fix: memory leak (#414)

ssl/wintls.c

@@ -39,15 +39,14 @@ hssl_ctx_t hssl_ctx_new(hssl_ctx_opt_t* opt)
 {
     SECURITY_STATUS SecStatus;
     TimeStamp Lifetime;
-    CredHandle* hCred = malloc(sizeof(CredHandle));
+    CredHandle* hCred = NULL;
     SCHANNEL_CRED credData = { 0 };
     TCHAR unisp_name[] = UNISP_NAME;
     unsigned long credflag;
-    SecPkgCred_SupportedAlgs algs;
 
     if (opt && opt->endpoint == HSSL_SERVER) {
         PCCERT_CONTEXT serverCert = NULL; // server-side certificate
-#if 1 // create ceart from store
+#if 1 // create cert from store
 
         //-------------------------------------------------------
         // Get the server certificate.
@@ -88,25 +87,32 @@ hssl_ctx_t hssl_ctx_new(hssl_ctx_opt_t* opt)
         credData.palgSupportedAlgs = rgbSupportedAlgs;
 #endif
     credData.dwVersion = SCHANNEL_CRED_VERSION;
-    credData.dwFlags = SCH_CRED_NO_DEFAULT_CREDS | SCH_CRED_NO_SERVERNAME_CHECK | SCH_USE_STRONG_CRYPTO | SCH_CRED_MANUAL_CRED_VALIDATION | SCH_CRED_IGNORE_NO_REVOCATION_CHECK | SCH_CRED_IGNORE_REVOCATION_OFFLINE;
-
+    // credData.dwFlags = SCH_CRED_NO_DEFAULT_CREDS | SCH_CRED_NO_SERVERNAME_CHECK | SCH_USE_STRONG_CRYPTO | SCH_CRED_MANUAL_CRED_VALIDATION | SCH_CRED_IGNORE_NO_REVOCATION_CHECK | SCH_CRED_IGNORE_REVOCATION_OFFLINE;
+    // credData.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION | SCH_CRED_REVOCATION_CHECK_CHAIN | SCH_CRED_IGNORE_REVOCATION_OFFLINE;
     // credData.dwMinimumCipherStrength = -1;
     // credData.dwMaximumCipherStrength = -1;
 
     //-------------------------------------------------------
-    SecStatus = AcquireCredentialsHandle(NULL, unisp_name, credflag, NULL, &credData, NULL, NULL, hCred, &Lifetime);
-    if (SecStatus != SEC_E_OK) {
-        printe("ERROR: AcquireCredentialsHandle: 0x%x\n", SecStatus);
-        abort();
+    hCred = (CredHandle*)malloc(sizeof(CredHandle));
+    if (hCred == NULL) {
+        return NULL;
     }
-    // Return the handle to the caller.
-    SecStatus = QueryCredentialsAttributesA(hCred, SECPKG_ATTR_SUPPORTED_ALGS, &algs);
+
+    SecStatus = AcquireCredentialsHandle(NULL, unisp_name, credflag, NULL, &credData, NULL, NULL, hCred, &Lifetime);
     if (SecStatus == SEC_E_OK) {
-        for (int i = 0; i < algs.cSupportedAlgs; i++) {
-            printd("alg: 0x%08x\n", algs.palgSupportedAlgs[i]);
+#ifndef NDEBUG
+        SecPkgCred_SupportedAlgs algs;
+        if (QueryCredentialsAttributesA(hCred, SECPKG_ATTR_SUPPORTED_ALGS, &algs) == SEC_E_OK) {
+            for (int i = 0; i < algs.cSupportedAlgs; i++) {
+                printd("alg: 0x%08x\n", algs.palgSupportedAlgs[i]);
+            }
         }
+#endif
+    } else {
+        printe("ERROR: AcquireCredentialsHandle: 0x%x\n", SecStatus);
+        free(hCred);
+        hCred = NULL;
     }
-
     return hCred;
 }
 
@@ -162,11 +168,13 @@ struct wintls_s {
 hssl_t hssl_new(hssl_ctx_t ssl_ctx, int fd)
 {
     struct wintls_s* ret = malloc(sizeof(*ret));
-    memset(ret, 0, sizeof(*ret));
-    ret->ssl_ctx = ssl_ctx;
-    ret->fd = fd;
-    ret->sechandle.dwLower = 0;
-    ret->sechandle.dwUpper = 0;
+    if (ret) {
+        memset(ret, 0, sizeof(*ret));
+        ret->ssl_ctx = ssl_ctx;
+        ret->fd = fd;
+        ret->sechandle.dwLower = 0;
+        ret->sechandle.dwUpper = 0;
+    }
     return ret;
 }