diff options
author | Julien Chaffraix <julien.chaffraix@gmail.com> | 2010-10-02 00:54:34 -0700 |
---|---|---|
committer | Julien Chaffraix <julien.chaffraix@gmail.com> | 2010-10-02 10:00:42 -0700 |
commit | fc137ee27221f151f44a2ec2022065e06d6c62a9 (patch) | |
tree | 6e29dc0da486fe7cf1dd08708cfadf762c9043b0 /lib | |
parent | 79cd7ef9ab52de98bffcbd1c8db6103ff985a263 (diff) |
krb5-gssapi: Removed a memory leak in krb5_auth.
We forgot to release the buffer passed to gss_init_sec_context.
The previous logic was difficult to read as we were reusing the same
variable (gssbuf) for both input buffer and output buffer. Splitted the
logic in 2 variables to better underline who needs to be released.
Also made the code break at 80 lines.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/krb5.c | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/lib/krb5.c b/lib/krb5.c index 842bda17b..2530395d1 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -178,7 +178,7 @@ krb5_auth(void *app_data, struct connectdata *conn) struct SessionHandle *data = conn->data; CURLcode result; const char *service = "ftp", *srv_host = "host"; - gss_buffer_desc gssbuf, _gssresp, *gssresp; + gss_buffer_desc input_buffer, output_buffer, _gssresp, *gssresp; OM_uint32 maj, min; gss_name_t gssname; gss_ctx_id_t *context = app_data; @@ -214,28 +214,31 @@ krb5_auth(void *app_data, struct connectdata *conn) return -1; } - gssbuf.value = data->state.buffer; - gssbuf.length = snprintf(gssbuf.value, BUFSIZE, "%s@%s", service, host); - maj = gss_import_name(&min, &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &gssname); + input_buffer.value = data->state.buffer; + input_buffer.length = snprintf(input_buffer.value, BUFSIZE, "%s@%s", + service, host); + maj = gss_import_name(&min, &input_buffer, GSS_C_NT_HOSTBASED_SERVICE, + &gssname); if(maj != GSS_S_COMPLETE) { gss_release_name(&min, &gssname); if(service == srv_host) { - Curl_failf(data, "Error importing service name %s", gssbuf.value); + Curl_failf(data, "Error importing service name %s", input_buffer.value); return AUTH_ERROR; } service = srv_host; continue; } - { - /* We pass NULL as |output_name_type| to avoid a leak. */ - gss_display_name(&min, gssname, &gssbuf, NULL); - Curl_infof(data, "Trying against %s\n", gssbuf.value); - gss_release_buffer(&min, &gssbuf); - } + /* We pass NULL as |output_name_type| to avoid a leak. */ + gss_display_name(&min, gssname, &output_buffer, NULL); + Curl_infof(data, "Trying against %s\n", output_buffer.value); gssresp = GSS_C_NO_BUFFER; *context = GSS_C_NO_CONTEXT; do { + /* Release the buffer at each iteration to avoid leaking: the first time + we are releasing the memory from gss_display_name. The last item is + taken care by a final gss_release_buffer. */ + gss_release_buffer(&min, &output_buffer); ret = AUTH_OK; maj = gss_init_sec_context(&min, GSS_C_NO_CREDENTIAL, @@ -247,7 +250,7 @@ krb5_auth(void *app_data, struct connectdata *conn) &chan, gssresp, NULL, - &gssbuf, + &output_buffer, NULL, NULL); @@ -262,9 +265,9 @@ krb5_auth(void *app_data, struct connectdata *conn) break; } - if(gssbuf.length != 0) { - if(Curl_base64_encode(data, (char *)gssbuf.value, gssbuf.length, &p) - < 1) { + if(output_buffer.length != 0) { + if(Curl_base64_encode(data, (char *)output_buffer.value, + output_buffer.length, &p) < 1) { Curl_infof(data, "Out of memory base64-encoding"); ret = AUTH_CONTINUE; break; @@ -307,6 +310,7 @@ krb5_auth(void *app_data, struct connectdata *conn) } while(maj == GSS_S_CONTINUE_NEEDED); gss_release_name(&min, &gssname); + gss_release_buffer(&min, &output_buffer); if(gssresp) free(_gssresp.value); |