Commit 5ddb550b authored by Martti Mela's avatar Martti Mela

stun: fixed mem leaks with valgrind

darcs-hash:20060329134928-1b897-f46fd2c99b29b9db3743bab78a736ea7236fc3a2.gz
parent 69462a5c
......@@ -27,8 +27,8 @@
/**@file stun.h STUN module public interface
*
* @author Tat Chan <Tat.Chan@nokia.com>
* @author Martti Mela <Martti.Mela@nokia.com>
* @author Tat Chan <Tat.Chan@nokia.com>
* @author Pekka Pessi <Pekka.Pessi@nokia.com>
* @author Kai Vehmanen <kai.vehmanen@nokia.com>
*/
......@@ -252,6 +252,7 @@ void stun_mini_request(stun_mini_t *server, int socket,
void *msg, ssize_t msglen,
void *addr, socklen_t addrlen);
#if 0
/* --------------------------------------------------------------------
* Deprecated functions and definitions. These are supported with limited
* compatibility. */
......@@ -296,6 +297,7 @@ int stun_handle_set_uname_pwd(stun_handle_t *sh,
int len_uname,
const char *pwd,
int len_pwd);
#endif
SOFIA_END_DECLS
......
......@@ -157,6 +157,7 @@ struct stun_discovery_s {
};
struct stun_request_s {
su_timer_t *sr_timer;
stun_request_t *sr_next, **sr_prev; /**< Linked list */
stun_msg_t *sr_msg; /**< STUN message pointer */
stun_handle_t *sr_handle; /**< backpointer, STUN object */
......@@ -215,8 +216,10 @@ struct stun_handle_s
stun_msg_t sh_tls_response;
int sh_nattype; /**< NAT-type, see stun_common.h */
#if 0
stun_event_f sh_callback; /**< callback for calling application */
stun_magic_t *sh_context; /**< application context */
#endif
stun_buffer_t sh_username;
stun_buffer_t sh_passwd;
......@@ -487,6 +490,7 @@ stun_handle_t *stun_handle_init(su_root_t *root,
}
#if 0
/**
* Creates a STUN handle.
*
......@@ -590,6 +594,7 @@ stun_handle_t *stun_handle_create(stun_magic_t *context,
return stun;
}
#endif
/**
......@@ -769,8 +774,16 @@ void stun_request_destroy(stun_request_t *req)
req->sr_discovery = NULL;
/* memset(req->sr_destination, 0, sizeof(su_sockaddr_t)); */
if (req->sr_msg)
stun_free_message(req->sr_msg);
if (req->sr_timer) {
su_timer_destroy(req->sr_timer);
req->sr_timer = NULL;
SU_DEBUG_7(("%s: timer destroyed.\n", __func__));
}
if (req->sr_msg) {
free(req->sr_msg);
req->sr_msg = NULL;
}
free(req);
......@@ -784,6 +797,7 @@ void stun_request_destroy(stun_request_t *req)
void stun_handle_destroy(stun_handle_t *sh)
{
stun_discovery_t *sd = NULL, *kill = NULL;
stun_request_t *a, *b;
enter;
......@@ -793,6 +807,13 @@ void stun_handle_destroy(stun_handle_t *sh)
if (sh->sh_dns_pend_tags)
su_free(sh->sh_home, sh->sh_dns_pend_tags);
for (a = sh->sh_requests; a; ) {
b = a->sr_next;
stun_request_destroy(a);
a = b;
}
/* There can be several discoveries using the same socket. It is
still enough to deregister the socket in first of them */
for (sd = sh->sh_discoveries; sd; ) {
......@@ -1771,7 +1792,7 @@ static int stun_bind_callback(stun_magic_t *m, su_wait_t *w, su_wakeup_arg_t *ar
int retval = -1, err = -1, dgram_len;
char ipaddr[SU_ADDRSIZE + 2];
stun_msg_t binding_response;
stun_msg_t binding_response, *msg;
unsigned char dgram[512] = { 0 };
su_sockaddr_t recv;
socklen_t recv_len;
......@@ -1838,6 +1859,29 @@ static int stun_bind_callback(stun_magic_t *m, su_wait_t *w, su_wakeup_arg_t *ar
do_action(self, &binding_response);
if (binding_response.enc_buf.size)
free(binding_response.enc_buf.data);
{
stun_attr_t **a, *b;
msg = &binding_response;
for (a = &msg->stun_attr; *a;) {
if ((*a)->pattr)
free((*a)->pattr);
if ((*a)->enc_buf.data)
free((*a)->enc_buf.data);
b = *a;
b = b->next;
free(*a);
*a = NULL;
*a = b;
}
}
return 0;
}
......@@ -1927,7 +1971,7 @@ static int process_binding_request(stun_request_t *req, stun_msg_t *binding_resp
return retval;
}
memset(clnt_addr, 0, sizeof(struct sockaddr_in));
memset(clnt_addr, 0, sizeof(su_sockaddr_t));
clnt_addr_len = sizeof(su_sockaddr_t);
mapped_addr = stun_get_attr(binding_response->stun_attr, MAPPED_ADDRESS);
......@@ -2472,6 +2516,7 @@ static int stun_send_binding_request(stun_request_t *req,
sendto_timer = su_timer_create(su_root_task(sh->sh_root), STUN_SENDTO_TIMEOUT);
su_timer_set(sendto_timer, stun_sendto_timer_cb, (su_wakeup_arg_t *) req);
req->sr_timer = sendto_timer;
req->sr_state = stun_discovery_processing;
return 0;
......@@ -2848,7 +2893,7 @@ int stun_add_response_address(stun_msg_t *req, struct sockaddr_in *mapped_addr)
enter;
tmp = (stun_attr_t *) malloc(sizeof(stun_attr_t));
tmp = malloc(sizeof(stun_attr_t));
tmp->attr_type = RESPONSE_ADDRESS;
addr = malloc(sizeof(stun_attr_sockaddr_t));
memcpy(addr, mapped_addr, sizeof(stun_attr_sockaddr_t));
......
......@@ -204,28 +204,30 @@ int stun_parse_attr_address(stun_attr_t *attr,
const unsigned char *p,
unsigned len)
{
stun_attr_sockaddr_t *addr;
su_sockaddr_t *addr;
int addrlen;
char ipaddr[SU_ADDRSIZE + 2];
if (len != 8) {
return -1;
}
addrlen = sizeof(stun_attr_sockaddr_t);
addr = (stun_attr_sockaddr_t *)malloc(addrlen);
addrlen = sizeof(su_sockaddr_t);
addr = (su_sockaddr_t *) malloc(addrlen);
if (*(p+1) == 1) { /* expected value for IPv4 */
addr->sin_family = AF_INET;
addr->su_sin.sin_family = AF_INET;
}
else {
free(addr);
return -1;
}
memcpy(&addr->sin_port, p + 2, 2);
memcpy(&addr->sin_addr.s_addr, p + 4, 4);
memcpy(&addr->su_sin.sin_port, p + 2, 2);
memcpy(&addr->su_sin.sin_addr.s_addr, p + 4, 4);
SU_DEBUG_5(("%s: address attribute: %s:%d\n", __func__,
inet_ntoa(addr->sin_addr), ntohs(addr->sin_port)));
inet_ntop(addr->su_family, SU_ADDR(addr), ipaddr, sizeof(ipaddr)),
(unsigned) ntohs(addr->su_sin.sin_port)));
attr->pattr = addr;
stun_init_buffer(&attr->enc_buf);
......@@ -372,7 +374,7 @@ int stun_encode_address(stun_attr_t *attr) {
int stun_encode_uint32(stun_attr_t *attr) {
uint32_t tmp;
if(stun_encode_type_len(attr, sizeof(tmp))<0) {
if (stun_encode_type_len(attr, sizeof(tmp)) < 0) {
return -1;
}
......@@ -468,13 +470,17 @@ int stun_encode_message_integrity(stun_attr_t *attr,
/** this function allocates the enc_buf, fills in type, length */
int stun_encode_type_len(stun_attr_t *attr, uint16_t len) {
uint16_t tmp;
attr->enc_buf.data = (unsigned char *) malloc(len + 4);
memset(attr->enc_buf.data, 0, len + 4);
tmp = htons(attr->attr_type);
memcpy(attr->enc_buf.data, &tmp, 2);
tmp = htons(len);
memcpy(attr->enc_buf.data + 2, &tmp, 2);
attr->enc_buf.size = len + 4;
return 0;
}
......@@ -595,12 +601,31 @@ int stun_send_message(su_socket_t s, su_sockaddr_t *to_addr,
{
int err;
char ipaddr[SU_ADDRSIZE + 2];
stun_attr_t **a, *b;
stun_encode_message(msg, pwd);
err = sendto(s, msg->enc_buf.data, msg->enc_buf.size,
0, (struct sockaddr *)to_addr, sizeof(struct sockaddr_in));
free(msg->enc_buf.data), msg->enc_buf.data = NULL;
msg->enc_buf.size = 0;
for (a = &msg->stun_attr; *a;) {
if ((*a)->pattr)
free((*a)->pattr);
if ((*a)->enc_buf.data)
free((*a)->enc_buf.data);
b = *a;
b = b->next;
free(*a);
*a = NULL;
*a = b;
}
if (err > 0) {
inet_ntop(to_addr->su_family, SU_ADDR(to_addr), ipaddr, sizeof(ipaddr));
SU_DEBUG_5(("%s: message sent to %s:%u\n", __func__,
......@@ -625,7 +650,7 @@ int stun_encode_message(stun_msg_t *msg, stun_buffer_t *pwd) {
unsigned char *buf;
stun_attr_t *attr, *msg_int=NULL;
if(msg->enc_buf.data == NULL) {
if (msg->enc_buf.data == NULL) {
/* convert msg to binary format */
/* convert attributes to binary format for transmission */
attr = msg->stun_attr;
......@@ -653,9 +678,10 @@ int stun_encode_message(stun_msg_t *msg, stun_buffer_t *pwd) {
case TURN_BANDWIDTH:
#endif
z = stun_encode_uint32(attr);
if(z < 0) return z;
if (z < 0) return z;
len += z;
break;
case USERNAME:
case PASSWORD:
#ifdef USE_TURN
......@@ -682,8 +708,8 @@ int stun_encode_message(stun_msg_t *msg, stun_buffer_t *pwd) {
}
msg->stun_hdr.msg_len = len;
buf_len = 20+msg->stun_hdr.msg_len;
buf = (unsigned char *)malloc(buf_len);
buf_len = 20 + msg->stun_hdr.msg_len;
buf = (unsigned char *) malloc(buf_len);
/* convert to binary format for transmission */
set16(buf, 0, msg->stun_hdr.msg_type);
......
......@@ -104,7 +104,7 @@ void stunc_ss_cb(stunc_t *stunc,
stunc->sc_flags &= ~do_secret;
if (!stunc->sc_flags)
su_root_break(stun_handle_root(sh));
su_root_break(stun_root(sh));
switch (event) {
case stun_tls_done:
......@@ -116,7 +116,7 @@ void stunc_ss_cb(stunc_t *stunc,
if (err < 0) {
SU_DEBUG_0(("%s: %s failed\n", __func__, "stun_handle_bind()"));
su_root_break(stun_handle_root(sh));
su_root_break(stun_root(sh));
}
}
break;
......@@ -126,7 +126,7 @@ void stunc_ss_cb(stunc_t *stunc,
__func__));
stunc->sc_flags &= ~do_bind;
if (!stunc->sc_flags)
su_root_break(stun_handle_root(sh));
su_root_break(stun_root(sh));
break;
......@@ -160,7 +160,7 @@ void stunc_bind_cb(stunc_t *stunc,
stunc->sc_flags &= ~do_bind;
if (!stunc->sc_flags)
su_root_break(stun_handle_root(sh));
su_root_break(stun_root(sh));
switch (event) {
case stun_discovery_done:
......@@ -210,7 +210,7 @@ void stunc_nattype_cb(stunc_t *stunc,
stunc->sc_flags &= ~do_nat_check;
if (!stunc->sc_flags)
su_root_break(stun_handle_root(sh));
su_root_break(stun_root(sh));
switch (event) {
case stun_discovery_timeout:
......@@ -242,7 +242,7 @@ void stunc_lifetime_cb(stunc_t *stunc,
stunc->sc_flags &= ~do_life_check;
if (!stunc->sc_flags)
su_root_break(stun_handle_root(sh));
su_root_break(stun_root(sh));
switch (event) {
case stun_discovery_timeout:
......@@ -338,7 +338,7 @@ int main(int argc, char *argv[])
if (err < 0) {
SU_DEBUG_0(("%s: %s failed\n", __func__, "stun_test_nattype()"));
su_root_break(stun_handle_root(sh));
su_root_break(stun_root(sh));
}
}
......@@ -350,13 +350,14 @@ int main(int argc, char *argv[])
if (err < 0) {
SU_DEBUG_0(("%s: %s failed\n", __func__, "stun_test_lifetime()"));
su_root_break(stun_handle_root(sh));
su_root_break(stun_root(sh));
}
}
su_root_run(root);
stun_handle_destroy(sh);
su_root_destroy(root);
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment