Fix memory leaks in filter

Add attributes Update documentation
3 years ago · e654ca4e2c
parent f44f12456c
commit e654ca4e2c
7 changed files with 18 additions and 19 deletions
--- a/NEWS.md
+++ b/NEWS.md
@ -18,7 +18,7 @@
 	         port (serverport[*]|$macro|*)|
 	         *)]
 	      [log ([[!]connect] [[!]master] [[!]cert]
-	            [[!]content] [[!]pcap] [[!]mirror] [$macro]|*|!*)]
+	            [[!]content] [[!]pcap] [[!]mirror] [$macro]|[!]*)]
 	      |*)

 -   Add Define config option for defining macros to be used in filtering rules.
--- a/README.md
+++ b/README.md
@ -308,7 +308,7 @@ The syntax of filtering rules is as follows:
 	     port (serverport[*]|$macro|*)|
 	     *)]
 	  [log ([[!]connect] [[!]master] [[!]cert]
-	        [[!]content] [[!]pcap] [[!]mirror] [$macro]|*|!*)]
+	        [[!]content] [[!]pcap] [[!]mirror] [$macro]|[!]*)]
 	  |*)

 The definition of which connections the rule action will be applied to is 
--- a/src/filter.c
+++ b/src/filter.c
@ -346,9 +346,8 @@ filter_free(opts_t *opts)
 	}

 	while (pf->user_list) {
-		filter_user_free(pf->user_list->user);
-
 		filter_user_list_t *user = pf->user_list->next;
+		free_user(&pf->user_list->user)
 		free(pf->user_list);
 		pf->user_list = user;
 	}
@ -374,11 +373,8 @@ filter_free(opts_t *opts)
 	}

 	while (pf->ip_list) {
-		free(pf->ip_list->ip->ip);
-		filter_list_free(pf->ip_list->ip->list);
-		free(pf->ip_list->ip);
-
 		filter_ip_list_t *ip = pf->ip_list->next;
+		free_ip(&pf->ip_list->ip)
 		free(pf->ip_list);
 		pf->ip_list = ip;
 	}
@ -1563,7 +1559,7 @@ filter_rule_translate(opts_t *opts, const char *name, int argc, char **argv, int
 	//     port (serverport[*]|$macro|*)|
 	//     *)]
 	//  [log ([[!]connect] [[!]master] [[!]cert]
-	//        [[!]content] [[!]pcap] [[!]mirror] [$macro]|*|!*)]
+	//        [[!]content] [[!]pcap] [[!]mirror] [$macro]|[!]*)]
 	//  |*)

 	filter_rule_t *rule = malloc(sizeof(filter_rule_t));
@ -2652,6 +2648,9 @@ filter_user_get(filter_t *filter, filter_rule_t *rule)
 filter_t *
 filter_set(filter_rule_t *rule)
 {
+	if (!rule)
+		return NULL;
+
 	filter_t *filter = malloc(sizeof(filter_t));
 	if (!filter)
 		return oom_return_na_null();
--- a/src/filter.h
+++ b/src/filter.h
@ -256,12 +256,12 @@ typedef struct filter {
 void filter_userlist_free(userlist_t *);
 int filter_userlist_copy(userlist_t *, const char *, userlist_t **) NONNULL(2) WUNRES;
 char *filter_userlist_str(userlist_t *);
-int filter_userlist_set(char *, int, userlist_t **, const char *) WUNRES;
+int filter_userlist_set(char *, int, userlist_t **, const char *) NONNULL(1,4) WUNRES;
 #endif /* !WITHOUT_USERAUTH */

-void filter_macro_free(opts_t *);
+void filter_macro_free(opts_t *) NONNULL(1);
 void filter_rules_free(opts_t *) NONNULL(1);
-void filter_free(opts_t *);
+void filter_free(opts_t *) NONNULL(1);

 int filter_macro_copy(macro_t *, const char *, opts_t *) NONNULL(2,3) WUNRES;
 int filter_rules_copy(filter_rule_t *, const char *, opts_t *) NONNULL(2,3) WUNRES;
@ -270,13 +270,13 @@ char *filter_macro_str(macro_t *);
 char *filter_rule_str(filter_rule_t *);
 char *filter_str(filter_t *);

-int filter_passsite_set(opts_t *, char *, int) WUNRES;
-int filter_macro_set(opts_t *, char *, int) WUNRES;
+int filter_passsite_set(opts_t *, char *, int) NONNULL(1,2) WUNRES;
+int filter_macro_set(opts_t *, char *, int) NONNULL(1,2) WUNRES;

 filter_port_t *filter_port_find(filter_site_t *, char *) NONNULL(1,2);

-filter_site_t *filter_site_btree_exact_match(kbtree_t(site) *, char *);
-filter_site_t *filter_site_list_substring_match(filter_site_list_t *, char *);
+filter_site_t *filter_site_btree_exact_match(kbtree_t(site) *, char *) NONNULL(2) WUNRES;
+filter_site_t *filter_site_list_substring_match(filter_site_list_t *, char *) NONNULL(2) WUNRES;
 filter_site_t *filter_site_find(kbtree_t(site) *, filter_site_list_t *, char *) NONNULL(3) WUNRES;

 filter_ip_t *filter_ip_find(filter_t *, char *) NONNULL(1,2);
--- a/src/sslproxy.1
+++ b/src/sslproxy.1
@ -321,7 +321,7 @@ The syntax of filtering rules is as follows:
     port (serverport[*]|$macro|*)|
     *)]
  [log ([[!]connect] [[!]master] [[!]cert]
-        [[!]content] [[!]pcap] [[!]mirror] [$macro]|*|!*)]
+        [[!]content] [[!]pcap] [[!]mirror] [$macro]|[!]*)]
  |*)
 .LP
 The definition of which connections the rule action will be applied to is 
--- a/src/sslproxy.conf
+++ b/src/sslproxy.conf
@ -304,7 +304,7 @@ PassUsers admin
 #     port (serverport[*]|$macro|*)|
 #     *)]
 #  [log ([[!]connect] [[!]master] [[!]cert]
-#        [[!]content] [[!]pcap] [[!]mirror] [$macro]|*|!*)]
+#        [[!]content] [[!]pcap] [[!]mirror] [$macro]|[!]*)]
 #  |*)
 #
 # PassSite example.com is equivalent to the following two Pass rules:
--- a/src/sslproxy.conf.5
+++ b/src/sslproxy.conf.5
@ -366,7 +366,7 @@ The syntax of filtering rules is as follows:
     port (serverport[*]|$macro|*)|
     *)]
  [log ([[!]connect] [[!]master] [[!]cert]
-        [[!]content] [[!]pcap] [[!]mirror] [$macro]|*|!*)]
+        [[!]content] [[!]pcap] [[!]mirror] [$macro]|[!]*)]
  |*)
 .br