Use thread save settings alloc_str function where appropriate

10 files changed, 59 insertions, 29 deletions

diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c
index c3ab07de0..8c5e88c19 100644
--- a/src/libcharon/plugins/eap_gtc/eap_gtc.c
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c
@@ -217,13 +217,15 @@ METHOD(eap_method_t, process_server, status_t,
 	memcpy(password, data.ptr, data.len);
 	password[data.len] = '\0';
 
-	service = lib->settings->get_str(lib->settings,
+	service = lib->settings->alloc_str(lib->settings,
 						"charon.plugins.eap-gtc.pam_service", GTC_PAM_SERVICE);
 
 	if (!authenticate(service, user, password))
 	{
+		free(service);
 		return FAILED;
 	}
+	free(service);
 	return SUCCESS;
 }
 
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c
index 3fabc3575..e13a6a36c 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_server.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c
@@ -62,17 +62,17 @@ struct private_eap_peap_server_t {
 	eap_code_t phase2_result;
 
 	/**
-     * Outer phase 1 EAP method
+	 * Outer phase 1 EAP method
 	 */
 	eap_method_t *ph1_method;
 
 	/**
-     * Current phase 2 EAP method
+	 * Current phase 2 EAP method
 	 */
 	eap_method_t *ph2_method;
 
 	/**
-     * Pending outbound EAP message
+	 * Pending outbound EAP message
 	 */
 	eap_payload_t *out;
 
@@ -90,9 +90,10 @@ static status_t start_phase2_auth(private_eap_peap_server_t *this)
 	char *eap_type_str;
 	eap_type_t type;
 
-	eap_type_str = lib->settings->get_str(lib->settings,
+	eap_type_str = lib->settings->alloc_str(lib->settings,
 					 	"charon.plugins.eap-peap.phase2_method", "mschapv2");
 	type = eap_type_from_string(eap_type_str);
+	free(eap_type_str);
 	if (type == 0)
 	{
 		DBG1(DBG_IKE, "unrecognized phase2 method \"%s\"", eap_type_str);
@@ -302,8 +303,8 @@ METHOD(tls_application_t, process, status_t,
 			this->ph2_method->destroy(this->ph2_method);
 			this->ph2_method = NULL;
 
-			/* EAP-PEAP requires the sending of an inner EAP_SUCCESS message */	
-			this->phase2_result = EAP_SUCCESS;		
+			/* EAP-PEAP requires the sending of an inner EAP_SUCCESS message */
+			this->phase2_result = EAP_SUCCESS;
 			this->out = eap_payload_create_code(this->phase2_result, 1 +
 				 			this->ph1_method->get_identifier(this->ph1_method));
 			return NEED_MORE;
@@ -321,7 +322,7 @@ METHOD(tls_application_t, process, status_t,
 				DBG1(DBG_IKE, "%N method failed", eap_type_names, type);
 			}
 			/* EAP-PEAP requires the sending of an inner EAP_FAILURE message */
-			this->phase2_result = EAP_FAILURE;			
+			this->phase2_result = EAP_FAILURE;
 			this->out = eap_payload_create_code(this->phase2_result, 1 +
 				 			this->ph1_method->get_identifier(this->ph1_method));
 			return NEED_MORE;
@@ -360,7 +361,7 @@ METHOD(tls_application_t, build, status_t,
 		this->ph2_method->initiate(this->ph2_method, &this->out);
 		this->start_phase2 = FALSE;
 	}
-	
+
 	this->start_phase2_id = TRUE;
 
 	if (this->out)
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index b93a1f5f6..08b46c68c 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -387,6 +387,7 @@ METHOD(eap_method_t, destroy, void,
 	this->peer->destroy(this->peer);
 	this->server->destroy(this->server);
 	this->client->destroy(this->client);
+	free(this->id_prefix);
 	free(this);
 }
 
@@ -414,7 +415,7 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer
 		.type = EAP_RADIUS,
 		.eap_start = lib->settings->get_bool(lib->settings,
 								"charon.plugins.eap-radius.eap_start", FALSE),
-		.id_prefix = lib->settings->get_str(lib->settings,
+		.id_prefix = lib->settings->alloc_str(lib->settings,
 								"charon.plugins.eap-radius.id_prefix", ""),
 		.class_group = lib->settings->get_bool(lib->settings,
 								"charon.plugins.eap-radius.class_group", FALSE),
@@ -425,6 +426,7 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer
 	this->client = radius_client_create();
 	if (!this->client)
 	{
+		free(this->id_prefix);
 		free(this);
 		return NULL;
 	}
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
index 9b1525662..8ca5f3956 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
@@ -65,18 +65,19 @@ static void load_servers(private_eap_radius_plugin_t *this)
 	char *nas_identifier, *secret, *address, *section;
 	int port, sockets, preference;
 
-	address = lib->settings->get_str(lib->settings,
+	address = lib->settings->alloc_str(lib->settings,
 					"charon.plugins.eap-radius.server", NULL);
 	if (address)
 	{	/* legacy configuration */
-		secret = lib->settings->get_str(lib->settings,
+		secret = lib->settings->alloc_str(lib->settings,
 					"charon.plugins.eap-radius.secret", NULL);
 		if (!secret)
 		{
 			DBG1(DBG_CFG, "no RADUIS secret defined");
+			free(address);
 			return;
 		}
-		nas_identifier = lib->settings->get_str(lib->settings,
+		nas_identifier = lib->settings->alloc_str(lib->settings,
 					"charon.plugins.eap-radius.nas_identifier", "strongSwan");
 		port = lib->settings->get_int(lib->settings,
 					"charon.plugins.eap-radius.port", RADIUS_PORT);
@@ -84,6 +85,9 @@ static void load_servers(private_eap_radius_plugin_t *this)
 					"charon.plugins.eap-radius.sockets", 1);
 		server = radius_server_create(address, port, nas_identifier,
 									  secret, sockets, 0);
+		free(address);
+		free(nas_identifier);
+		free(secret);
 		if (!server)
 		{
 			DBG1(DBG_CFG, "no RADUIS server defined");
@@ -97,21 +101,22 @@ static void load_servers(private_eap_radius_plugin_t *this)
 										"charon.plugins.eap-radius.servers");
 	while (enumerator->enumerate(enumerator, &section))
 	{
-		address = lib->settings->get_str(lib->settings,
+		address = lib->settings->alloc_str(lib->settings,
 			"charon.plugins.eap-radius.servers.%s.address", NULL, section);
 		if (!address)
 		{
 			DBG1(DBG_CFG, "RADIUS server '%s' misses address, skipped", section);
 			continue;
 		}
-		secret = lib->settings->get_str(lib->settings,
+		secret = lib->settings->alloc_str(lib->settings,
 			"charon.plugins.eap-radius.servers.%s.secret", NULL, section);
 		if (!secret)
 		{
 			DBG1(DBG_CFG, "RADIUS server '%s' misses secret, skipped", section);
+			free(address);
 			continue;
 		}
-		nas_identifier = lib->settings->get_str(lib->settings,
+		nas_identifier = lib->settings->alloc_str(lib->settings,
 			"charon.plugins.eap-radius.servers.%s.nas_identifier",
 			"strongSwan", section);
 		port = lib->settings->get_int(lib->settings,
@@ -122,6 +127,9 @@ static void load_servers(private_eap_radius_plugin_t *this)
 			"charon.plugins.eap-radius.servers.%s.preference", 0, section);
 		server = radius_server_create(address, port, nas_identifier,
 									  secret, sockets, preference);
+		free(address);
+		free(nas_identifier);
+		free(secret);
 		if (!server)
 		{
 			DBG1(DBG_CFG, "loading RADIUS server '%s' failed, skipped", section);
diff --git a/src/libcharon/plugins/eap_radius/radius_server.c b/src/libcharon/plugins/eap_radius/radius_server.c
index d16628091..7cd1477c3 100644
--- a/src/libcharon/plugins/eap_radius/radius_server.c
+++ b/src/libcharon/plugins/eap_radius/radius_server.c
@@ -176,6 +176,7 @@ METHOD(radius_server_t, destroy, void,
 		this->condvar->destroy(this->condvar);
 		this->sockets->destroy_offset(this->sockets,
 									  offsetof(radius_socket_t, destroy));
+		free(this->nas_identifier.ptr);
 		free(this);
 	}
 }
@@ -200,7 +201,8 @@ radius_server_t *radius_server_create(char *server, u_int16_t port,
 			.destroy = _destroy,
 		},
 		.reachable = TRUE,
-		.nas_identifier = chunk_create(nas_identifier, strlen(nas_identifier)),
+		.nas_identifier = chunk_clone(chunk_create(nas_identifier,
+												   strlen(nas_identifier))),
 		.socket_count = sockets,
 		.sockets = linked_list_create(),
 		.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
diff --git a/src/libcharon/plugins/eap_radius/radius_socket.c b/src/libcharon/plugins/eap_radius/radius_socket.c
index f46c27ede..df5f5b089 100644
--- a/src/libcharon/plugins/eap_radius/radius_socket.c
+++ b/src/libcharon/plugins/eap_radius/radius_socket.c
@@ -257,6 +257,7 @@ METHOD(radius_socket_t, destroy, void,
 	DESTROY_IF(this->hasher);
 	DESTROY_IF(this->signer);
 	DESTROY_IF(this->rng);
+	chunk_clear(&this->secret);
 	close(this->fd);
 	free(this);
 }
@@ -300,7 +301,7 @@ radius_socket_t *radius_socket_create(host_t *host, chunk_t secret)
 		destroy(this);
 		return NULL;
 	}
-	this->secret = secret;
+	this->secret = chunk_clone(secret);
 	this->signer->set_key(this->signer, secret);
 	/* we use a random identifier, helps if we restart often */
 	this->identifier = random();
diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c
index d47fd379e..85628340d 100644
--- a/src/libcharon/plugins/eap_tnc/eap_tnc.c
+++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c
@@ -40,7 +40,7 @@ struct private_eap_tnc_t {
 
 
 /** Maximum number of EAP-TNC messages/fragments allowed */
-#define MAX_MESSAGE_COUNT 10 
+#define MAX_MESSAGE_COUNT 10
 /** Default size of a EAP-TNC fragment */
 #define MAX_FRAGMENT_LEN 50000
 
@@ -149,7 +149,7 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
 					"charon.plugins.eap-tnc.fragment_size", MAX_FRAGMENT_LEN);
 	max_msg_count = lib->settings->get_int(lib->settings,
 					"charon.plugins.eap-tnc.max_message_count", MAX_MESSAGE_COUNT);
-	protocol = lib->settings->get_str(lib->settings,
+	protocol = lib->settings->alloc_str(lib->settings,
 					"charon.plugins.eap-tnc.protocol", "tnccs-1.1");
 	if (strcaseeq(protocol, "tnccs-2.0"))
 	{
@@ -166,9 +166,11 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
 	else
 	{
 		DBG1(DBG_TNC, "TNCCS protocol '%s' not supported", protocol);
+		free(protocol);
 		free(this);
 		return NULL;
 	}
+	free(protocol);
 	tnccs = charon->tnccs->create_instance(charon->tnccs, type, is_server);
 	this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs, frag_size, max_msg_count);
 	if (!this->tls_eap)
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
index 835cd7306..816710459 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
@@ -54,12 +54,12 @@ struct private_eap_ttls_server_t {
 	bool start_phase2_tnc;
 
 	/**
-     * Current phase 2 EAP method
+	 * Current phase 2 EAP method
 	 */
 	eap_method_t *method;
 
 	/**
-     * Pending outbound EAP message
+	 * Pending outbound EAP message
 	 */
 	eap_payload_t *out;
 
@@ -77,9 +77,10 @@ static status_t start_phase2_auth(private_eap_ttls_server_t *this)
 	char *eap_type_str;
 	eap_type_t type;
 
-	eap_type_str = lib->settings->get_str(lib->settings,
+	eap_type_str = lib->settings->alloc_str(lib->settings,
 					 	"charon.plugins.eap-ttls.phase2_method", "md5");
 	type = eap_type_from_string(eap_type_str);
+	free(eap_type_str);
 	if (type == 0)
 	{
 		DBG1(DBG_IKE, "unrecognized phase2 method \"%s\"", eap_type_str);
diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c
index 71391d593..b522aa7f2 100644
--- a/src/libcharon/plugins/load_tester/load_tester_config.c
+++ b/src/libcharon/plugins/load_tester/load_tester_config.c
@@ -279,6 +279,10 @@ static void destroy(private_load_tester_config_t *this)
 	this->peer_cfg->destroy(this->peer_cfg);
 	DESTROY_IF(this->proposal);
 	DESTROY_IF(this->vip);
+	free(this->pool);
+	free(this->remote);
+	free(this->initiator_auth);
+	free(this->responder_auth);
 	free(this);
 }
 
@@ -300,9 +304,9 @@ load_tester_config_t *load_tester_config_create()
 	{
 		this->vip = host_create_from_string("0.0.0.0", 0);
 	}
-	this->pool = lib->settings->get_str(lib->settings,
+	this->pool = lib->settings->alloc_str(lib->settings,
 				"charon.plugins.load-tester.pool", NULL);
-	this->remote = lib->settings->get_str(lib->settings,
+	this->remote = lib->settings->alloc_str(lib->settings,
 				"charon.plugins.load-tester.remote", "127.0.0.1");
 
 	this->proposal = proposal_create_from_string(PROTO_IKE,
@@ -318,9 +322,9 @@ load_tester_config_t *load_tester_config_create()
 	this->child_rekey = lib->settings->get_int(lib->settings,
 				"charon.plugins.load-tester.child_rekey", 600);
 
-	this->initiator_auth = lib->settings->get_str(lib->settings,
+	this->initiator_auth = lib->settings->alloc_str(lib->settings,
 				"charon.plugins.load-tester.initiator_auth", "pubkey");
-	this->responder_auth = lib->settings->get_str(lib->settings,
+	this->responder_auth = lib->settings->alloc_str(lib->settings,
 				"charon.plugins.load-tester.responder_auth", "pubkey");
 
 	this->port = lib->settings->get_int(lib->settings,
diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_manager.c b/src/libcharon/plugins/tnc_imc/tnc_imc_manager.c
index aa20534f5..a04e49522 100644
--- a/src/libcharon/plugins/tnc_imc/tnc_imc_manager.c
+++ b/src/libcharon/plugins/tnc_imc/tnc_imc_manager.c
@@ -43,6 +43,11 @@ struct private_tnc_imc_manager_t {
 	 * Next IMC ID to be assigned
 	 */
 	TNC_IMCID next_imc_id;
+
+	/**
+	 * Preferred language
+	 */
+	char *preferred_language;
 };
 
 METHOD(imc_manager_t, add, bool,
@@ -95,8 +100,7 @@ METHOD(imc_manager_t, remove_, imc_t*,
 METHOD(imc_manager_t, get_preferred_language, char*,
 	private_tnc_imc_manager_t *this)
 {
-	return lib->settings->get_str(lib->settings,
-					"charon.plugins.tnc-imc.preferred_language", "en");
+	return this->preferred_language;
 }
 
 METHOD(imc_manager_t, notify_connection_change, void,
@@ -208,6 +212,7 @@ METHOD(imc_manager_t, destroy, void,
 		imc->destroy(imc);
 	}
 	this->imcs->destroy(this->imcs);
+	free(this->preferred_language);
 	free(this);
 }
 
@@ -232,6 +237,8 @@ imc_manager_t* tnc_imc_manager_create(void)
 		},
 		.imcs = linked_list_create(),
 		.next_imc_id = 1,
+		.preferred_language = lib->settings->alloc_str(lib->settings,
+					"charon.plugins.tnc-imc.preferred_language", "en");
 	);
 
 	return &this->public;