From ceb9422ae93b1072363f0b8c4dd90d1554af509d Mon Sep 17 00:00:00 2001
From: antma <code@vysheng.ru>
Date: Tue, 21 Jan 2014 18:24:40 +0400
Subject: [PATCH 1/3] add check that BN_is_prime return value is not negative
 fix memory leak (BN_clear doesn't release allocated memory)

---
 mtproto-client.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/mtproto-client.c b/mtproto-client.c
index e8e692c..5f1a997 100644
--- a/mtproto-client.c
+++ b/mtproto-client.c
@@ -428,6 +428,12 @@ int process_respq_answer (struct connection *c, char *packet, int len) {
   return rpc_send_packet (c);
 }
 
+int check_prime (BIGNUM *p) {
+  int r = BN_is_prime (p, BN_prime_checks, 0, BN_ctx, 0);
+  ensure (r >= 0);
+  return r;
+}
+
 int check_DH_params (BIGNUM *p, int g) {
   if (g < 2 || g > 7) { return -1; }
   BIGNUM t;
@@ -440,7 +446,7 @@ int check_DH_params (BIGNUM *p, int g) {
   int x = BN_get_word (&t);
   assert (x >= 0 && x < 4 * g);
 
-  BN_clear (&dh_g);
+  BN_free (&dh_g);
 
   switch (g) {
   case 2:
@@ -462,15 +468,15 @@ int check_DH_params (BIGNUM *p, int g) {
     break;
   }
 
-  if (!BN_is_prime (p, BN_prime_checks, 0, BN_ctx, 0)) { return -1; }
+  if (!check_prime (p)) { return -1; }
 
   BIGNUM b;
   BN_init (&b);
   ensure (BN_set_word (&b, 2));
   ensure (BN_div (&t, 0, p, &b, BN_ctx));
-  if (!BN_is_prime (&t, BN_prime_checks, 0, BN_ctx, 0)) { return -1; }
-  BN_clear (&b);
-  BN_clear (&t);
+  if (!check_prime (&t)) { return -1; }
+  BN_free (&b);
+  BN_free (&t);
   return 0;
 }
 

From 33dac4b4a35e0475996ec7d086cfabaf28db5126 Mon Sep 17 00:00:00 2001
From: antma <code@vysheng.ru>
Date: Tue, 21 Jan 2014 18:26:56 +0400
Subject: [PATCH 2/3] fix memory leak during replaying
 CODE_binlog_set_chat_title

---
 binlog.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/binlog.c b/binlog.c
index 36407f7..c3b2f37 100644
--- a/binlog.c
+++ b/binlog.c
@@ -628,6 +628,7 @@ void replay_log_event (void) {
       struct chat *C = &_C->chat;
       if (C->title) { tfree_str (C->title); }
       C->title = fetch_str_dup ();
+      if (C->print_title) { tfree_str (C->print_title); }
       C->print_title = create_print_name (C->id, C->title, 0, 0, 0);
       #ifdef USE_LUA
         lua_chat_update (C);

From 2a817354ffcff2d2285e5cf3413ee43b5e635b07 Mon Sep 17 00:00:00 2001
From: antma <code@vysheng.ru>
Date: Tue, 21 Jan 2014 18:36:46 +0400
Subject: [PATCH 3/3] fix free in the hypotetic case when binlog message
 contain NUL character in the middle

---
 structures.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/structures.c b/structures.c
index 057d90a..47eb941 100644
--- a/structures.c
+++ b/structures.c
@@ -1327,6 +1327,7 @@ void fetch_geo_message (struct message *M) {
     fetch_message_action (&M->action);
   } else {
     M->message = fetch_str_dup ();
+    M->message_len = strlen (M->message);
     fetch_message_media (&M->media);
   }
 }
@@ -1691,7 +1692,7 @@ void free_message_action (struct message_action *M) {
 
 void free_message (struct message *M) {
   if (!M->service) {
-    if (M->message) { tfree_str (M->message); }
+    if (M->message) { tfree (M->message, M->message_len + 1); }
     free_message_media (&M->media);
   } else {
     free_message_action (&M->action);