tls: fix various tlsClient()/tlsServer() related bugs

- TLSconn structure on stack but not initialized (zeroed) - original filedescriptor double closed in error case - original filedescriptor leaked in success case - leaked TLSconn.sessionID and TLSconn.cert - clarify in pushtls(2) and pushssl(2)
author: cinap_lenrek <cinap_lenrek@gmx.de> 2013-09-14 19:19:08 +0200
committer: cinap_lenrek <cinap_lenrek@gmx.de> 2013-09-14 19:19:08 +0200
commit: 56836bfdbdca9fd6a5b608d249d178a22d3337d8 (patch)
tree: 75b84ef6650f92a48ba70823cb1e22f27d1d39bd /sys/src/cmd/vnc/vncs.c
parent: be5992955d4e417ca625b07af93a800464d4c11f (diff)
1 files changed, 4 insertions, 5 deletions
diff --git a/sys/src/cmd/vnc/vncs.c b/sys/src/cmd/vnc/vncs.c
index ee36d0c7b..f191db7e2 100644
--- a/sys/src/cmd/vnc/vncs.c
+++ b/sys/src/cmd/vnc/vncs.c
@@ -152,7 +152,7 @@ main(int argc, char **argv)
 		exits(nil);
 	}
 
-	if(altnet && !cert)
+	if(altnet && cert == nil)
 		sysfatal("announcing on alternate network requires TLS (-c)");
 
 	if(argc == 0)
@@ -524,7 +524,6 @@ vncaccept(Vncs *v)
 {
 	char buf[32];
 	int fd;
-	TLSconn conn;
 
 	/* caller returns to listen */
 	switch(rfork(RFPROC|RFMEM|RFNAMEG)){
@@ -546,6 +545,8 @@ vncaccept(Vncs *v)
 	}
 
 	if(cert != nil){
+		TLSconn conn;
+
 		memset(&conn, 0, sizeof conn);
 		conn.cert = readcert(cert, &conn.certlen);
 		if(conn.cert == nil){
@@ -556,11 +557,9 @@ vncaccept(Vncs *v)
 		if(fd < 0){
 			fprint(2, "%V: tlsServer: %r; hanging up\n", v);
 			free(conn.cert);
-			if(conn.sessionID)
-				free(conn.sessionID);
+			free(conn.sessionID);
 			exits(nil);
 		}
-		close(v->datafd);
 		v->datafd = fd;
 		free(conn.cert);
 		free(conn.sessionID);
author	cinap_lenrek <cinap_lenrek@gmx.de>	2013-09-14 19:19:08 +0200
committer	cinap_lenrek <cinap_lenrek@gmx.de>	2013-09-14 19:19:08 +0200
commit	56836bfdbdca9fd6a5b608d249d178a22d3337d8 (patch)
tree	75b84ef6650f92a48ba70823cb1e22f27d1d39bd /sys/src/cmd/vnc/vncs.c
parent	be5992955d4e417ca625b07af93a800464d4c11f (diff)