF_UNIX) {
@@ -603,6 +601,9 @@ main(int argc, char *argv[])
                                readwrite(s, NULL);
                        } else {
+                                struct tls *tls_cctx = NULL;
+                                int connfd;
                                len = sizeof(cliaddr);
                                connfd = accept4(s, (struct sockaddr *)&cliaddr,
                                    &len, SOCK_NONBLOCK);
@@ -618,12 +619,10 @@ main(int argc, char *argv[])
                                        readwrite(connfd, tls_cctx);
                                if (!usetls)
                                        readwrite(connfd, NULL);
-                                if (tls_cctx) {
+                                if (tls_cctx)
                                        timeout_tls(s, tls_cctx, tls_close);
-                                        tls_free(tls_cctx);
-                                        tls_cctx = NULL;
-                                }
                                close(connfd);
+                                tls_free(tls_cctx);
                        }
                        if (family == AF_UNIX && uflag) {
                                if (connect(s, NULL, 0) < 0)
@@ -657,6 +656,8 @@ main(int argc, char *argv[])
                for (s = -1, i = 0; portlist[i] != NULL; i++) {
                        if (s != -1)
                                close(s);
+                        tls_free(tls_ctx);
+                        tls_ctx = NULL;
                        if (usetls) {
                                if ((tls_ctx = tls_client()) == NULL)
@@ -707,18 +708,15 @@ main(int argc, char *argv[])
                                        tls_setup_client(tls_ctx, s, host);
                                if (!zflag)
                                        readwrite(s, tls_ctx);
-                                if (tls_ctx) {
+                                if (tls_ctx)
                                        timeout_tls(s, tls_ctx, tls_close);
-                                        tls_free(tls_ctx);
-                                        tls_ctx = NULL;
-                                }
                        }
                }
        }
        if (s != -1)
                close(s);
+        tls_free(tls_ctx);
        tls_config_free(tls_cfg);
        return ret;
author	bluhm <>	2018-10-04 17:04:50 +0000
committer	bluhm <>	2018-10-04 17:04:50 +0000
commit	4262a9f00da30d97050510800e73eea3457e4a79 (patch)
tree	5a9ca17f4f5bed77a7002f4c4d7746b6548b7fda /src/usr.bin/nc/netcat.c
parent	a478d0a0a5b599e6c7df2af4128c98006f857b68 (diff)
download	openbsd-4262a9f00da30d97050510800e73eea3457e4a79.tar.gz openbsd-4262a9f00da30d97050510800e73eea3457e4a79.tar.bz2 openbsd-4262a9f00da30d97050510800e73eea3457e4a79.zip

diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c index 341e7e5048..3798dc760f 100644 --- a/src/usr.bin/nc/netcat.c +++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: netcat.c,v 1.194 2018/09/07 09:55:29 bluhm Exp $ */	1	/* $OpenBSD: netcat.c,v 1.195 2018/10/04 17:04:50 bluhm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2001 Eric Jackson <ericj@monkey.org>	3	* Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
4	* Copyright (c) 2015 Bob Beck. All rights reserved.	4	* Copyright (c) 2015 Bob Beck. All rights reserved.
@@ -543,8 +543,6 @@ main(int argc, char *argv[])
543	err(1, "pledge");	543	err(1, "pledge");
544	}	544	}
545	if (lflag) {	545	if (lflag) {
546	struct tls *tls_cctx = NULL;
547	int connfd;
548	ret = 0;	546	ret = 0;
549		547
550	if (family == AF_UNIX) {	548	if (family == AF_UNIX) {
@@ -603,6 +601,9 @@ main(int argc, char *argv[])
603		601
604	readwrite(s, NULL);	602	readwrite(s, NULL);
605	} else {	603	} else {
		604	struct tls *tls_cctx = NULL;
		605	int connfd;
		606
606	len = sizeof(cliaddr);	607	len = sizeof(cliaddr);
607	connfd = accept4(s, (struct sockaddr *)&cliaddr,	608	connfd = accept4(s, (struct sockaddr *)&cliaddr,
608	&len, SOCK_NONBLOCK);	609	&len, SOCK_NONBLOCK);
@@ -618,12 +619,10 @@ main(int argc, char *argv[])
618	readwrite(connfd, tls_cctx);	619	readwrite(connfd, tls_cctx);
619	if (!usetls)	620	if (!usetls)
620	readwrite(connfd, NULL);	621	readwrite(connfd, NULL);
621	if (tls_cctx) {	622	if (tls_cctx)
622	timeout_tls(s, tls_cctx, tls_close);	623	timeout_tls(s, tls_cctx, tls_close);
623	tls_free(tls_cctx);
624	tls_cctx = NULL;
625	}
626	close(connfd);	624	close(connfd);
		625	tls_free(tls_cctx);
627	}	626	}
628	if (family == AF_UNIX && uflag) {	627	if (family == AF_UNIX && uflag) {
629	if (connect(s, NULL, 0) < 0)	628	if (connect(s, NULL, 0) < 0)
@@ -657,6 +656,8 @@ main(int argc, char *argv[])
657	for (s = -1, i = 0; portlist[i] != NULL; i++) {	656	for (s = -1, i = 0; portlist[i] != NULL; i++) {
658	if (s != -1)	657	if (s != -1)
659	close(s);	658	close(s);
		659	tls_free(tls_ctx);
		660	tls_ctx = NULL;
660		661
661	if (usetls) {	662	if (usetls) {
662	if ((tls_ctx = tls_client()) == NULL)	663	if ((tls_ctx = tls_client()) == NULL)
@@ -707,18 +708,15 @@ main(int argc, char *argv[])
707	tls_setup_client(tls_ctx, s, host);	708	tls_setup_client(tls_ctx, s, host);
708	if (!zflag)	709	if (!zflag)
709	readwrite(s, tls_ctx);	710	readwrite(s, tls_ctx);
710	if (tls_ctx) {	711	if (tls_ctx)
711	timeout_tls(s, tls_ctx, tls_close);	712	timeout_tls(s, tls_ctx, tls_close);
712	tls_free(tls_ctx);
713	tls_ctx = NULL;
714	}
715	}	713	}
716	}	714	}
717	}	715	}
718		716
719	if (s != -1)	717	if (s != -1)
720	close(s);	718	close(s);
721		719	tls_free(tls_ctx);
722	tls_config_free(tls_cfg);	720	tls_config_free(tls_cfg);
723		721
724	return ret;	722	return ret;