fixed possible leaks
authorVolker Birk <vb@pep.foundation>
Tue, 03 Apr 2018 11:45:04 +0200
changeset 27979c90923f384
parent 278 ae41fbcb1fd6
child 280 4f2813b98b81
fixed possible leaks
GateKeeper.cpp
     1.1 --- a/GateKeeper.cpp	Sat Feb 24 21:19:56 2018 +0100
     1.2 +++ b/GateKeeper.cpp	Tue Apr 03 11:45:04 2018 +0200
     1.3 @@ -434,59 +434,60 @@
     1.4                      break;
     1.5                  crypted += string(buffer, reading);
     1.6              } while (1);
     1.7 +
     1.8 +            InternetCloseHandle(hUrl);
     1.9 +            hUrl = NULL;
    1.10 +
    1.11 +            memcpy(nonce, iv, sizeof(iv));
    1.12 +
    1.13 +            BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO authInfo;
    1.14 +            BCRYPT_INIT_AUTH_MODE_INFO(authInfo);
    1.15 +            authInfo.pbNonce = nonce;
    1.16 +            authInfo.cbNonce = sizeof(nonce);
    1.17 +            authInfo.pbTag = tag;
    1.18 +            authInfo.cbTag = sizeof(tag);
    1.19 +
    1.20 +            ULONG unencrypted_size;
    1.21 +            NTSTATUS status = BCryptDecrypt(dk, (PUCHAR)crypted.data(), crypted.size(),
    1.22 +                &authInfo, iv, sizeof(iv), NULL, 0, &unencrypted_size, 0);
    1.23 +            if (status)
    1.24 +                goto closing;
    1.25 +
    1.26 +            unencrypted_buffer = new char[unencrypted_size];
    1.27 +
    1.28 +            PUCHAR crypted_data = (PUCHAR)crypted.data();
    1.29 +            ULONG crypted_size = (ULONG)crypted.size() - sizeof(tag);
    1.30 +            memcpy(tag, crypted_data + crypted_size, sizeof(tag));
    1.31 +
    1.32 +            status = BCryptDecrypt(dk, crypted_data, crypted_size,
    1.33 +                &authInfo, iv, sizeof(iv), (PUCHAR)unencrypted_buffer, unencrypted_size, &unencrypted_size, 0);
    1.34 +            if (status)
    1.35 +                goto closing;
    1.36 +
    1.37 +            BCryptDestroyKey(dk);
    1.38 +
    1.39 +            TCHAR temp_path[MAX_PATH + 1];
    1.40 +            GetTempPath(MAX_PATH, temp_path);
    1.41 +            filename = temp_path;
    1.42 +            filename += _T("\\pEp_");
    1.43 +            filename += delivery.substr(0, 32);
    1.44 +            filename += _T(".msi");
    1.45 +
    1.46 +            hFile = CreateFile(filename.c_str(), GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
    1.47 +            if (!hFile)
    1.48 +                goto closing;
    1.49 +            DWORD writing;
    1.50 +            WriteFile(hFile, unencrypted_buffer, unencrypted_size, &writing, NULL);
    1.51 +            CloseHandle(hFile);
    1.52 +            delete[] unencrypted_buffer;
    1.53 +            unencrypted_buffer = nullptr;
    1.54          }
    1.55          catch (exception&) {
    1.56              goto closing;
    1.57          }
    1.58  
    1.59 -        InternetCloseHandle(hUrl);
    1.60 -        hUrl = NULL;
    1.61 -
    1.62 -        memcpy(nonce, iv, sizeof(iv));
    1.63 -
    1.64 -        BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO authInfo;
    1.65 -        BCRYPT_INIT_AUTH_MODE_INFO(authInfo);
    1.66 -        authInfo.pbNonce = nonce;
    1.67 -        authInfo.cbNonce = sizeof(nonce);
    1.68 -        authInfo.pbTag = tag;
    1.69 -        authInfo.cbTag = sizeof(tag);
    1.70 -
    1.71 -        ULONG unencrypted_size;
    1.72 -        NTSTATUS status = BCryptDecrypt(dk, (PUCHAR)crypted.data(), crypted.size(),
    1.73 -            &authInfo, iv, sizeof(iv), NULL, 0, &unencrypted_size, 0);
    1.74 -        if (status)
    1.75 -            goto closing;
    1.76 -
    1.77 -        unencrypted_buffer = new char[unencrypted_size];
    1.78 -        PUCHAR crypted_data = (PUCHAR)crypted.data();
    1.79 -        ULONG crypted_size = (ULONG)crypted.size() - sizeof(tag);
    1.80 -        memcpy(tag, crypted_data + crypted_size, sizeof(tag));
    1.81 -
    1.82 -        status = BCryptDecrypt(dk, crypted_data, crypted_size,
    1.83 -            &authInfo, iv, sizeof(iv), (PUCHAR)unencrypted_buffer, unencrypted_size, &unencrypted_size, 0);
    1.84 -        if (status)
    1.85 -            goto closing;
    1.86 -
    1.87 -        BCryptDestroyKey(dk);
    1.88 -
    1.89 -        TCHAR temp_path[MAX_PATH + 1];
    1.90 -        GetTempPath(MAX_PATH, temp_path);
    1.91 -        filename = temp_path;
    1.92 -        filename += _T("\\pEp_");
    1.93 -        filename += delivery.substr(0, 32);
    1.94 -        filename += _T(".msi");
    1.95 -
    1.96 -        hFile = CreateFile(filename.c_str(), GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
    1.97 -        if (!hFile)
    1.98 -            goto closing;
    1.99 -        DWORD writing;
   1.100 -        WriteFile(hFile, unencrypted_buffer, unencrypted_size, &writing, NULL);
   1.101 -        CloseHandle(hFile);
   1.102 -
   1.103          install_msi(filename);
   1.104  
   1.105 -        return;
   1.106 -
   1.107      closing:
   1.108          if (unencrypted_buffer)
   1.109              delete[] unencrypted_buffer;