tls: fix various tlsClient()/tlsServer() related bugs

- TLSconn structure on stack but not initialized (zeroed) - original filedescriptor double closed in error case - original filedescriptor leaked in success case - leaked TLSconn.sessionID and TLSconn.cert - clarify in pushtls(2) and pushssl(2)
author: cinap_lenrek <cinap_lenrek@gmx.de> 2013-09-14 19:19:08 +0200
committer: cinap_lenrek <cinap_lenrek@gmx.de> 2013-09-14 19:19:08 +0200
commit: 56836bfdbdca9fd6a5b608d249d178a22d3337d8 (patch)
tree: 75b84ef6650f92a48ba70823cb1e22f27d1d39bd /sys/src/cmd/upas/pop3
parent: be5992955d4e417ca625b07af93a800464d4c11f (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/sys/src/cmd/upas/pop3/pop3.c b/sys/src/cmd/upas/pop3/pop3.c
index 61b418062..1416f03ca 100644
--- a/sys/src/cmd/upas/pop3/pop3.c
+++ b/sys/src/cmd/upas/pop3/pop3.c
@@ -551,27 +551,31 @@ trace(char *fmt, ...)
 static int
 stlscmd(char*)
 {
-	int fd;
 	TLSconn conn;
+	int fd;
 
 	if(didtls)
 		return senderr("tls already started");
 	if(!tlscert)
 		return senderr("don't have any tls credentials");
-	sendok("");
-	Bflush(&out);
-
 	memset(&conn, 0, sizeof conn);
-	conn.cert = tlscert;
 	conn.certlen = ntlscert;
+	conn.cert = malloc(ntlscert);
+	if(conn.cert == nil)
+		return senderr("out of memory");
+	memmove(conn.cert, tlscert, ntlscert);
 	if(debug)
 		conn.trace = trace;
+	sendok("");
+	Bflush(&out);
 	fd = tlsServer(0, &conn);
 	if(fd < 0)
 		sysfatal("tlsServer: %r");
 	dup(fd, 0);
 	dup(fd, 1);
 	close(fd);
+	free(conn.cert);
+	free(conn.sessionID);
 	Binit(&in, 0, OREAD);
 	Binit(&out, 1, OWRITE);
 	didtls = 1;
author	cinap_lenrek <cinap_lenrek@gmx.de>	2013-09-14 19:19:08 +0200
committer	cinap_lenrek <cinap_lenrek@gmx.de>	2013-09-14 19:19:08 +0200
commit	56836bfdbdca9fd6a5b608d249d178a22d3337d8 (patch)
tree	75b84ef6650f92a48ba70823cb1e22f27d1d39bd /sys/src/cmd/upas/pop3
parent	be5992955d4e417ca625b07af93a800464d4c11f (diff)