Skip to content

Handle leak in error paths in SendRequest() #43

Open
Open
Handle leak in error paths in SendRequest()#43
@JohnLaTwC

Description

@JohnLaTwC
JohnLaTwC
opened on Aug 9, 2021

The function SendRequest() creates an unnamed event.

!	HANDLE hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);

	OVERLAPPED ol = {0};
	ol.hEvent = hEvent;

PAExec/Remote.cpp

Line 470 in 954f83e

HANDLE hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);

There are several error paths where the SendRequest() function exits early and does not call CloseHandle on the event.

bool SendRequest(LPCWSTR remoteServer, HANDLE& hPipe, RemMsg& msgOut, RemMsg& msgReturned, Settings& settings)
{
...

	HANDLE hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);

	OVERLAPPED ol = {0};
	ol.hEvent = hEvent;

	if (!fSuccess) 
	{
		gle = GetLastError();
		if(ERROR_IO_PENDING != gle)
		{
			Log(StrFormat(L"Error communicating with %s.", remoteServer), gle);
			CloseHandle(hPipe);
			hPipe = INVALID_HANDLE_VALUE;
+			CloseHandle(hEvent);
			return false;
		}
	}

	while(true)
	{
		if(WAIT_OBJECT_0 == WaitForSingleObject(ol.hEvent, 0))
		{
			GetOverlappedResult(hPipe, &ol, &cbWritten, FALSE);
			break;
		}
		if(gbStop)
+		{
+			CloseHandle(hEvent);
			return false;
+		}
		Sleep(100);
	}
	
	bool bFirstRead = true;
	do 
	{ 
		BYTE buffer[16384] = {0};
		
		ol.Offset = 0;
		ol.OffsetHigh = 0;

		DWORD cbRead = 0;
		// Read from the pipe. 
		fSuccess = ReadFile( 
			hPipe,			// pipe handle 
			buffer,			// buffer to receive reply 
			sizeof(buffer), // size of buffer 
			&cbRead,  // number of bytes read 
			&ol);    

		if(!fSuccess) 
		{
			gle = GetLastError();
			if(ERROR_IO_PENDING != gle)
			{
				Log(StrFormat(L"Error reading response from %s.", remoteServer), gle);
				CloseHandle(hPipe);
				hPipe = INVALID_HANDLE_VALUE;
+				CloseHandle(hEvent);
				return false;
			}
		}

		while(true)
		{
			if(WAIT_OBJECT_0 == WaitForSingleObject(ol.hEvent, 0))
			{
				GetOverlappedResult(hPipe, &ol, &cbRead, FALSE);
				break;
			}
			if(gbStop)
+			{
				return false;
+				CloseHandle(hEvent);
+			}
			Sleep(100);
		}

		if(bFirstRead)
		{
			if(cbRead < sizeof(WORD))
			{
				gle = GetLastError();
				Log(StrFormat(L"Received too little data from %s.", remoteServer), gle);
				CloseHandle(hPipe);
				hPipe = INVALID_HANDLE_VALUE;
+				CloseHandle(hEvent);
				return false;
			}
			msgReturned.SetFromReceivedData(buffer, cbRead);
			bFirstRead = false;
		}
		else
			msgReturned.m_payload.insert(msgReturned.m_payload.end(), buffer, buffer + cbRead);
	} while( msgReturned.m_expectedLen != msgReturned.m_payload.size());

	CloseHandle(hEvent);
	return true; 
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions