Fixing winhttp memory management

Perry Werneck
1 parent b4c8f3ff
Showing 2 changed files with 35 additions and 21 deletions Show diff stats
src/core/util.c
src/ssl/windows/http.c
@@ -507,9 +507,11 @@ LIB3270_EXPORT void * lib3270_free(void *p)
  
 LIB3270_EXPORT void lib3270_autoptr_cleanup_char(char **ptr)
 {
-	if(*ptr)
-		free(*ptr);
-	*ptr = NULL;
+	if(ptr && *ptr)
+	{
+		free((void *) *ptr);
+		*ptr = NULL;
+	}
 }
  
 LIB3270_EXPORT void * lib3270_realloc(void *p, int len)
@@ -55,18 +55,29 @@ static void lib3270_autoptr_cleanup_HINTERNET(HINTERNET **hInternet)
  
 X509_CRL * get_crl_using_http(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
 {
-	// Strip URL.
-	lib3270_autoptr(char) urldup = lib3270_unescape(consturl);
+	wchar_t wHostname[4096];
+	wchar_t wPath[4096];
+
+	{
+		// Strip URL
+		char * url = lib3270_unescape(consturl);
+
+		char *hostname = strstr(url,"://");
+		if(!hostname)
+			hostname = url;
+		else
+			hostname += 3;
+
+		char *path = strchr(hostname,'/');
+		if(path)
+			*(path++) = 0;
  
-	char *hostname = strstr(urldup,"://");
-	if(!hostname)
-		hostname = urldup;
-	else
-		hostname += 3;
+		mbstowcs(wHostname, hostname, strlen(hostname)+1);
+		mbstowcs(wPath, path, strlen(path)+1);
  
-	char *path = strchr(hostname,'/');
-	if(path)
-		*(path++) = 0;
+		lib3270_free(url);
+
+	}
  
 	// https://docs.microsoft.com/en-us/windows/desktop/api/winhttp/nf-winhttp-winhttpopenrequest
  
@@ -90,9 +101,6 @@ X509_CRL * get_crl_using_http(H3270 *hSession, SSL_ERROR_MESSAGE * message, cons
 	}
  
 	// Connect to server
-	debug("Hostname: \"%s\"",hostname);
-	wchar_t wHostname[4096];
-	mbstowcs(wHostname, hostname, strlen(hostname)+1);
 	lib3270_autoptr(HINTERNET) hConnect = WinHttpConnect(httpSession, wHostname, INTERNET_DEFAULT_HTTP_PORT, 0);
 	if(!hConnect)
 	{
@@ -108,9 +116,6 @@ X509_CRL * get_crl_using_http(H3270 *hSession, SSL_ERROR_MESSAGE * message, cons
 	}
  
 	// Create request.
-	debug("Path: \"%s\"",path);
-	wchar_t wPath[4096];
-	mbstowcs(wPath, path, strlen(path)+1);
 	lib3270_autoptr(HINTERNET) hRequest = WinHttpOpenRequest(hConnect, L"GET", wPath, NULL, WINHTTP_NO_REFERER, WINHTTP_DEFAULT_ACCEPT_TYPES, WINHTTP_FLAG_ESCAPE_PERCENT);
 	if(!hConnect)
 	{
@@ -160,7 +165,8 @@ X509_CRL * get_crl_using_http(H3270 *hSession, SSL_ERROR_MESSAGE * message, cons
 	lib3270_autoptr(char) httpText = lib3270_malloc(szResponse+1);
 	memset(httpText,0,szResponse+1);
  
-	debug("Response length: %u", (unsigned int) szResponse);
+	debug("Data block: %p",httpText);
+	debug("Response before: %u", (unsigned int) szResponse);
  
 	if(!WinHttpReadData(hRequest,httpText,szResponse,&szResponse)){
 		message->error = hSession->ssl.error = 0;
@@ -171,12 +177,17 @@ X509_CRL * get_crl_using_http(H3270 *hSession, SSL_ERROR_MESSAGE * message, cons
 		return NULL;
 	}
  
+	debug("Response after: %u", (unsigned int) szResponse);
+
 	//
 	// Parse CRL
 	//
 	X509_CRL * x509_crl = NULL;
  
-	if(!d2i_X509_CRL(&x509_crl, (const unsigned char **) &httpText, szResponse))
+	// Copy the pointer because d2i_X509_CRL changes the value!!!
+	const unsigned char *crl_data = (const unsigned char *) httpText;
+
+	if(!d2i_X509_CRL(&x509_crl,&crl_data, szResponse))
 	{
 		message->error = hSession->ssl.error = ERR_get_error();
 		message->title = _( "Security error" );
@@ -185,6 +196,7 @@ X509_CRL * get_crl_using_http(H3270 *hSession, SSL_ERROR_MESSAGE * message, cons
 		return NULL;
 	}
  
+	debug("**************URL:[%s]*********************",consturl);
 	return x509_crl;
  
 }
...	...	@@ -507,9 +507,11 @@ LIB3270_EXPORT void * lib3270_free(void *p)
507	507
508	508	LIB3270_EXPORT void lib3270_autoptr_cleanup_char(char **ptr)
509	509	{
510		- if(*ptr)
511		- free(*ptr);
512		- *ptr = NULL;
	510	+ if(ptr && *ptr)
	511	+ {
	512	+ free((void ) ptr);
	513	+ *ptr = NULL;
	514	+ }
513	515	}
514	516
515	517	LIB3270_EXPORT void * lib3270_realloc(void *p, int len)
...	...
...	...	@@ -55,18 +55,29 @@ static void lib3270_autoptr_cleanup_HINTERNET(HINTERNET **hInternet)
55	55
56	56	X509_CRL * get_crl_using_http(H3270 hSession, SSL_ERROR_MESSAGE message, const char *consturl)
57	57	{
58		- // Strip URL.
59		- lib3270_autoptr(char) urldup = lib3270_unescape(consturl);
	58	+ wchar_t wHostname[4096];
	59	+ wchar_t wPath[4096];
	60	+
	61	+ {
	62	+ // Strip URL
	63	+ char * url = lib3270_unescape(consturl);
	64	+
	65	+ char *hostname = strstr(url,"://");
	66	+ if(!hostname)
	67	+ hostname = url;
	68	+ else
	69	+ hostname += 3;
	70	+
	71	+ char *path = strchr(hostname,'/');
	72	+ if(path)
	73	+ *(path++) = 0;
60	74
61		- char *hostname = strstr(urldup,"://");
62		- if(!hostname)
63		- hostname = urldup;
64		- else
65		- hostname += 3;
	75	+ mbstowcs(wHostname, hostname, strlen(hostname)+1);
	76	+ mbstowcs(wPath, path, strlen(path)+1);
66	77
67		- char *path = strchr(hostname,'/');
68		- if(path)
69		- *(path++) = 0;
	78	+ lib3270_free(url);
	79	+
	80	+ }
70	81
71	82	// https://docs.microsoft.com/en-us/windows/desktop/api/winhttp/nf-winhttp-winhttpopenrequest
72	83
...	...	@@ -90,9 +101,6 @@ X509_CRL * get_crl_using_http(H3270 hSession, SSL_ERROR_MESSAGE message, cons
90	101	}
91	102
92	103	// Connect to server
93		- debug("Hostname: \"%s\"",hostname);
94		- wchar_t wHostname[4096];
95		- mbstowcs(wHostname, hostname, strlen(hostname)+1);
96	104	lib3270_autoptr(HINTERNET) hConnect = WinHttpConnect(httpSession, wHostname, INTERNET_DEFAULT_HTTP_PORT, 0);
97	105	if(!hConnect)
98	106	{
...	...	@@ -108,9 +116,6 @@ X509_CRL * get_crl_using_http(H3270 hSession, SSL_ERROR_MESSAGE message, cons
108	116	}
109	117
110	118	// Create request.
111		- debug("Path: \"%s\"",path);
112		- wchar_t wPath[4096];
113		- mbstowcs(wPath, path, strlen(path)+1);
114	119	lib3270_autoptr(HINTERNET) hRequest = WinHttpOpenRequest(hConnect, L"GET", wPath, NULL, WINHTTP_NO_REFERER, WINHTTP_DEFAULT_ACCEPT_TYPES, WINHTTP_FLAG_ESCAPE_PERCENT);
115	120	if(!hConnect)
116	121	{
...	...	@@ -160,7 +165,8 @@ X509_CRL * get_crl_using_http(H3270 hSession, SSL_ERROR_MESSAGE message, cons
160	165	lib3270_autoptr(char) httpText = lib3270_malloc(szResponse+1);
161	166	memset(httpText,0,szResponse+1);
162	167
163		- debug("Response length: %u", (unsigned int) szResponse);
	168	+ debug("Data block: %p",httpText);
	169	+ debug("Response before: %u", (unsigned int) szResponse);
164	170
165	171	if(!WinHttpReadData(hRequest,httpText,szResponse,&szResponse)){
166	172	message->error = hSession->ssl.error = 0;
...	...	@@ -171,12 +177,17 @@ X509_CRL * get_crl_using_http(H3270 hSession, SSL_ERROR_MESSAGE message, cons
171	177	return NULL;
172	178	}
173	179
	180	+ debug("Response after: %u", (unsigned int) szResponse);
	181	+
174	182	//
175	183	// Parse CRL
176	184	//
177	185	X509_CRL * x509_crl = NULL;
178	186
179		- if(!d2i_X509_CRL(&x509_crl, (const unsigned char **) &httpText, szResponse))
	187	+ // Copy the pointer because d2i_X509_CRL changes the value!!!
	188	+ const unsigned char crl_data = (const unsigned char ) httpText;
	189	+
	190	+ if(!d2i_X509_CRL(&x509_crl,&crl_data, szResponse))
180	191	{
181	192	message->error = hSession->ssl.error = ERR_get_error();
182	193	message->title = _( "Security error" );
...	...	@@ -185,6 +196,7 @@ X509_CRL * get_crl_using_http(H3270 hSession, SSL_ERROR_MESSAGE message, cons
185	196	return NULL;
186	197	}
187	198
	199	+ debug("************URL:[%s]*******************",consturl);
188	200	return x509_crl;
189	201
190	202	}
...	...