diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2017-05-17 14:00:07 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2017-05-17 14:00:07 +0000 |
| commit | 3f8ade0e6c3b7d7bb1b8dd3ceb6f17423c26eef6 (patch) | |
| tree | 6e65b24c6a93c5e1360389e1d21fd628e735ebba /usr.sbin | |
| parent | 6bcb5efb8ee6bc46d0c11860276540aa3f90d119 (diff) | |
Introduce more use of freezero(). Also, remove ptr conditionals before
many functions which are free(NULL)-compat
ok gilles
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/smtpd/ca.c | 11 | ||||
| -rw-r--r-- | usr.sbin/smtpd/config.c | 26 | ||||
| -rw-r--r-- | usr.sbin/smtpd/ioev.c | 8 | ||||
| -rw-r--r-- | usr.sbin/smtpd/lka.c | 8 | ||||
| -rw-r--r-- | usr.sbin/smtpd/mta_session.c | 5 | ||||
| -rw-r--r-- | usr.sbin/smtpd/smtp_session.c | 8 | ||||
| -rw-r--r-- | usr.sbin/smtpd/ssl.c | 24 |
7 files changed, 32 insertions, 58 deletions
diff --git a/usr.sbin/smtpd/ca.c b/usr.sbin/smtpd/ca.c index b287f8ac3a4..aefac18824a 100644 --- a/usr.sbin/smtpd/ca.c +++ b/usr.sbin/smtpd/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.26 2017/01/09 09:53:23 reyk Exp $ */ +/* $OpenBSD: ca.c,v 1.27 2017/05/17 14:00:06 deraadt Exp $ */ /* * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org> @@ -142,8 +142,7 @@ ca_init(void) pki->pki_pkey = pkey; - explicit_bzero(pki->pki_key, pki->pki_key_len); - free(pki->pki_key); + freezero(pki->pki_key, pki->pki_key_len); pki->pki_key = NULL; } } @@ -204,10 +203,8 @@ end: *errstr = ERR_error_string(ERR_peek_last_error(), NULL); } - if (xsc) - X509_STORE_CTX_free(xsc); - if (store) - X509_STORE_free(store); + X509_STORE_CTX_free(xsc); + X509_STORE_free(store); return ret > 0 ? 1 : 0; } diff --git a/usr.sbin/smtpd/config.c b/usr.sbin/smtpd/config.c index 89fcbbf8f6e..b2afca085d9 100644 --- a/usr.sbin/smtpd/config.c +++ b/usr.sbin/smtpd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.37 2016/09/01 10:54:25 eric Exp $ */ +/* $OpenBSD: config.c,v 1.38 2017/05/17 14:00:06 deraadt Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -70,14 +70,9 @@ purge_config(uint8_t what) } if (what & PURGE_PKI) { while (dict_poproot(env->sc_pki_dict, (void **)&p)) { - explicit_bzero(p->pki_cert, p->pki_cert_len); - free(p->pki_cert); - if (p->pki_key) { - explicit_bzero(p->pki_key, p->pki_key_len); - free(p->pki_key); - } - if (p->pki_pkey) - EVP_PKEY_free(p->pki_pkey); + freezero(p->pki_cert, p->pki_cert_len); + freezero(p->pki_key, p->pki_key_len); + EVP_PKEY_free(p->pki_pkey); free(p); } free(env->sc_pki_dict); @@ -86,16 +81,11 @@ purge_config(uint8_t what) iter_dict = NULL; while (dict_iter(env->sc_pki_dict, &iter_dict, &k, (void **)&p)) { - explicit_bzero(p->pki_cert, p->pki_cert_len); - free(p->pki_cert); + freezero(p->pki_cert, p->pki_cert_len); p->pki_cert = NULL; - if (p->pki_key) { - explicit_bzero(p->pki_key, p->pki_key_len); - free(p->pki_key); - p->pki_key = NULL; - } - if (p->pki_pkey) - EVP_PKEY_free(p->pki_pkey); + freezero(p->pki_key, p->pki_key_len); + p->pki_key = NULL; + EVP_PKEY_free(p->pki_pkey); p->pki_pkey = NULL; } } diff --git a/usr.sbin/smtpd/ioev.c b/usr.sbin/smtpd/ioev.c index f31f84fd039..44690766388 100644 --- a/usr.sbin/smtpd/ioev.c +++ b/usr.sbin/smtpd/ioev.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ioev.c,v 1.40 2016/12/03 15:46:33 eric Exp $ */ +/* $OpenBSD: ioev.c,v 1.41 2017/05/17 14:00:06 deraadt Exp $ */ /* * Copyright (c) 2012 Eric Faurot <eric@openbsd.org> * @@ -272,10 +272,8 @@ io_free(struct io *io) current = NULL; #ifdef IO_SSL - if (io->ssl) { - SSL_free(io->ssl); - io->ssl = NULL; - } + SSL_free(io->ssl); + io->ssl = NULL; #endif if (event_initialized(&io->ev)) diff --git a/usr.sbin/smtpd/lka.c b/usr.sbin/smtpd/lka.c index db9d42aea41..22d186d6ac8 100644 --- a/usr.sbin/smtpd/lka.c +++ b/usr.sbin/smtpd/lka.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka.c,v 1.198 2017/01/09 09:53:23 reyk Exp $ */ +/* $OpenBSD: lka.c,v 1.199 2017/05/17 14:00:06 deraadt Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -657,10 +657,8 @@ lka_X509_verify(struct ca_vrfy_req_msg *vrfy, ret = 1; end: - if (x509) - X509_free(x509); - if (x509_tmp) - X509_free(x509_tmp); + X509_free(x509); + X509_free(x509_tmp); if (x509_chain) sk_X509_pop_free(x509_chain, X509_free); diff --git a/usr.sbin/smtpd/mta_session.c b/usr.sbin/smtpd/mta_session.c index 84038e5f8db..31d1396565f 100644 --- a/usr.sbin/smtpd/mta_session.c +++ b/usr.sbin/smtpd/mta_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mta_session.c,v 1.96 2016/11/30 17:43:32 eric Exp $ */ +/* $OpenBSD: mta_session.c,v 1.97 2017/05/17 14:00:06 deraadt Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -341,8 +341,7 @@ mta_session_imsg(struct mproc *p, struct imsg *imsg) fatal("mta: ssl_mta_init"); io_start_tls(s->io, ssl); - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len); - free(resp_ca_cert->cert); + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len); free(resp_ca_cert); return; diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c index c4c0ac9d18e..7790a3b0270 100644 --- a/usr.sbin/smtpd/smtp_session.c +++ b/usr.sbin/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.302 2016/11/30 17:43:32 eric Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.303 2017/05/17 14:00:06 deraadt Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -962,8 +962,7 @@ smtp_session_imsg(struct mproc *p, struct imsg *imsg) io_set_read(s->io); io_start_tls(s->io, ssl); - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len); - free(resp_ca_cert->cert); + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len); free(resp_ca_cert); return; @@ -1205,8 +1204,7 @@ smtp_filter_fd(uint64_t id, int fd) SSL_get_cipher_name(io_ssl(s->io)), SSL_get_cipher_bits(io_ssl(s->io), NULL), (s->flags & SF_VERIFIED) ? "YES" : (x ? "FAIL" : "NO")); - if (x) - X509_free(x); + X509_free(x); if (s->listener->flags & F_RECEIVEDAUTH) { io_printf(s->tx->oev, " auth=%s", s->username[0] ? "yes" : "no"); diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c index fb5901bdc46..cd29f5cf4e0 100644 --- a/usr.sbin/smtpd/ssl.c +++ b/usr.sbin/smtpd/ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.c,v 1.88 2017/03/30 15:41:04 jsing Exp $ */ +/* $OpenBSD: ssl.c,v 1.89 2017/05/17 14:00:06 deraadt Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -240,10 +240,8 @@ ssl_load_key(const char *name, off_t *len, char *pass, mode_t perm, const char * fail: ssl_error("ssl_load_key"); free(buf); - if (bio != NULL) - BIO_free_all(bio); - if (key != NULL) - EVP_PKEY_free(key); + BIO_free_all(bio); + EVP_PKEY_free(key); if (fp) fclose(fp); return (NULL); @@ -397,14 +395,10 @@ ssl_load_pkey(const void *data, size_t datalen, char *buf, off_t len, return (1); fail: - if (rsa != NULL) - RSA_free(rsa); - if (in != NULL) - BIO_free(in); - if (pkey != NULL) - EVP_PKEY_free(pkey); - if (x509 != NULL) - X509_free(x509); + RSA_free(rsa); + BIO_free(in); + EVP_PKEY_free(pkey); + X509_free(x509); free(exdata); return (0); @@ -433,12 +427,12 @@ ssl_ctx_fake_private_key(SSL_CTX *ctx, const void *data, size_t datalen, if (pkeyptr != NULL) *pkeyptr = pkey; - else if (pkey != NULL) + else EVP_PKEY_free(pkey); if (x509ptr != NULL) *x509ptr = x509; - else if (x509 != NULL) + else X509_free(x509); return (ret); |