From bfb569d8ece264332f1f38954587692a78e79bd5 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 2 Apr 2026 19:14:13 +0000
Subject: [PATCH] Fix memory leaks in Ncat test programs

---
 ncat/test/addrset.c            |  6 +++++-
 ncat/test/test-cmdline-split.c | 22 +++++++++++++++-------
 ncat/test/test-wildcard.c      | 30 +++++++++++++++++++++++++-----
 3 files changed, 45 insertions(+), 13 deletions(-)

diff --git a/ncat/test/addrset.c b/ncat/test/addrset.c
index 61a0f0d2d..0e7e2210e 100644
--- a/ncat/test/addrset.c
+++ b/ncat/test/addrset.c
@@ -66,13 +66,14 @@ int main(int argc, char *argv[])
     for (i = 1; i < argc; i++) {
         if (!addrset_add_spec(set, argv[i], o.af, !o.nodns)) {
             fprintf(stderr, "Error adding spec \"%s\".\n", argv[i]);
+            addrset_free(set);
             exit(1);
         }
     }
 
     while (fgets(line, sizeof(line), stdin) != NULL) {
         char *s, *hostname;
-        struct addrinfo *addrs;
+        struct addrinfo *addrs = NULL;
 
         s = line;
         while ((hostname = strtok(s, " \t\n")) != NULL) {
@@ -80,9 +81,12 @@ int main(int argc, char *argv[])
 
             s = NULL;
 
+            addrs = NULL;
             rc = resolve_name(hostname, &addrs);
             if (rc != 0) {
                 fprintf(stderr, "Error resolving \"%s\": %s.\n", hostname, gai_strerror(rc));
+                if (addrs)
+                  freeaddrinfo(addrs);
                 continue;
             }
             if (addrs == NULL) {
diff --git a/ncat/test/test-cmdline-split.c b/ncat/test/test-cmdline-split.c
index faaa55559..8c05e790e 100644
--- a/ncat/test/test-cmdline-split.c
+++ b/ncat/test/test-cmdline-split.c
@@ -9,32 +9,38 @@ char **cmdline_split(const char *cmdexec);
 
 int test_cmdline(const char *line, const char **target_args)
 {
-    char **cmd_args;
+    char **cmd_args, **cur_arg;
     int args_match = 1;
 
     test_count++;
 
     cmd_args = cmdline_split(line);
+    cur_arg = cmd_args;
 
     /*
      * Make sure that all of the target arguments are have been extracted
      * by cmdline_split.
      */
-    while (*cmd_args && *target_args) {
-        if (strcmp(*cmd_args, *target_args)) {
+    while (*cur_arg && *target_args) {
+        if (args_match && strcmp(*cur_arg, *target_args)) {
             args_match = 0;
-            break;
         }
-        cmd_args++;
+        free(*cur_arg);
+        cur_arg++;
         target_args++;
     }
-    if ((*cmd_args != NULL) || (*target_args != NULL)) {
+    if ((*cur_arg != NULL) || (*target_args != NULL)) {
         /*
          * One of the argument list had more arguments than the other.
          * Therefore, they do not match
          */
         args_match = 0;
+        while (*cur_arg != NULL) {
+          free(*cur_arg);
+          cur_arg++;
+        }
     }
+    free(cmd_args);
 
     if (args_match) {
         success_count++;
@@ -55,11 +61,13 @@ int test_cmdline_fail(const char *line)
     cmd_args = cmdline_split(line);
 
     if (*cmd_args == NULL) {
+        free(cmd_args);
         success_count++;
         printf("PASS '%s'\n", line);
         return 1;
     } else {
-        printf("PASS '%s'\n", line);
+        free(cmd_args);
+        printf("FAIL '%s'\n", line);
         return 0;
     }
 }
diff --git a/ncat/test/test-wildcard.c b/ncat/test/test-wildcard.c
index fe55e1997..9740d9870 100644
--- a/ncat/test/test-wildcard.c
+++ b/ncat/test/test-wildcard.c
@@ -160,14 +160,13 @@ end:
     X509_free(cert);
     EVP_PKEY_free(key);
 
-    (void) BIO_destroy_bio_pair(server_bio);
 
-    SSL_CTX_free(server_ctx);
-    SSL_CTX_free(client_ctx);
-
-    SSL_free(server_ssl);
     SSL_free(client_ssl);
+    SSL_free(server_ssl);
+    SSL_CTX_free(client_ctx);
+    SSL_CTX_free(server_ctx);
 
+    ERR_clear_error();
     return passed;
 }
 
@@ -307,6 +306,14 @@ static int gen_cert(X509 **cert, EVP_PKEY **key,
     if (*key == NULL)
         goto err;
     do {
+        if (bne != NULL) {
+          BN_free(bne);
+          bne = NULL;
+        }
+        if (rsa != NULL) {
+          RSA_free(rsa);
+          rsa = NULL;
+        }
         /* Generate RSA key. */
         bne = BN_new();
         ret = BN_set_word(bne, RSA_F4);
@@ -324,6 +331,7 @@ static int gen_cert(X509 **cert, EVP_PKEY **key,
         goto err;
     if (EVP_PKEY_assign_RSA(*key, rsa) == 0) {
         RSA_free(rsa);
+        rsa = NULL;
         goto err;
     }
 #else
@@ -396,6 +404,12 @@ static int gen_cert(X509 **cert, EVP_PKEY **key,
     return 1;
 
 err:
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    if (bne != NULL)
+      BN_free(bne);
+    if (rsa != NULL)
+      RSA_free(rsa);
+#endif
     if (*cert != NULL)
         X509_free(*cert);
     if (*key != NULL)
@@ -622,5 +636,11 @@ int main(void)
 
     printf("%d / %d tests passed.\n", tests_passed, tests_run);
 
+    EVP_cleanup();
+    CRYPTO_cleanup_all_ex_data();
+    ERR_free_strings();
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    OPENSSL_cleanup();
+#endif
     return tests_passed == tests_run ? 0 : 1;
 }