Jump to exit on error paths to free resources before returning

iotsafe-raspberrypi: goto exit on cert-load failure (was return -1).
MQX server: replace bare return -1 with goto exit + guarded cleanup.
QNX client: correct cleanup-ladder jump targets to unwind properly.
initialize ctx and ssl to NULL
validate wolfIoTSafe_GetCert's int return before casting to uint32_t
This commit is contained in:
Ruby Martin
2026-07-06 11:25:26 -06:00
parent e79c581105
commit f5610a8a76
4 changed files with 69 additions and 48 deletions
+5 -5
View File
@@ -41,8 +41,8 @@ int main(int argc, char** argv)
int ret;
/* declare wolfSSL objects */
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
@@ -72,14 +72,14 @@ int main(int argc, char** argv)
if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr, sizeof(servAddr.sin_addr)) != 1) {
fprintf(stderr, "ERROR: invalid address\n");
ret = -1;
goto end;
goto socket_cleanup;
}
/* Connect to the server */
if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr)))
== -1) {
fprintf(stderr, "ERROR: failed to connect\n");
goto end;
goto socket_cleanup;
}
/*---------------------------------*/
@@ -95,7 +95,7 @@ int main(int argc, char** argv)
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
ret = -1;
goto socket_cleanup;
goto ctx_cleanup;
}
/* Load client certificates into WOLFSSL_CTX */
+42 -24
View File
@@ -35,20 +35,20 @@
int main()
{
int sockfd;
int connd;
int sockfd = -1;
int connd = -1;
struct sockaddr_in servAddr;
struct sockaddr_in clientAddr;
socklen_t size = sizeof(clientAddr);
char buff[256];
size_t len;
int shutdown = 0;
int ret;
int ret = 0;
const char* reply = "I hear ya fa shizzle!\n";
/* declare wolfSSL objects */
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
@@ -62,7 +62,8 @@ int main()
* 0 means choose the default protocol. */
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
fprintf(stderr, "ERROR: failed to create the socket\n");
return -1;
ret = -1;
goto exit;
}
@@ -70,7 +71,8 @@ int main()
/* Create and initialize WOLFSSL_CTX */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
return -1;
ret = -1;
goto exit;
}
/* Load server certificates into WOLFSSL_CTX */
@@ -78,7 +80,8 @@ int main()
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CERT_FILE);
return -1;
ret = -1;
goto exit;
}
/* Load server key into WOLFSSL_CTX */
@@ -86,7 +89,8 @@ int main()
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
KEY_FILE);
return -1;
ret = -1;
goto exit;
}
@@ -104,13 +108,15 @@ int main()
/* Bind the server socket to our port */
if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) {
fprintf(stderr, "ERROR: failed to bind\n");
return -1;
ret = -1;
goto exit;
}
/* Listen for a new connection, allow 5 pending connections */
if (listen(sockfd, 5) == -1) {
fprintf(stderr, "ERROR: failed to listen\n");
return -1;
ret = -1;
goto exit;
}
@@ -123,13 +129,15 @@ int main()
if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size))
== -1) {
fprintf(stderr, "ERROR: failed to accept the connection\n\n");
return -1;
ret = -1;
goto exit;
}
/* Create a WOLFSSL object */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
return -1;
ret = -1;
goto exit;
}
/* Attach wolfSSL to the socket */
@@ -140,7 +148,8 @@ int main()
if (ret != SSL_SUCCESS) {
fprintf(stderr, "wolfSSL_accept error = %d\n",
wolfSSL_get_error(ssl, ret));
return -1;
ret = -1;
goto exit;
}
@@ -152,7 +161,8 @@ int main()
memset(buff, 0, sizeof(buff));
if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
fprintf(stderr, "ERROR: failed to read\n");
return -1;
ret = -1;
goto exit;
}
/* Print to stdout any data the client sends */
@@ -174,23 +184,31 @@ int main()
/* Reply back to the client */
if (wolfSSL_write(ssl, buff, len) != len) {
fprintf(stderr, "ERROR: failed to write\n");
return -1;
ret = -1;
goto exit;
}
/* Cleanup after this connection */
wolfSSL_free(ssl); /* Free the wolfSSL object */
ssl = NULL;
close(connd); /* Close the connection to the client */
connd = -1;
}
printf("Shutdown complete\n");
ret = 0;
/* Cleanup and return */
wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
close(sockfd); /* Close the socket listening for clients */
return 0; /* Return reporting a success */
}
exit:
if (ssl != NULL)
wolfSSL_free(ssl); /* Free the wolfSSL object */
if (connd != -1)
close(connd); /* Close the connection to the client */
if (ctx != NULL)
wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
if (sockfd != -1)
close(sockfd); /* Close the socket listening for clients */
return ret; /* Return reporting success or failure */
}
+11 -11
View File
@@ -88,8 +88,8 @@ int main(int argc, char** argv)
FILE* f;
/* declare wolfSSL objects */
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
/* Check for proper calling convention */
if (argc != 6) {
@@ -119,14 +119,14 @@ int main(int argc, char** argv)
if (inet_pton(AF_INET, argv[2], &servAddr.sin_addr) != 1) {
fprintf(stderr, "ERROR: invalid address\n");
ret = -1;
goto end;
goto socket_cleanup;
}
/* Connect to the server */
if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr)))
== -1) {
fprintf(stderr, "ERROR: failed to connect\n");
goto end;
goto socket_cleanup;
}
/*---------------------------------*/
@@ -142,7 +142,7 @@ int main(int argc, char** argv)
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
ret = -1;
goto socket_cleanup;
goto ctx_cleanup;
}
/* load cert and convert DER to PEM using dynamic length */
@@ -150,7 +150,7 @@ int main(int argc, char** argv)
if (pemSz <= 0) {
fprintf(stderr, "ERROR: converting DER cert to PEM\n");
ret = -1;
goto socket_cleanup;
goto ctx_cleanup;
}
if (wolfSSL_CTX_use_certificate_buffer(ctx, pem, pemSz,
@@ -158,7 +158,7 @@ int main(int argc, char** argv)
fprintf(stderr, "issue loading in pem cert\n");
ret = -1;
free(pem);
goto socket_cleanup;
goto ctx_cleanup;
}
free(pem);
@@ -167,7 +167,7 @@ int main(int argc, char** argv)
if (pemSz <= 0) {
fprintf(stderr, "ERROR: converting DER key to PEM\n");
ret = -1;
goto socket_cleanup;
goto ctx_cleanup;
}
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, pem, pemSz,
@@ -175,7 +175,7 @@ int main(int argc, char** argv)
fprintf(stderr, "issue loading in pem key\n");
ret = -1;
free(pem);
goto socket_cleanup;
goto ctx_cleanup;
}
free(pem);
@@ -184,7 +184,7 @@ int main(int argc, char** argv)
if (f == NULL) {
fprintf(stderr, "unable to open %s\n", argv[3]);
ret = -1;
goto socket_cleanup;
goto ctx_cleanup;
}
fseek(f, 0, SEEK_END);
pemSz = ftell(f);
@@ -193,7 +193,7 @@ int main(int argc, char** argv)
if (pem == NULL) {
fclose(f);
ret = -1;
goto socket_cleanup;
goto ctx_cleanup;
}
pemSz = fread(pem, 1, pemSz, f);
fclose(f);
+11 -8
View File
@@ -161,6 +161,7 @@ int client_loop(const char *peer_ip, const char *peer_name,
/* Declare certificate temporary buffer */
uint8_t cert_buffer[2048] = {0};
uint32_t cert_buffer_size = 0;
int cert_sz = 0;
uint8_t *cert_iter = NULL;
/* Declare wolfSSL objects */
@@ -306,16 +307,17 @@ int client_loop(const char *peer_ip, const char *peer_name,
/* Extract client certificate from IoTSAFE*/
printf("---- Extracting client certificate from IoTSAFE\n");
if ((cert_buffer_size = wolfIoTSafe_GetCert(
cert_sz = wolfIoTSafe_GetCert(
CRT_CLIENT_FILE_ID,
cert_buffer,
sizeof(cert_buffer)))
< 1)
sizeof(cert_buffer));
if (cert_sz < 1)
{
fprintf(stderr, "ERROR: Bad client certificate\n");
ret = -1;
goto exit;
}
cert_buffer_size = (uint32_t)cert_sz;
/* Print extracted client certificate */
printf("---- Printing extracted client certificate\n");
@@ -332,21 +334,22 @@ int client_loop(const char *peer_ip, const char *peer_name,
!= WOLFSSL_SUCCESS)
{
fprintf(stderr, "ERROR: Failed to load client certificate\n");
return -1;
goto exit;
}
/* Extract server certificate from IoTSAFE*/
printf("---- Extracting server certificate from IoTSAFE\n");
if ((cert_buffer_size = wolfIoTSafe_GetCert(
cert_sz = wolfIoTSafe_GetCert(
CRT_SERVER_FILE_ID,
cert_buffer,
sizeof(cert_buffer)))
< 1)
sizeof(cert_buffer));
if (cert_sz < 1)
{
fprintf(stderr, "ERROR: Bad server certificate\n");
ret = -1;
goto exit;
}
cert_buffer_size = (uint32_t)cert_sz;
/* Print extracted server certificate */
printf("---- Printing extracted server certificate\n");
@@ -363,7 +366,7 @@ int client_loop(const char *peer_ip, const char *peer_name,
!= WOLFSSL_SUCCESS)
{
fprintf(stderr, "ERROR: Failed to load server certificate\n");
return -1;
goto exit;
}
/* Set client to authenticate server */