From e81bdab13eda838b864148f307acc549444fb57d Mon Sep 17 00:00:00 2001
From: Marc Hoersken <info@marc-hoersken.de>
Date: Fri, 18 Apr 2014 23:24:41 +0200
Subject: socks_sspi.c: added pointer guards to FreeContextBuffer calls

The FreeContextBuffer SAL declaration does not declare the pointer
as optional, therefore it must not be NULL.
---
 lib/socks_sspi.c | 53 ++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 36 insertions(+), 17 deletions(-)

(limited to 'lib/socks_sspi.c')

diff --git a/lib/socks_sspi.c b/lib/socks_sspi.c
index 0313de333..4cf618877 100644
--- a/lib/socks_sspi.c
+++ b/lib/socks_sspi.c
@@ -194,7 +194,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
       Curl_safefree(service_name);
       s_pSecFn->FreeCredentialsHandle(&cred_handle);
       s_pSecFn->DeleteSecurityContext(&sspi_context);
-      s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+      if(sspi_recv_token.pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
       failf(data, "Failed to initialise security context.");
       return CURLE_COULDNT_CONNECT;
     }
@@ -209,8 +210,10 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
       if((code != CURLE_OK) || (4 != written)) {
         failf(data, "Failed to send SSPI authentication request.");
         Curl_safefree(service_name);
-        s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
-        s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+        if(sspi_send_token.pvBuffer)
+          s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+        if(sspi_recv_token.pvBuffer)
+          s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
         s_pSecFn->FreeCredentialsHandle(&cred_handle);
         s_pSecFn->DeleteSecurityContext(&sspi_context);
         return CURLE_COULDNT_CONNECT;
@@ -221,8 +224,10 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
       if((code != CURLE_OK) || (sspi_send_token.cbBuffer != (size_t)written)) {
         failf(data, "Failed to send SSPI authentication token.");
         Curl_safefree(service_name);
-        s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
-        s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+        if(sspi_send_token.pvBuffer)
+          s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+        if(sspi_recv_token.pvBuffer)
+          s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
         s_pSecFn->FreeCredentialsHandle(&cred_handle);
         s_pSecFn->DeleteSecurityContext(&sspi_context);
         return CURLE_COULDNT_CONNECT;
@@ -230,12 +235,18 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
 
     }
 
-    s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
-    sspi_send_token.pvBuffer = NULL;
+    if(sspi_send_token.pvBuffer) {
+      s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+      sspi_send_token.pvBuffer = NULL;
+    }
     sspi_send_token.cbBuffer = 0;
-    s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
-    sspi_recv_token.pvBuffer = NULL;
+
+    if(sspi_recv_token.pvBuffer) {
+      s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+      sspi_recv_token.pvBuffer = NULL;
+    }
     sspi_recv_token.cbBuffer = 0;
+
     if(status != SEC_I_CONTINUE_NEEDED)
       break;
 
@@ -295,7 +306,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
     if(result != CURLE_OK || actualread != us_length) {
       failf(data, "Failed to receive SSPI authentication token.");
       Curl_safefree(service_name);
-      s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+      if(sspi_recv_token.pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
       s_pSecFn->FreeCredentialsHandle(&cred_handle);
       s_pSecFn->DeleteSecurityContext(&sspi_context);
       return CURLE_COULDNT_CONNECT;
@@ -459,7 +471,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
   code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);
   if((code != CURLE_OK) || (4 != written)) {
     failf(data, "Failed to send SSPI encryption request.");
-    s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+    if(sspi_send_token.pvBuffer)
+      s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
     s_pSecFn->DeleteSecurityContext(&sspi_context);
     return CURLE_COULDNT_CONNECT;
   }
@@ -478,11 +491,13 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
                             sspi_send_token.cbBuffer, &written);
     if((code != CURLE_OK) || (sspi_send_token.cbBuffer != (size_t)written)) {
       failf(data, "Failed to send SSPI encryption type.");
-      s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+      if(sspi_send_token.pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
       s_pSecFn->DeleteSecurityContext(&sspi_context);
       return CURLE_COULDNT_CONNECT;
     }
-    s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+    if(sspi_send_token.pvBuffer)
+      s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
   }
 
   result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
@@ -541,8 +556,10 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
                                       &qop);
 
     if(check_sspi_err(conn, status, "DecryptMessage")) {
-      s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
-      s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
+      if(sspi_w_token[0].pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+      if(sspi_w_token[1].pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
       s_pSecFn->DeleteSecurityContext(&sspi_context);
       failf(data, "Failed to query security context attributes.");
       return CURLE_COULDNT_CONNECT;
@@ -551,8 +568,10 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
     if(sspi_w_token[1].cbBuffer != 1) {
       failf(data, "Invalid SSPI encryption response length (%lu).",
             (unsigned long)sspi_w_token[1].cbBuffer);
-      s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
-      s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
+      if(sspi_w_token[0].pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+      if(sspi_w_token[1].pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
       s_pSecFn->DeleteSecurityContext(&sspi_context);
       return CURLE_COULDNT_CONNECT;
     }
-- 
cgit v1.2.3