tls: fix various tlsClient()/tlsServer() related bugs

- TLSconn structure on stack but not initialized (zeroed) - original filedescriptor double closed in error case - original filedescriptor leaked in success case - leaked TLSconn.sessionID and TLSconn.cert - clarify in pushtls(2) and pushssl(2)
author: cinap_lenrek <cinap_lenrek@gmx.de> 2013-09-14 19:19:08 +0200
committer: cinap_lenrek <cinap_lenrek@gmx.de> 2013-09-14 19:19:08 +0200
commit: 56836bfdbdca9fd6a5b608d249d178a22d3337d8 (patch)
tree: 75b84ef6650f92a48ba70823cb1e22f27d1d39bd /sys/src/cmd/vnc/vncv.c
parent: be5992955d4e417ca625b07af93a800464d4c11f (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/src/cmd/vnc/vncv.c b/sys/src/cmd/vnc/vncv.c
index 8d44813c9..49203b04b 100644
--- a/sys/src/cmd/vnc/vncv.c
+++ b/sys/src/cmd/vnc/vncv.c
@@ -84,7 +84,6 @@ main(int argc, char **argv)
 	int p, dfd, cfd, shared;
 	char *keypattern, *addr, *label;
 	Point d;
-	TLSconn conn;
 
 	keypattern = nil;
 	shared = 0;
@@ -123,10 +122,14 @@ main(int argc, char **argv)
 	if(dfd < 0)
 		sysfatal("cannot dial %s: %r", addr);
 	if(tls){
-		dfd = tlsClient(dfd, &conn);
-		if(dfd < 0)
+		TLSconn conn;
+
+		memset(&conn, 0, sizeof(conn));
+		if((dfd = tlsClient(dfd, &conn)) < 0)
 			sysfatal("tlsClient: %r");
 		/* XXX check thumbprint */
+		free(conn.cert);
+		free(conn.sessionID);
 	}
 	vnc = vncinit(dfd, cfd, nil);
author	cinap_lenrek <cinap_lenrek@gmx.de>	2013-09-14 19:19:08 +0200
committer	cinap_lenrek <cinap_lenrek@gmx.de>	2013-09-14 19:19:08 +0200
commit	56836bfdbdca9fd6a5b608d249d178a22d3337d8 (patch)
tree	75b84ef6650f92a48ba70823cb1e22f27d1d39bd /sys/src/cmd/vnc/vncv.c
parent	be5992955d4e417ca625b07af93a800464d4c11f (diff)