diff options
author | Julien Chaffraix <julien.chaffraix@gmail.com> | 2010-09-26 22:44:42 -0700 |
---|---|---|
committer | Julien Chaffraix <julien.chaffraix@gmail.com> | 2010-09-28 22:05:24 -0700 |
commit | 87badbef846c29359f2981076d53acd108b57254 (patch) | |
tree | adc5bf60fa2fb04cd08eab05a887286276536122 | |
parent | e3811ed7c34ed1818dc246af54460fea0fc52c02 (diff) |
krb5-gssapi: Remove several memory leaks.
Remove a leak seen on Kerberos/MIT (gss_OID is copied internally and
we were leaking it). Now we just pass NULL as advised in RFC2744.
|tmp| was never set back to buf->data.
Cleaned up Curl_sec_end to take into account failure in Curl_sec_login
(where conn->mech would be NULL but not conn->app_data or
conn->in_buffer->data).
-rw-r--r-- | lib/krb5.c | 4 | ||||
-rw-r--r-- | lib/security.c | 15 |
2 files changed, 14 insertions, 5 deletions
diff --git a/lib/krb5.c b/lib/krb5.c index 9fb44f2d7..28c6a2528 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -218,8 +218,8 @@ krb5_auth(void *app_data, struct connectdata *conn) continue; } { - gss_OID t; - gss_display_name(&min, gssname, &gssbuf, &t); + /* We pass NULL as |output_name_type| to avoid a leak. */ + gss_display_name(&min, gssname, &gssbuf, NULL); Curl_infof(data, "Trying against %s\n", gssbuf.value); gss_release_buffer(&min, &gssbuf); } diff --git a/lib/security.c b/lib/security.c index 303a1bec6..73a554016 100644 --- a/lib/security.c +++ b/lib/security.c @@ -216,6 +216,7 @@ static CURLcode read_data(struct connectdata *conn, if (tmp == NULL) return CURLE_OUT_OF_MEMORY; + buf->data = tmp; ret = socket_read(fd, buf->data, len); if (ret != CURLE_OK) return ret; @@ -567,12 +568,20 @@ Curl_sec_login(struct connectdata *conn) void Curl_sec_end(struct connectdata *conn) { - if(conn->mech != NULL) { - if(conn->mech->end) - conn->mech->end(conn->app_data); + if(conn->mech != NULL && conn->mech->end) + conn->mech->end(conn->app_data); + if(conn->app_data) { free(conn->app_data); conn->app_data = NULL; } + if(conn->in_buffer.data) { + free(conn->in_buffer.data); + conn->in_buffer.data = NULL; + conn->in_buffer.size = 0; + conn->in_buffer.index = 0; + /* FIXME: Is this really needed? */ + conn->in_buffer.eof_flag = 0; + } conn->sec_complete = 0; conn->data_prot = (enum protection_level)0; conn->mech = NULL; |