Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
git2
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
lvzhengyang
git2
Commits
45a78977
Unverified
Commit
45a78977
authored
Jul 23, 2018
by
Edward Thomson
Committed by
GitHub
Jul 23, 2018
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #4732 from libgit2/ethomson/leaks
Squash some leaks
parents
ea9e2c1a
2fabb622
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
34 additions
and
9 deletions
+34
-9
src/streams/mbedtls.c
+22
-6
src/transports/smart.c
+5
-0
tests/online/push.c
+7
-3
No files found.
src/streams/mbedtls.c
View file @
45a78977
...
@@ -43,12 +43,13 @@
...
@@ -43,12 +43,13 @@
#undef inline
#undef inline
mbedtls_ssl_config
*
git__ssl_conf
;
mbedtls_entropy_context
*
mbedtls_entropy
;
#define GIT_SSL_DEFAULT_CIPHERS "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-DSS-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-DSS-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-128-CBC-SHA256:TLS-DHE-DSS-WITH-AES-256-CBC-SHA256:TLS-DHE-DSS-WITH-AES-128-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-128-GCM-SHA256:TLS-RSA-WITH-AES-256-GCM-SHA384:TLS-RSA-WITH-AES-128-CBC-SHA256:TLS-RSA-WITH-AES-256-CBC-SHA256:TLS-RSA-WITH-AES-128-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA"
#define GIT_SSL_DEFAULT_CIPHERS "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-DSS-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-DSS-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-128-CBC-SHA256:TLS-DHE-DSS-WITH-AES-256-CBC-SHA256:TLS-DHE-DSS-WITH-AES-128-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-128-GCM-SHA256:TLS-RSA-WITH-AES-256-GCM-SHA384:TLS-RSA-WITH-AES-128-CBC-SHA256:TLS-RSA-WITH-AES-256-CBC-SHA256:TLS-RSA-WITH-AES-128-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA"
#define GIT_SSL_DEFAULT_CIPHERS_COUNT 30
#define GIT_SSL_DEFAULT_CIPHERS_COUNT 30
mbedtls_ssl_config
*
git__ssl_conf
;
static
int
ciphers_list
[
GIT_SSL_DEFAULT_CIPHERS_COUNT
];
mbedtls_entropy_context
*
mbedtls_entropy
;
/**
/**
* This function aims to clean-up the SSL context which
* This function aims to clean-up the SSL context which
* we allocated.
* we allocated.
...
@@ -80,8 +81,7 @@ int git_mbedtls_stream_global_init(void)
...
@@ -80,8 +81,7 @@ int git_mbedtls_stream_global_init(void)
struct
stat
statbuf
;
struct
stat
statbuf
;
mbedtls_ctr_drbg_context
*
ctr_drbg
=
NULL
;
mbedtls_ctr_drbg_context
*
ctr_drbg
=
NULL
;
int
*
ciphers_list
=
NULL
;
size_t
ciphers_known
=
0
;
int
ciphers_known
=
0
;
char
*
cipher_name
=
NULL
;
char
*
cipher_name
=
NULL
;
char
*
cipher_string
=
NULL
;
char
*
cipher_string
=
NULL
;
char
*
cipher_string_tmp
=
NULL
;
char
*
cipher_string_tmp
=
NULL
;
...
@@ -89,6 +89,8 @@ int git_mbedtls_stream_global_init(void)
...
@@ -89,6 +89,8 @@ int git_mbedtls_stream_global_init(void)
mbedtls_x509_crt
*
cacert
=
NULL
;
mbedtls_x509_crt
*
cacert
=
NULL
;
git__ssl_conf
=
git__malloc
(
sizeof
(
mbedtls_ssl_config
));
git__ssl_conf
=
git__malloc
(
sizeof
(
mbedtls_ssl_config
));
GITERR_CHECK_ALLOC
(
git__ssl_conf
);
mbedtls_ssl_config_init
(
git__ssl_conf
);
mbedtls_ssl_config_init
(
git__ssl_conf
);
if
(
mbedtls_ssl_config_defaults
(
git__ssl_conf
,
if
(
mbedtls_ssl_config_defaults
(
git__ssl_conf
,
MBEDTLS_SSL_IS_CLIENT
,
MBEDTLS_SSL_IS_CLIENT
,
...
@@ -107,13 +109,19 @@ int git_mbedtls_stream_global_init(void)
...
@@ -107,13 +109,19 @@ int git_mbedtls_stream_global_init(void)
mbedtls_ssl_conf_authmode
(
git__ssl_conf
,
MBEDTLS_SSL_VERIFY_OPTIONAL
);
mbedtls_ssl_conf_authmode
(
git__ssl_conf
,
MBEDTLS_SSL_VERIFY_OPTIONAL
);
/* set the list of allowed ciphersuites */
/* set the list of allowed ciphersuites */
ciphers_list
=
calloc
(
GIT_SSL_DEFAULT_CIPHERS_COUNT
,
sizeof
(
int
));
ciphers_known
=
0
;
ciphers_known
=
0
;
cipher_string
=
cipher_string_tmp
=
git__strdup
(
GIT_SSL_DEFAULT_CIPHERS
);
cipher_string
=
cipher_string_tmp
=
git__strdup
(
GIT_SSL_DEFAULT_CIPHERS
);
GITERR_CHECK_ALLOC
(
cipher_string
);
while
((
cipher_name
=
git__strtok
(
&
cipher_string_tmp
,
":"
))
!=
NULL
)
{
while
((
cipher_name
=
git__strtok
(
&
cipher_string_tmp
,
":"
))
!=
NULL
)
{
int
cipherid
=
mbedtls_ssl_get_ciphersuite_id
(
cipher_name
);
int
cipherid
=
mbedtls_ssl_get_ciphersuite_id
(
cipher_name
);
if
(
cipherid
==
0
)
continue
;
if
(
cipherid
==
0
)
continue
;
if
(
ciphers_known
>=
ARRAY_SIZE
(
ciphers_list
))
{
giterr_set
(
GITERR_SSL
,
"out of cipher list space"
);
goto
cleanup
;
}
ciphers_list
[
ciphers_known
++
]
=
cipherid
;
ciphers_list
[
ciphers_known
++
]
=
cipherid
;
}
}
git__free
(
cipher_string
);
git__free
(
cipher_string
);
...
@@ -126,10 +134,15 @@ int git_mbedtls_stream_global_init(void)
...
@@ -126,10 +134,15 @@ int git_mbedtls_stream_global_init(void)
/* Seeding the random number generator */
/* Seeding the random number generator */
mbedtls_entropy
=
git__malloc
(
sizeof
(
mbedtls_entropy_context
));
mbedtls_entropy
=
git__malloc
(
sizeof
(
mbedtls_entropy_context
));
GITERR_CHECK_ALLOC
(
mbedtls_entropy
);
mbedtls_entropy_init
(
mbedtls_entropy
);
mbedtls_entropy_init
(
mbedtls_entropy
);
ctr_drbg
=
git__malloc
(
sizeof
(
mbedtls_ctr_drbg_context
));
ctr_drbg
=
git__malloc
(
sizeof
(
mbedtls_ctr_drbg_context
));
GITERR_CHECK_ALLOC
(
ctr_drbg
);
mbedtls_ctr_drbg_init
(
ctr_drbg
);
mbedtls_ctr_drbg_init
(
ctr_drbg
);
if
(
mbedtls_ctr_drbg_seed
(
ctr_drbg
,
if
(
mbedtls_ctr_drbg_seed
(
ctr_drbg
,
mbedtls_entropy_func
,
mbedtls_entropy_func
,
mbedtls_entropy
,
NULL
,
0
)
!=
0
)
{
mbedtls_entropy
,
NULL
,
0
)
!=
0
)
{
...
@@ -346,6 +359,7 @@ void mbedtls_stream_free(git_stream *stream)
...
@@ -346,6 +359,7 @@ void mbedtls_stream_free(git_stream *stream)
git__free
(
st
->
host
);
git__free
(
st
->
host
);
git__free
(
st
->
cert_info
.
data
);
git__free
(
st
->
cert_info
.
data
);
git_stream_free
(
st
->
io
);
git_stream_free
(
st
->
io
);
mbedtls_ssl_free
(
st
->
ssl
);
git__free
(
st
->
ssl
);
git__free
(
st
->
ssl
);
git__free
(
st
);
git__free
(
st
);
}
}
...
@@ -410,6 +424,8 @@ int git_mbedtls__set_cert_location(const char *path, int is_dir)
...
@@ -410,6 +424,8 @@ int git_mbedtls__set_cert_location(const char *path, int is_dir)
assert
(
path
!=
NULL
);
assert
(
path
!=
NULL
);
cacert
=
git__malloc
(
sizeof
(
mbedtls_x509_crt
));
cacert
=
git__malloc
(
sizeof
(
mbedtls_x509_crt
));
GITERR_CHECK_ALLOC
(
cacert
);
mbedtls_x509_crt_init
(
cacert
);
mbedtls_x509_crt_init
(
cacert
);
if
(
is_dir
)
{
if
(
is_dir
)
{
ret
=
mbedtls_x509_crt_parse_path
(
cacert
,
path
);
ret
=
mbedtls_x509_crt_parse_path
(
cacert
,
path
);
...
...
src/transports/smart.c
View file @
45a78977
...
@@ -45,6 +45,11 @@ GIT_INLINE(int) git_smart__reset_stream(transport_smart *t, bool close_subtransp
...
@@ -45,6 +45,11 @@ GIT_INLINE(int) git_smart__reset_stream(transport_smart *t, bool close_subtransp
t
->
current_stream
=
NULL
;
t
->
current_stream
=
NULL
;
}
}
if
(
t
->
url
)
{
git__free
(
t
->
url
);
t
->
url
=
NULL
;
}
if
(
close_subtransport
&&
if
(
close_subtransport
&&
t
->
wrapped
->
close
(
t
->
wrapped
)
<
0
)
t
->
wrapped
->
close
(
t
->
wrapped
)
<
0
)
return
-
1
;
return
-
1
;
...
...
tests/online/push.c
View file @
45a78977
...
@@ -152,8 +152,12 @@ static void do_verify_push_status(record_callbacks_data *data, const push_status
...
@@ -152,8 +152,12 @@ static void do_verify_push_status(record_callbacks_data *data, const push_status
git_buf_dispose
(
&
msg
);
git_buf_dispose
(
&
msg
);
}
}
git_vector_foreach
(
actual
,
i
,
iter
)
git_vector_foreach
(
actual
,
i
,
iter
)
{
git__free
(
iter
);
push_status
*
s
=
(
push_status
*
)
iter
;
git__free
(
s
->
ref
);
git__free
(
s
->
msg
);
git__free
(
s
);
}
git_vector_free
(
actual
);
git_vector_free
(
actual
);
}
}
...
@@ -393,7 +397,7 @@ void test_online_push__initialize(void)
...
@@ -393,7 +397,7 @@ void test_online_push__initialize(void)
}
}
git_remote_disconnect
(
_remote
);
git_remote_disconnect
(
_remote
);
git_vector_free
(
&
delete_specs
);
git_vector_free
_deep
(
&
delete_specs
);
/* Now that we've deleted everything, fetch from the remote */
/* Now that we've deleted everything, fetch from the remote */
memcpy
(
&
fetch_opts
.
callbacks
,
&
_record_cbs
,
sizeof
(
git_remote_callbacks
));
memcpy
(
&
fetch_opts
.
callbacks
,
&
_record_cbs
,
sizeof
(
git_remote_callbacks
));
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment