Mon 33334 cbd memory leak jc 2 (#1076)

* add malloc_trace library * move some parts of malloc-trace code * flush only orphan malloc and free * MON-33334 malloc_trace realloc name fix, tls memory-leak fix * function passed to gnutls must never throw * generate package * no generate package REFS:MON-33334
centreon · Jan 29, 2024 · 9ac7cc3 · 9ac7cc3 · github-actions · Jan 30, 2024
1 parent 7b5e311
commit 9ac7cc3
Show file tree

Hide file tree

Showing 15 changed files with 232 additions and 268 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -196,6 +196,7 @@ if (WITH_MALLOC_TRACE)
   add_subdirectory(malloc-trace)
 endif()
 
+
 add_custom_target(test-broker COMMAND tests/ut_broker)
 add_custom_target(test-engine COMMAND tests/ut_engine)
 add_custom_target(test-clib COMMAND tests/ut_clib)

diff --git a/broker/tcp/src/tcp_connection.cc b/broker/tcp/src/tcp_connection.cc
@@ -1,20 +1,20 @@
 /**
-* Copyright 2020-2021 Centreon
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*
-* For more information : contact@centreon.com
-*/
+ * Copyright 2020-2021 Centreon
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * For more information : contact@centreon.com
+ */
 #include "com/centreon/broker/tcp/tcp_connection.hh"
 
 #include "com/centreon/broker/exceptions/connection_closed.hh"

diff --git a/broker/tls/inc/com/centreon/broker/tls/params.hh b/broker/tls/inc/com/centreon/broker/tls/params.hh
@@ -21,10 +21,8 @@
 
 #include <gnutls/gnutls.h>
 
+namespace com::centreon::broker::tls {
 
-namespace com::centreon::broker {
-
-namespace tls {
 /**
  *  @class params params.hh "com/centreon/broker/tls/params.hh"
  *  @brief Configure parameters of a TLS connection (either incoming
@@ -59,17 +57,16 @@ class params {
   params(params const& p) = delete;
   params& operator=(params const& p) = delete;
   virtual ~params();
-  void apply(gnutls_session_t session);
+  void apply(gnutls_session_t session) const;
   void load();
   void reset();
   void set_cert(std::string const& cert, std::string const& key);
   void set_compression(bool compress = false);
   void set_trusted_ca(std::string const& ca_cert);
   void set_tls_hostname(std::string const& tls_hostname);
-  void validate_cert(gnutls_session_t session);
+  void validate_cert(gnutls_session_t session) const;
 };
-}  // namespace tls
 
-}
+}  // namespace com::centreon::broker::tls
 
 #endif  // !CCB_TLS_PARAMS_HH
diff --git a/broker/tls/inc/com/centreon/broker/tls/stream.hh b/broker/tls/inc/com/centreon/broker/tls/stream.hh
@@ -22,10 +22,10 @@
 #include <gnutls/gnutls.h>
 
 #include "com/centreon/broker/io/stream.hh"
+#include "com/centreon/broker/tls/params.hh"
 
-namespace com::centreon::broker {
+namespace com::centreon::broker::tls {
 
-namespace tls {
 /**
  *  @class stream stream.hh "com/centreon/broker/tls/stream.hh"
  *  @brief TLS wrapper of an underlying stream.
@@ -38,11 +38,14 @@ namespace tls {
 class stream : public io::stream {
   std::vector<char> _buffer;
   time_t _deadline;
-  gnutls_session_t* _session;
+  gnutls_session_t _session;
 
  public:
-  stream(gnutls_session_t* session);
+  stream(unsigned int session_flags);
   ~stream();
+
+  void init(const params& param);
+
   stream(const stream&) = delete;
   stream& operator=(const stream&) = delete;
   bool read(std::shared_ptr<io::data>& d, time_t deadline) override;
@@ -51,8 +54,7 @@ class stream : public io::stream {
   int32_t stop() override { return 0; }
   long long write_encrypted(void const* buffer, long long size);
 };
-}  // namespace tls
 
-}
+}  // namespace com::centreon::broker::tls
 
 #endif  // !CCB_TLS_STREAM_HH
diff --git a/broker/tls/src/acceptor.cc b/broker/tls/src/acceptor.cc
@@ -1,28 +1,26 @@
 /**
-* Copyright 2009-2013, 2021 Centreon
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*
-* For more information : contact@centreon.com
-*/
+ * Copyright 2009-2013, 2021 Centreon
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * For more information : contact@centreon.com
+ */
 
 #include "com/centreon/broker/tls/acceptor.hh"
 
 #include <gnutls/gnutls.h>
 
 #include "com/centreon/broker/log_v2.hh"
-#include "com/centreon/broker/tls/internal.hh"
-#include "com/centreon/broker/tls/params.hh"
 #include "com/centreon/broker/tls/stream.hh"
 #include "com/centreon/exceptions/msg_fmt.hh"
 
@@ -87,7 +85,7 @@ std::shared_ptr<io::stream> acceptor::open() {
  */
 std::shared_ptr<io::stream> acceptor::open(
     const std::shared_ptr<io::stream>& lower) {
-  std::shared_ptr<io::stream> u;
+  std::shared_ptr<stream> u;
   if (lower) {
     int ret;
 
@@ -98,61 +96,10 @@ std::shared_ptr<io::stream> acceptor::open(
     p.set_tls_hostname(_tls_hostname);
     p.load();
 
-    gnutls_session_t* session(new gnutls_session_t);
-    try {
-      // Initialize the TLS session
-      log_v2::tls()->debug("TLS: initializing session");
-      // GNUTLS_NONBLOCK was introduced in gnutls 2.99.3.
-#ifdef GNUTLS_NONBLOCK
-      ret = gnutls_init(session, GNUTLS_SERVER | GNUTLS_NONBLOCK);
-#else
-      ret = gnutls_init(session, GNUTLS_SERVER);
-#endif  // GNUTLS_NONBLOCK
-      if (ret != GNUTLS_E_SUCCESS) {
-        log_v2::tls()->error("TLS: cannot initialize session: {}",
-                             gnutls_strerror(ret));
-        throw msg_fmt("TLS: cannot initialize session: {}",
-                      gnutls_strerror(ret));
-      }
-
-      // Apply TLS parameters.
-      p.apply(*session);
-
-      // Create stream object.
-      u.reset(new stream(session));
-    } catch (...) {
-      gnutls_deinit(*session);
-      delete session;
-      throw;
-    }
+    // Create stream object.
+    u = std::make_shared<stream>(GNUTLS_SERVER | GNUTLS_NONBLOCK);
     u->set_substream(lower);
-
-    // Bind the TLS session with the stream from the lower layer.
-#if GNUTLS_VERSION_NUMBER < 0x020C00
-    gnutls_transport_set_lowat(*session, 0);
-#endif  // GNU TLS < 2.12.0
-    gnutls_transport_set_pull_function(*session, pull_helper);
-    gnutls_transport_set_push_function(*session, push_helper);
-    gnutls_transport_set_ptr(*session, u.get());
-
-    // Perform the TLS handshake.
-    log_v2::tls()->debug("TLS: performing handshake");
-    do {
-      ret = gnutls_handshake(*session);
-    } while (GNUTLS_E_AGAIN == ret || GNUTLS_E_INTERRUPTED == ret);
-    if (ret != GNUTLS_E_SUCCESS) {
-      log_v2::tls()->error("TLS: handshake failed: {}", gnutls_strerror(ret));
-      throw msg_fmt("TLS: handshake failed: {} ", gnutls_strerror(ret));
-    }
-    log_v2::tls()->debug("TLS: successful handshake");
-    gnutls_protocol_t prot = gnutls_protocol_get_version(*session);
-    gnutls_cipher_algorithm_t ciph = gnutls_cipher_get(*session);
-    log_v2::tls()->debug("TLS: protocol and cipher  {} {} used",
-                         gnutls_protocol_get_name(prot),
-                         gnutls_cipher_get_name(ciph));
-
-    // Check certificate.
-    p.validate_cert(*session);
+    u->init(p);
   }
 
   return u;

diff --git a/broker/tls/src/connector.cc b/broker/tls/src/connector.cc
@@ -1,26 +1,24 @@
 /**
-* Copyright 2009-2013 Centreon
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*
-* For more information : contact@centreon.com
-*/
+ * Copyright 2009-2013 Centreon
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * For more information : contact@centreon.com
+ */
 
 #include "com/centreon/broker/tls/connector.hh"
 
 #include "com/centreon/broker/log_v2.hh"
-#include "com/centreon/broker/tls/internal.hh"
-#include "com/centreon/broker/tls/params.hh"
 #include "com/centreon/broker/tls/stream.hh"
 #include "com/centreon/exceptions/msg_fmt.hh"
 
@@ -72,7 +70,7 @@ std::shared_ptr<io::stream> connector::open() {
  *  @return Encrypted stream.
  */
 std::shared_ptr<io::stream> connector::open(std::shared_ptr<io::stream> lower) {
-  std::shared_ptr<io::stream> u;
+  std::shared_ptr<stream> u;
   if (lower) {
     int ret;
     // Load parameters.
@@ -82,61 +80,10 @@ std::shared_ptr<io::stream> connector::open(std::shared_ptr<io::stream> lower) {
     p.set_tls_hostname(_tls_hostname);
     p.load();
 
-    gnutls_session_t* session(new gnutls_session_t);
-    try {
-      // Initialize the TLS session
-      log_v2::tls()->debug("TLS: initializing session");
-#ifdef GNUTLS_NONBLOCK
-      ret = gnutls_init(session, GNUTLS_CLIENT | GNUTLS_NONBLOCK);
-#else
-      ret = gnutls_init(session, GNUTLS_CLIENT);
-#endif  // GNUTLS_NONBLOCK
-      if (ret != GNUTLS_E_SUCCESS) {
-        log_v2::tls()->error("TLS: cannot initialize session: {}",
-                             gnutls_strerror(ret));
-        throw msg_fmt("TLS: cannot initialize session: {} ",
-                      gnutls_strerror(ret));
-      }
-
-      // Apply TLS parameters to the current session.
-      p.apply(*session);
-
-      // Create stream object.
-      u.reset(new stream(session));
-    } catch (...) {
-      gnutls_deinit(*session);
-      delete session;
-      throw;
-    }
+    // Create stream object.
+    u = std::make_shared<stream>(GNUTLS_CLIENT);
     u->set_substream(lower);
-
-    // Bind the TLS session with the stream from the lower layer.
-#if GNUTLS_VERSION_NUMBER < 0x020C00
-    gnutls_transport_set_lowat(*session, 0);
-#endif  // GNU TLS < 2.12.0
-    gnutls_transport_set_pull_function(*session, pull_helper);
-    gnutls_transport_set_push_function(*session, push_helper);
-    gnutls_transport_set_ptr(*session, u.get());
-
-    // Perform the TLS handshake.
-    log_v2::tls()->debug("TLS: performing handshake");
-    do {
-      ret = gnutls_handshake(*session);
-    } while (GNUTLS_E_AGAIN == ret || GNUTLS_E_INTERRUPTED == ret);
-    if (ret != GNUTLS_E_SUCCESS) {
-      log_v2::tls()->error("TLS: handshake failed: {}", gnutls_strerror(ret));
-      throw msg_fmt("TLS: handshake failed: {}", gnutls_strerror(ret));
-    }
-
-    log_v2::tls()->debug("TLS: successful handshake");
-    gnutls_protocol_t prot = gnutls_protocol_get_version(*session);
-    gnutls_cipher_algorithm_t ciph = gnutls_cipher_get(*session);
-    log_v2::tls()->debug("TLS: protocol and cipher  {} {} used",
-                         gnutls_protocol_get_name(prot),
-                         gnutls_cipher_get_name(ciph));
-
-    // Check certificate if necessary.
-    p.validate_cert(*session);
+    u->init(p);
   }
 
   return u;