Add API for freeing pushover messages

To prevent UAF bugs, use double indirection to set the pointer to NULL if the message was dynamically allocated. In order to know whether to free the pushover_message_t object itself, add a 64-bit wide flags member to the object. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Add API for freeing pushover messages
To prevent UAF bugs, use double indirection to set the pointer to NULL if the message was dynamically allocated. In order to know whether to free the pushover_message_t object itself, add a 64-bit wide flags member to the object. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
d9b83dae · Shawn Webb · 6887249b · d9b83dae · d9b83dae
Unverified Commit d9b83dae authored Mar 29, 2020 by Shawn Webb
--- a/libpushover/libpushover.c
+++ b/libpushover/libpushover.c
@@ -85,12 +85,16 @@ EXPORTED_SYM
 pushover_message_t *
 pushover_init_message(pushover_message_t *msg)
 {
-	/* XXX determine free-ability */
+	uint64_t flags;

-	if (msg == NULL)
+	flags = 0;
+
+	if (msg == NULL) {
 		msg = calloc(1, sizeof(*msg));
-	else
+		flags |= PUSHOVER_FLAGS_ALLOC;
+	} else {
 		memset(msg, 0, sizeof(*msg));
+	}

 	if (msg == NULL)
 		return (NULL);
@@ -98,6 +102,28 @@ pushover_init_message(pushover_message_t *msg)
 	return (msg);
 }

+EXPORTED_SYM
+void
+pushover_free_message(pushover_message_t **msg)
+{
+	pushover_message_t *msgp;
+
+	if (msg == NULL || *msg == NULL)
+		return;
+
+	msgp = *msg;
+
+	free(msgp->psh_user);
+	free(msgp->psh_msg);
+	free(msgp->psh_title);
+	free(msgp->psh_device);
+
+	if (msgp->psh_flags & PUSHOVER_FLAGS_ALLOC) {
+		free(msgp);
+		*msg = NULL;
+	}
+}
+
 EXPORTED_SYM
 bool
 pushover_message_set_msg(pushover_message_t *msg, char *data)

--- a/libpushover/libpushover.h
+++ b/libpushover/libpushover.h
@@ -8,6 +8,9 @@
 #define EXPORTED_SYM	 __attribute__((visibility("default")))
 #define PUSHOVER_URI	 "https://api.pushover.net/1/messages.json"

+#define	PUSHOVER_FLAGS_NONE	0
+#define	PUSHOVER_FLAGS_ALLOC	1
+
 typedef enum _pushover_priority {
 	PSH_PRIO_NONE = -2,
 	PSH_PRIO_QUIET = -1,
@@ -27,12 +30,14 @@ typedef struct _pushover_message {
 	char			*psh_title;
 	char			*psh_device;
 	pushover_priority_t	 psh_priority;
+	uint64_t		 psh_flags;
 } pushover_message_t;

 pushover_ctx_t *pushover_init_ctx(const char *);
 bool pushover_set_uri(pushover_ctx_t *, const char *);
 bool pushover_set_token(pushover_ctx_t *, const char *);
 pushover_message_t *pushover_init_message(pushover_message_t *);
+void pushover_free_message(pushover_message_t **);
 bool pushover_message_set_msg(pushover_message_t *, char *);
 bool pushover_message_set_user(pushover_message_t *, char *);
 bool pushover_message_set_title(pushover_message_t *, char *);