tls: fix various tlsClient()/tlsServer() related bugs

- TLSconn structure on stack but not initialized (zeroed)
- original filedescriptor double closed in error case
- original filedescriptor leaked in success case
- leaked TLSconn.sessionID and TLSconn.cert
- clarify in pushtls(2) and pushssl(2)

3 files changed, 26 insertions, 27 deletions

diff --git a/sys/src/cmd/ip/ftpfs/proto.c b/sys/src/cmd/ip/ftpfs/proto.c
index cc8a1d5a5..0231dd7c9 100644
--- a/sys/src/cmd/ip/ftpfs/proto.c
+++ b/sys/src/cmd/ip/ftpfs/proto.c
@@ -55,6 +55,18 @@ static Node*	vmsdir(char*);
 static int	getpassword(char*, char*);
 static int	nw_mode(char dirlet, char *s);
 
+static void
+starttls(int *fd)
+{
+	TLSconn conn;
+	
+	memset(&conn, 0, sizeof(conn));
+	if((*fd = tlsClient(*fd, &conn)) < 0)
+		fatal("starting tls: %r");
+	free(conn.cert);
+	free(conn.sessionID);
+}
+
 /*
  *  connect to remote server, default network is "tcp/ip"
  */
@@ -63,7 +75,6 @@ hello(char *dest)
 {
 	char *p;
 	char dir[Maxpath];
-	TLSconn conn;
 
 	Binit(&stdin, 0, OREAD);	/* init for later use */
 
@@ -93,11 +104,8 @@ hello(char *dest)
 		if(getreply(&ctlin, msg, sizeof(msg), 1) != Success)
 			fatal("bad auth tls");
 
-		ctlfd = tlsClient(ctlfd, &conn);
-		if(ctlfd < 0)
-			fatal("starting tls: %r");
-		free(conn.cert);
-
+		starttls(&ctlfd);
+	
 		Binit(&ctlin, ctlfd, OREAD);
 
 		sendrequest("PBSZ", "0");
@@ -1227,7 +1235,6 @@ active(int mode, Biobuf **bpp, char *cmda, char *cmdb)
 	int cfd, dfd, rv;
 	char newdir[Maxpath];
 	char datafile[Maxpath + 6];
-	TLSconn conn;
 
 	if(port() < 0)
 		return TempFail;
@@ -1253,13 +1260,8 @@ active(int mode, Biobuf **bpp, char *cmda, char *cmdb)
 	if(dfd < 0)
 		fatal("opening data connection");
 
-	if(usetls){
-		memset(&conn, 0, sizeof(conn));
-		dfd = tlsClient(dfd, &conn);
-		if(dfd < 0)
-			fatal("starting tls: %r");
-		free(conn.cert);
-	}
+	if(usetls)
+		starttls(&dfd);
 
 	Binit(&dbuf, dfd, mode);
 	*bpp = &dbuf;
@@ -1277,7 +1279,6 @@ passive(int mode, Biobuf **bpp, char *cmda, char *cmdb)
 	char *f[6];
 	char *p;
 	int x, fd;
-	TLSconn conn;
 
 	if(nopassive)
 		return Impossible;
@@ -1327,13 +1328,9 @@ passive(int mode, Biobuf **bpp, char *cmda, char *cmdb)
 		return x;
 	}
 
-	if(usetls){
-		memset(&conn, 0, sizeof(conn));
-		fd = tlsClient(fd, &conn);
-		if(fd < 0)
-			fatal("starting tls: %r");
-		free(conn.cert);
-	}
+	if(usetls)
+		starttls(&fd);
+
 	Binit(&dbuf, fd, mode);
 
 	*bpp = &dbuf;
diff --git a/sys/src/cmd/ip/httpd/httpd.c b/sys/src/cmd/ip/httpd/httpd.c
index 895bd15e2..657ae5487 100644
--- a/sys/src/cmd/ip/httpd/httpd.c
+++ b/sys/src/cmd/ip/httpd/httpd.c
@@ -172,7 +172,6 @@ dolisten(char *address)
 	NetConnInfo *nci;
 	char ndir[NETPATHLEN], dir[NETPATHLEN], *p, *scheme;
 	int ctl, nctl, data, t, ok, spotchk;
-	TLSconn conn;
 
 	spotchk = 0;
 	syslog(0, HTTPLOG, "httpd starting");
@@ -217,12 +216,16 @@ dolisten(char *address)
 			 */
 			data = accept(ctl, ndir);
 			if(data >= 0 && certificate != nil){
+				TLSconn conn;
+
 				memset(&conn, 0, sizeof(conn));
 				conn.cert = certificate;
 				conn.certlen = certlen;
 				if (certchain != nil)
 					conn.chain = certchain;
 				data = tlsServer(data, &conn);
+				free(conn.cert);
+				free(conn.sessionID);
 				scheme = "https";
 			}else
 				scheme = "http";
diff --git a/sys/src/cmd/ip/httpfile.c b/sys/src/cmd/ip/httpfile.c
index 8b4c725a6..b28cd63eb 100644
--- a/sys/src/cmd/ip/httpfile.c
+++ b/sys/src/cmd/ip/httpfile.c
@@ -186,12 +186,11 @@ dotls(int fd)
 {
 	TLSconn conn;
 
+	memset(&conn, 0, sizeof(conn));
 	if((fd=tlsClient(fd, &conn)) < 0)
 		sysfatal("tlsclient: %r");
-
-	if(conn.cert != nil)
-		free(conn.cert);
-
+	free(conn.cert);
+	free(conn.sessionID);
 	return fd;
 }