From 41b9cf9c67b7ceec3acc1a088df500c0c62bf1d2 Mon Sep 17 00:00:00 2001
From: Sylvain Berfini <sylvain.berfini@belledonne-communications.com>
Date: Tue, 3 Jan 2017 11:25:03 +0100
Subject: [PATCH] Fix allocs and frees in lime

---
 coreapi/lime.c          | 38 ++++++++++++++++++++++----------------
 tester/message_tester.c | 22 +++++++++++-----------
 2 files changed, 33 insertions(+), 27 deletions(-)

diff --git a/coreapi/lime.c b/coreapi/lime.c
index 773dd4627..853b80c14 100644
--- a/coreapi/lime.c
+++ b/coreapi/lime.c
@@ -582,6 +582,7 @@ int lime_createMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_t
 	xmlNodePtr rootNode;
 	int i;
 	int xmlStringLength;
+	xmlChar *local_output = NULL;
 
 	/* retrieve selfZIDHex from cache(return a 24 char hexa string + null termination) */
 	if (lime_getSelfZid(cacheBuffer, selfZidHex) != 0) {
@@ -627,7 +628,7 @@ int lime_createMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_t
 		/* encrypt message with current key */
 		limeKey_t *currentKey = associatedKeys.peerKeys[i];
 		/* encrypted message include a 16 bytes tag */
-		uint8_t *encryptedMessage = (uint8_t *)malloc(encryptedMessageLength);
+		uint8_t *encryptedMessage = (uint8_t *)ms_malloc(encryptedMessageLength);
 		lime_encryptMessage(currentKey, message, (uint32_t)strlen((char *)message), selfZid, encryptedMessage);
 		/* add a "msg" node the the output message, doc node is :
 		 * <msg>
@@ -653,12 +654,12 @@ int lime_createMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_t
 
 		/* convert the cipherText to base 64 */
 		bctbx_base64_encode(NULL, &b64Size, encryptedMessage, encryptedMessageLength); /* b64Size is 0, so it is set to the requested output buffer size */
-		encryptedMessageb64 = malloc(b64Size+1); /* allocate a buffer of requested size +1 for NULL termination */
+		encryptedMessageb64 = ms_malloc(b64Size+1); /* allocate a buffer of requested size +1 for NULL termination */
 		bctbx_base64_encode(encryptedMessageb64, &b64Size, encryptedMessage, encryptedMessageLength); /* b64Size is 0, so it is set to the requested output buffer size */
 		encryptedMessageb64[b64Size] = '\0'; /* libxml need a null terminated string */
 		xmlNewTextChild(msgNode, NULL, (const xmlChar *)"text", (const xmlChar *)encryptedMessageb64);
-		free(encryptedMessage);
-		free(encryptedMessageb64);
+		ms_free(encryptedMessage);
+		ms_free(encryptedMessageb64);
 
 		/* add the message Node into the doc */
 		xmlAddChild(rootNode, msgNode);
@@ -669,9 +670,14 @@ int lime_createMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_t
 	}
 
 	/* dump the whole message doc into the output */
-	xmlDocDumpFormatMemoryEnc(xmlOutputMessage, output, &xmlStringLength, "UTF-8", 0);
-	xmlFreeDoc(xmlOutputMessage);
+	xmlDocDumpFormatMemoryEnc(xmlOutputMessage, &local_output, &xmlStringLength, "UTF-8", 0);
 
+	*output = (uint8_t *)ms_malloc(xmlStringLength + 1);
+	memcpy(*output, local_output, xmlStringLength);
+	(*output)[xmlStringLength] = '\0';
+
+	xmlFree(local_output);
+	xmlFreeDoc(xmlOutputMessage);
 	lime_freeKeys(&associatedKeys);
 
 	return 0;
@@ -700,7 +706,7 @@ int lime_decryptMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_
 
 	/* parse the message into an xml doc */
 	/* make sure we have a valid xml message before trying to parse it */
-	if (memcmp(message, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>", 38) != 0 ) {
+	if (memcmp(message, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>", 38) != 0) {
 		return LIME_INVALID_ENCRYPTED_MESSAGE;
 	}
 	xmlEncryptedMessage = xmlParseDoc((const xmlChar *)message);
@@ -757,7 +763,7 @@ int lime_decryptMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_
 				/* convert the cipherText from base 64 */
 				encryptedMessageb64 = xmlNodeListGetString(cacheBuffer, msgChildrenNode->xmlChildrenNode, 1);
 				bctbx_base64_decode(NULL, &encryptedMessageLength, encryptedMessageb64, strlen((char *)encryptedMessageb64)); /* encryptedMessageLength is 0, so it will be set to the requested buffer length */
-				encryptedMessage = (uint8_t *)malloc(encryptedMessageLength);
+				encryptedMessage = (uint8_t *)ms_malloc(encryptedMessageLength);
 				bctbx_base64_decode(encryptedMessage, &encryptedMessageLength, encryptedMessageb64, strlen((char *)encryptedMessageb64));
 
 				xmlFree(encryptedMessageb64);
@@ -781,13 +787,13 @@ int lime_decryptMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_
 	/* shall we derive our key before going for decryption */
 	if (usedSessionIndex < associatedKey.sessionIndex) {
 		/* something wen't wrong with the cache, this shall never happend */
-		free(encryptedMessage);
+		ms_free(encryptedMessage);
 		return LIME_UNABLE_TO_DECRYPT_MESSAGE;
 	}
 
 	if ((usedSessionIndex - associatedKey.sessionIndex > MAX_DERIVATION_NUMBER) ) {
 		/* we missed to many messages, ask for a cache reset via a ZRTP call */
-		free(encryptedMessage);
+		ms_free(encryptedMessage);
 		return LIME_UNABLE_TO_DECRYPT_MESSAGE;
 	}
 
@@ -796,13 +802,13 @@ int lime_decryptMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_
 	}
 
 	/* decrypt the message */
-	*output = (uint8_t *)malloc(encryptedMessageLength - 16 +1); /* plain message is same length than encrypted one with 16 bytes less for the tag + 1 to add the null termination char */
+	*output = (uint8_t *)ms_malloc(encryptedMessageLength - 16 +1); /* plain message is same length than encrypted one with 16 bytes less for the tag + 1 to add the null termination char */
 	retval = lime_decryptMessage(&associatedKey, encryptedMessage, (uint32_t)encryptedMessageLength, selfZid, *output);
 
-	free(encryptedMessage);
+	ms_free(encryptedMessage);
 
-	if (retval!=0 ) {
-		free(*output);
+	if (retval != 0) {
+		ms_free(*output);
 		*output = NULL;
 		return LIME_UNABLE_TO_DECRYPT_MESSAGE;
 	}
@@ -893,7 +899,7 @@ int lime_im_encryption_engine_process_incoming_message_cb(LinphoneImEncryptionEn
 			retval = lime_decryptMultipartMessage(cacheXml, (uint8_t *)msg->message, &decrypted_body);
 			if (retval != 0) {
 				ms_warning("Unable to decrypt message, reason : %s", lime_error_code_to_string(retval));
-				if (decrypted_body) free(decrypted_body);
+				if (decrypted_body) ms_free(decrypted_body);
 				xmlFreeDoc(cacheXml);
 				errcode = 488;
 				return errcode;
@@ -977,7 +983,7 @@ int lime_im_encryption_engine_process_outgoing_message_cb(LinphoneImEncryptionEn
 			retval = lime_createMultipartMessage(cacheXml, (uint8_t *)msg->message, (uint8_t *)peer, &crypted_body);
 			if (retval != 0) {
 				ms_warning("Unable to encrypt message for %s : %s", peer, lime_error_code_to_string(retval));
-				if (crypted_body) free(crypted_body);
+				if (crypted_body) ms_free(crypted_body);
 				errcode = 488;
 			} else {
 				/* dump updated cache to a string */
diff --git a/tester/message_tester.c b/tester/message_tester.c
index 0a601ce62..67c3b6d0f 100644
--- a/tester/message_tester.c
+++ b/tester/message_tester.c
@@ -2052,17 +2052,17 @@ test_t message_tests[] = {
 	TEST_NO_TAG("Info message", info_message),
 	TEST_NO_TAG("Info message with body", info_message_with_body),
 	TEST_NO_TAG("IsComposing notification", is_composing_notification),
-	TEST_NO_TAG("IsComposing notification lime", is_composing_notification_with_lime),
-	TEST_NO_TAG("Lime text message", lime_text_message),
-	TEST_NO_TAG("Lime text message to non lime", lime_text_message_to_non_lime),
-	TEST_NO_TAG("Lime transfer message", lime_transfer_message),
-	TEST_NO_TAG("Lime transfer message 2", lime_transfer_message_2),
-	TEST_NO_TAG("Lime transfer message 3", lime_transfer_message_3),
-	TEST_NO_TAG("Lime transfer message 4", lime_transfer_message_4),
-	TEST_NO_TAG("Lime transfer message from history", lime_transfer_message_from_history),
-	TEST_NO_TAG("Lime transfer message without encryption", lime_transfer_message_without_encryption),
-	TEST_NO_TAG("Lime transfer message without encryption 2", lime_transfer_message_without_encryption_2),
-	TEST_NO_TAG("Lime unitary", lime_unit),
+	TEST_ONE_TAG("IsComposing notification lime", is_composing_notification_with_lime, "LIME"),
+	TEST_ONE_TAG("Lime text message", lime_text_message, "LIME"),
+	TEST_ONE_TAG("Lime text message to non lime", lime_text_message_to_non_lime, "LIME"),
+	TEST_ONE_TAG("Lime transfer message", lime_transfer_message, "LIME"),
+	TEST_ONE_TAG("Lime transfer message 2", lime_transfer_message_2, "LIME"),
+	TEST_ONE_TAG("Lime transfer message 3", lime_transfer_message_3, "LIME"),
+	TEST_ONE_TAG("Lime transfer message 4", lime_transfer_message_4, "LIME"),
+	TEST_ONE_TAG("Lime transfer message from history", lime_transfer_message_from_history, "LIME"),
+	TEST_ONE_TAG("Lime transfer message without encryption", lime_transfer_message_without_encryption, "LIME"),
+	TEST_ONE_TAG("Lime transfer message without encryption 2", lime_transfer_message_without_encryption_2, "LIME"),
+	TEST_ONE_TAG("Lime unitary", lime_unit, "LIME"),
 #ifdef SQLITE_STORAGE_ENABLED
 	TEST_NO_TAG("Database migration", database_migration),
 	TEST_NO_TAG("History range", history_range),