SSL_free() also frees the associated context.
d6c3c1896c/ssl/ssl_lib.c (L1209)
From https://www.openssl.org/docs/man1.1.1/man3/SSL_free.html:
"SSL_free() also calls the free()ing procedures for indirectly affected items, if applicable: the buffering BIO, the read and write BIOs, cipher lists specially created for this ssl, the SSL_SESSION. Do not explicitly free these indirectly freed up items before or after calling SSL_free(), as trying to free things twice may lead to program failure."
found by PVS analyzer
src/Mayaqua/Network.c 18715 err V571 Recurring check. The 'if (u->GetNatTIpThread == NULL)' condition was already verified in line 18712.
This commit improves the RecvFrom() and RecvFrom6() functions by:
- Using the right data type for the struct size variable passed to recvfrom().
- Improving the arguments validation mechanism.
- Printing unhandled errors.
- Hash() has been removed because it was ambiguous, Md5() and Sha0() are proper replacements.
- HMacMd5() and HMacSha1() now share a common implementation handled by the new Internal_HMac() function.
- NewMd() and MdProcess() now support plain hashing (without the key).
- NewMd(), SetMdKey() and MdProcess() now check the OpenSSL functions' return value and in case of failure a debug message is printed along with the error string, if available.
- SetMdKey()'s return value has been changed from void to bool, so that it's possible to know whether the function succeeded or not.
- MdProcess()' return value has been changed from void to UINT (unsigned int) and the function now returns the number of bytes written by HMAC_Final() or EVP_DigestFinal_ex().
found by coverity, cppcheck
[src/Mayaqua/Network.c:10599] -> [src/Mayaqua/Network.c:10603]: (style) Variable 'ret' is reassigned a value before the old one has been used.
[src/Mayaqua/Network.c:10611] -> [src/Mayaqua/Network.c:10615]: (style) Variable 'e' is reassigned a value before the old one has been used.
[src/Mayaqua/Network.c:12979]: (style) Variable 'disable_conditional_accept' is assigned a value that is never used.
[src/Mayaqua/Network.c:12167]: (style) Variable 's' is assigned a value that is never used.
[src/Mayaqua/Network.c:12319]: (style) Variable 's' is assigned a value that is never used.
[src/Mayaqua/Network.c:20660]: (style) The function 'HttpSendInvalidHostname' is never used.
[src/Mayaqua/Network.c:6640]: (style) The function 'IsNetworkPrefixAddress6' is never used.
[src/Mayaqua/Network.c:17593]: (style) The function 'ParseIpAndSubnetMask6' is never used.
[src/Mayaqua/Network.c:473]: (style) The function 'SetNatTLowPriority' is never used.
[src/Mayaqua/Network.c:14924]: (style) The function 'SetSocketSendRecvBufferSize' is never used.
[src/Mayaqua/Network.c:6249]: (style) The function 'Win32AcceptCheckCallback_Delay' is never used.
[src/Mayaqua/Network.c:6264]: (style) The function 'Win32Accept_XP' is never used.
[src/Mayaqua/Network.c:7467]: (style) The function 'Win32GetTcpTableList' is never used.
[src/Mayaqua/Network.c:9171]: (style) The function 'Win32NetworkTest' is never used.
[src/Mayaqua/Network.c:6581]: (style) The function 'GetHostAddress6' is never used.
[src/Mayaqua/Network.c:7468]: (style) The function 'Win32GetTcpTableListByAllocateAndGetTcpExTableFromStack' is never used.
[src/Mayaqua/Network.c:7384]: (style) The function 'Win32GetTcpTableListByGetExtendedTcpTable' is never used.
[src/Mayaqua/Network.c:7515]: (style) The function 'Win32GetTcpTableListByGetTcpTable' is never used.
[src/Mayaqua/Network.c:6758]: (style) The function 'IPNot6' is never used.
[src/Mayaqua/Network.c:7831]: (style) The function 'CheckSubnetLength6' is never used.
[src/Mayaqua/Network.c:14663]: (style) The function 'CheckTCPPortThread' is never used.
[src/Mayaqua/Network.c:6876]: (style) The function 'CheckUnicastAddress' is never used.
[src/Mayaqua/Network.c:8220]: (style) The function 'CompareTcpTable' is never used.
[src/Mayaqua/Network.c:7825]: (style) The function 'CopyIP' is never used.
[src/Mayaqua/Network.c:18436]: (style) The function 'DelSockList' is never used.
[src/Mayaqua/Network.c:549]: (style) The function 'DisableRUDPRegisterGlobally' is never used.
[src/Mayaqua/Network.c:12161]: (style) The function 'DisableUDPChecksum' is never used.
[src/Mayaqua/Network.c:6679]: (style) The function 'GenerateEui64GlobalAddress' is never used.
[src/Mayaqua/Network.c:6953]: (style) The function 'GenerateMulticastMacAddress6' is never used.
[src/Mayaqua/Network.c:7055]: (style) The function 'GetAllFilledAddress6' is never used.
[src/Mayaqua/Network.c:11415]: (style) The function 'GetBestRouteEntryFromRouteTable' is never used.
[src/Mayaqua/Network.c:16738]: (style) The function 'GetIP46Any4' is never used.
[src/Mayaqua/Network.c:16771]: (style) The function 'GetIP46Any6' is never used.
[src/Mayaqua/Network.c:16250]: (style) The function 'GetMachineIp' is never used.
[src/Mayaqua/Network.c:12192]: (style) The function 'GetNewAvailableUdpPortRand' is never used.
[src/Mayaqua/Network.c:11073]: (style) The function 'GetNumWaitThread' is never used.
[src/Mayaqua/Network.c:561]: (style) The function 'GetSimpleHostname' is never used.
[src/Mayaqua/Network.c:22688]: (style) The function 'GetSniNameFromPreSslConnection' is never used.
[src/Mayaqua/Network.c:15761]: (style) The function 'GetSocketBufferSize' is never used.
[src/Mayaqua/Network.c:6924]: (style) The function 'GetSoliciationMulticastAddr6' is never used.
[src/Mayaqua/Network.c:7842]: (style) The function 'GetTcpProcessIdFromSocket' is never used.
[src/Mayaqua/Network.c:7871]: (style) The function 'GetTcpProcessIdFromSocketReverse' is never used.
[src/Mayaqua/Network.c:20709]: (style) The function 'GetUdpListenerPortList' is never used.
[src/Mayaqua/Network.c:21971]: (style) The function 'HttpSendServerError' is never used.
[src/Mayaqua/Network.c:7119]: (style) The function 'IPNot4' is never used.
[src/Mayaqua/Network.c:7134]: (style) The function 'IPOr4' is never used.
[src/Mayaqua/Network.c:17392]: (style) The function 'IPToStr128' is never used.
[src/Mayaqua/Network.c:12182]: (style) The function 'InitAsyncSocket' is never used.
[src/Mayaqua/Network.c:18091]: (style) The function 'IsIPLocalOrPrivate' is never used.
[src/Mayaqua/Network.c:6813]: (style) The function 'IsInSameLocalNetworkToMe4' is never used.
[src/Mayaqua/Network.c:467]: (style) The function 'IsInStrByStrList' is never used.
[src/Mayaqua/Network.c:504]: (style) The function 'IsIpInStrList' is never used.
[src/Mayaqua/Network.c:18793]: (style) The function 'IsIpStr46' is never used.
[src/Mayaqua/Network.c:738]: (style) The function 'IsMacAddressLocal' is never used.
[src/Mayaqua/Network.c:8495]: (style) The function 'IsNetworkAddress' is never used.
[src/Mayaqua/Network.c:7803]: (style) The function 'IsSameIPVer' is never used.
[src/Mayaqua/Network.c:14140]: (style) The function 'Listen6' is never used.
[src/Mayaqua/Network.c:5792]: (style) The function 'ListenAnyPortEx' is never used.
[src/Mayaqua/Network.c:11938]: (style) The function 'LockOpenSSL' is never used.
[src/Mayaqua/Network.c:12266]: (style) The function 'NewRandPortByMachineAndExePath' is never used.
[src/Mayaqua/Network.c:8191]: (style) The function 'PrintTcpTableList' is never used.
[src/Mayaqua/Network.c:4773]: (style) The function 'RUDPGetRandPortNumber' is never used.
[src/Mayaqua/Network.c:1637]: (style) The function 'RUDPSetSourceIpValidationForceDisable' is never used.
[src/Mayaqua/Network.c:11157]: (style) The function 'RenewDhcp' is never used.
[src/Mayaqua/Network.c:12057]: (style) The function 'SendTo6' is never used.
[src/Mayaqua/Network.c:8691]: (style) The function 'SetNetworkReleaseMode' is never used.
[src/Mayaqua/Network.c:18903]: (style) The function 'StrToMask46' is never used.
[src/Mayaqua/Network.c:20013]: (style) The function 'UdpListenerGetPublicPortList' is never used.
[src/Mayaqua/Network.c:20608]: (style) The function 'UdpListenerSendPacket' is never used.
[src/Mayaqua/Network.c:17545]: (style) The function 'UniStrToIP' is never used.
[src/Mayaqua/Network.c:8746]: (style) The function 'UnixCompareRouteEntryByMetric' is never used.
[src/Mayaqua/Network.c:8736]: (style) The function 'UnixIpForwardRowToRouteEntry' is never used.
[src/Mayaqua/Network.c:8741]: (style) The function 'UnixRouteEntryToIpForwardRow' is never used.
[src/Mayaqua/Network.c:11944]: (style) The function 'UnlockOpenSSL' is never used.
[src/Mayaqua/Network.c:7787]: (style) The function 'FreeTcpTableList' is never used.
[src/Mayaqua/Network.c:16024]: (style) The function 'GetIP46' is never used.
[src/Mayaqua/Network.c:7488]: (style) The function 'GetTcpTableFromEndPoint' is never used.
[src/Mayaqua/Network.c:7777]: (style) The function 'GetTcpTableList' is never used.
[src/Mayaqua/Network.c:6865]: (style) The function 'IPOr6' is never used.
[src/Mayaqua/Network.c:6642]: (style) The function 'IsNetworkAddress6' is never used.
[src/Mayaqua/Network.c:17942]: (style) The function 'StrToMask4' is never used.
[src/Mayaqua/Network.c:8296]: (style) The function 'UnixRenewDhcp' is never used.
[src/Mayaqua/Network.c:9337]: (style) The function 'Win32RenewDhcp' is never used.
[src/Cedar/Account.c:854]: (style) The function 'AddGroupTraffic' is never used.
[src/Mayaqua/Secure.c:1455]: (style) The function 'AddSecObjToEnumCache' is never used.
[src/Mayaqua/Network.c:18445]: (style) The function 'AddSockList' is never used.
[src/Cedar/Account.c:870]: (style) The function 'AddUserTraffic' is never used.
[src/Cedar/Server.c:1045]: (style) The function 'AdjoinEnumLogFile' is never used.
[src/Cedar/Admin.c:13780]: (style) The function 'AdminConnect' is never used.
[src/Mayaqua/Encrypt.c:855]: (style) The function 'BigNumToStr' is never used.
[src/Mayaqua/Str.c:2113]: (style) The function 'Bit128ToStr' is never used.
[src/Mayaqua/Encrypt.c:898]: (style) The function 'BufToBigNum' is never used.
[src/Mayaqua/Internat.c:1874]: (style) The function 'CalcStrToUtf8' is never used.
[src/Cedar/Hub.c:6689]: (style) The function 'CalcTrafficDiff' is never used.
[src/Mayaqua/Internat.c:1819]: (style) The function 'CalcUtf8ToStr' is never used.
[src/Mayaqua/Network.c:6495]: (style) The function 'CanGetTcpProcessId' is never used.
[src/Cedar/WinUi.c:7226]: (style) The function 'CbInsertStrA' is never used.
[src/Cedar/Client.c:3035]: (style) The function 'CcEnumObjectInSecure' is never used.
[src/Cedar/Client.c:2826]: (style) The function 'CcGetCommonProxySetting' is never used.
[src/Cedar/Client.c:2857]: (style) The function 'CcSetCommonProxySetting' is never used.
[src/Cedar/Cedar.c:575]: (style) The function 'CedarLog' is never used.
[src/Cedar/WinUi.c:9841]: (style) The function 'Center2' is never used.
[src/Mayaqua/Encrypt.c:814]: (style) The function 'CertTest' is never used.
[src/Mayaqua/Encrypt.c:809]: (style) The function 'CertTest2' is never used.
[src/Mayaqua/Encrypt.c:819]: (style) The function 'CertTest_' is never used.
[src/Mayaqua/Cfg.c:1705]: (style) The function 'CfgIsFolder' is never used.
* Allow specifying cipher suites instead of single ciphers.
CipherName now specifies all cipher suites instead of the
preferred cipher. This allows insecure ciphers like RC4 to
be permanently disabled, instead of being the default fallback
when the preferred cipher is unsupported.
CipherName is now left for OpenSSL to verify. Should it be
invalid, a secure default is used. The default CipherName setting
for new servers is one such invalid string: "~DEFAULT~". This
allows for future updates to change the default and the servers
can stay secure.
* Remove unused temporary variable.
Buffer overread in ParseL2TPPacket()
Memory corruption in IcmpParseResult
Missing bounds check in ParseUDP() can lead to invalid memory access
Out-of-bounds read in IPsec_PPP.c (unterminated string buffer)
Overlapping parameters to memcpy() via StrToIp6()
PACK ReadValue() crash vulnerability
Potential use of uninitialized memory via IPToInAddr6()
4 memory leaks. While the amount of leakage is very small per time, these bugs can finally cause process crash by out of memory. So these bugs must be fixed.
Memory leak in NnReadDnsRecord
Memory leak in RadiusLogin()
Memory leak via ParsePacketIPv4WithDummyMacHeader
Remote memory leak in OpenVPN server code
1 coding improvement. This is not a bug, however, I fixed the code to avoid furture misunderstanding.
RecvAll can return success on failure (leading to use of uninitialized memory)
Contributors for this bugfix:
- Max Planck Institute for Molecular Genetics
- Guido Vranken
