From 356ad9f927a16a85ec490c70112f8553f3811d36 Mon Sep 17 00:00:00 2001
From: Gabriele Gristina <matrix@users.noreply.github.com>
Date: Sun, 27 Oct 2024 00:45:44 +0200
Subject: [PATCH] Fixed memory leaks in tuning_db_init in tuningdb.c

---
 docs/changes.txt |  1 +
 src/tuningdb.c   | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/docs/changes.txt b/docs/changes.txt
index 283e3c0d4..727f93bf2 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -95,6 +95,7 @@
 - Fixed keys extraction in luks2hashcat - now extracts all active keys
 - Fixed maximum password length in module/test_module of hash-mode 2400
 - Fixed maximum password length in module/test_module of hash-mode 2410
+- Fixed memory leaks in tuning_db_init in tuningdb.c
 - Fixed minimum password length in module of hash-mode 28200
 - Fixed minimum password length in module of hash-mode 29800
 - Fixed out-of-boundary read when a fast hash defines a kernel_loops_min value higher than the amplifiers provided by the user
diff --git a/src/tuningdb.c b/src/tuningdb.c
index 2f983b31e..332ab51cb 100644
--- a/src/tuningdb.c
+++ b/src/tuningdb.c
@@ -72,6 +72,8 @@ int tuning_db_init (hashcat_ctx_t *hashcat_ctx)
 
   char **tuning_db_files = scan_directory (tuning_db_folder);
 
+  hcfree (tuning_db_folder);
+
   for (int i = 0; tuning_db_files[i] != NULL; i++)
   {
     char *tuning_db_file = tuning_db_files[i];
@@ -80,9 +82,19 @@ int tuning_db_init (hashcat_ctx_t *hashcat_ctx)
 
     const size_t dblen = strlen (tuning_db_file);
 
-    if (dblen < suflen) continue; // make sure to not do any out-of-boundary reads
+    if (dblen < suflen)
+    {
+      hcfree (tuning_db_file);
 
-    if (memcmp (tuning_db_file + dblen - suflen, TUNING_DB_SUFFIX, suflen) != 0) continue;
+      continue; // make sure to not do any out-of-boundary reads
+    }
+
+    if (memcmp (tuning_db_file + dblen - suflen, TUNING_DB_SUFFIX, suflen) != 0)
+    {
+      hcfree (tuning_db_file);
+
+      continue;
+    }
 
     HCFILE fp;
 
@@ -90,6 +102,8 @@ int tuning_db_init (hashcat_ctx_t *hashcat_ctx)
     {
       event_log_error (hashcat_ctx, "%s: %s", tuning_db_file, strerror (errno));
 
+      for (int j = 0; tuning_db_files[j] != NULL; j++) hcfree (tuning_db_files[j]);
+
       return -1;
     }