From 338c81e8774117bca61aa0dfe3880f23c3b8ebe3 Mon Sep 17 00:00:00 2001
From: Paolo Stivanin <info@paolostivanin.com>
Date: Fri, 1 Mar 2024 15:29:49 +0100
Subject: [PATCH] Small fixes after Coverity scan

---
 src/app.c           | 2 ++
 src/common/common.c | 1 +
 src/common/twofas.c | 6 ++++--
 src/exports.c       | 3 +++
 src/new-db-cb.c     | 3 +++
 5 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/app.c b/src/app.c
index 475b003..33ec1ae 100644
--- a/src/app.c
+++ b/src/app.c
@@ -609,6 +609,8 @@ get_db_path (AppData *app_data)
             gchar *msg = g_strconcat ("Database file/location:\n<b>", db_path, "</b>\ndoes not exist. A new database will be created.", NULL);
             show_message_dialog (app_data->main_window, msg, GTK_MESSAGE_ERROR);
             g_free (msg);
+            g_free (db_path);
+            db_path = NULL;
             goto new_db;
         }
         goto end;
diff --git a/src/common/common.c b/src/common/common.c
index 3144b19..61d948a 100644
--- a/src/common/common.c
+++ b/src/common/common.c
@@ -424,6 +424,7 @@ get_authpro_derived_key (const gchar *password,
                        salt, AUTHPRO_SALT_TAG,
                        NULL, 0, NULL, 0) != GPG_ERR_NO_ERROR) {
         g_printerr ("Error while opening the KDF handler\n");
+        gcry_free (derived_key);
         return NULL;
     }
     if (gcry_kdf_compute (hd, NULL) != GPG_ERR_NO_ERROR) {
diff --git a/src/common/twofas.c b/src/common/twofas.c
index acea7d3..f65645d 100644
--- a/src/common/twofas.c
+++ b/src/common/twofas.c
@@ -340,13 +340,15 @@ decrypt_data (const gchar **b64_data,
     gpg_error_t gpg_err = gcry_cipher_decrypt (hd, twofas_data->json_data, enc_buf_size, enc_data, enc_buf_size);
     if (gpg_err) {
         g_printerr ("Failed to decrypt data: %s/%s\n", gcry_strsource (g_err), gcry_strerror (g_err));
+        gcry_free (derived_key);
+        g_free (enc_data);
+        gcry_cipher_close (hd);
+        return;
     }
 
     gpg_err = gcry_cipher_checktag (hd, tag, TWOFAS_TAG);
     if (gpg_err) {
         g_printerr ("Failed to verify the tag: %s/%s\n", gcry_strsource (g_err), gcry_strerror (g_err));
-        // TODO: cleanup
-        return;
     }
 
     gcry_cipher_close (hd);
diff --git a/src/exports.c b/src/exports.c
index 72c99fc..4fa68e5 100644
--- a/src/exports.c
+++ b/src/exports.c
@@ -78,6 +78,9 @@ export_data_cb (GSimpleAction *simple,
 
     if (export_file_abs_path == NULL) {
         show_message_dialog (app_data->main_window, "Invalid export file name/path.", GTK_MESSAGE_ERROR);
+        if (encrypted == TRUE) {
+            gcry_free (password);
+        }
         return;
     }
 
diff --git a/src/new-db-cb.c b/src/new-db-cb.c
index 945709a..8019828 100644
--- a/src/new-db-cb.c
+++ b/src/new-db-cb.c
@@ -43,6 +43,7 @@ new_db (AppData *app_data)
                 if (app_data->db_data->key == NULL) {
                     gtk_widget_hide (newdb_diag);
                     revert_db_path (app_data, old_db_path);
+                    g_string_free (new_db_path_with_suffix, TRUE);
                     return RETRY_CHANGE;
                 }
                 secret_password_store (OTPCLIENT_SCHEMA, SECRET_COLLECTION_DEFAULT, "main_pwd", app_data->db_data->key, NULL, on_password_stored, NULL, "string", "main_pwd", NULL);
@@ -53,6 +54,7 @@ new_db (AppData *app_data)
                     g_clear_error (&err);
                     gtk_widget_hide (newdb_diag);
                     revert_db_path (app_data, old_db_path);
+                    g_string_free (new_db_path_with_suffix, TRUE);
                     return RETRY_CHANGE;
                 }
                 load_new_db (app_data, &err);
@@ -61,6 +63,7 @@ new_db (AppData *app_data)
                     g_clear_error (&err);
                     gtk_widget_hide (newdb_diag);
                     revert_db_path (app_data, old_db_path);
+                    g_string_free (new_db_path_with_suffix, TRUE);
                     return RETRY_CHANGE;
                 }
                 g_free (old_db_path);