moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

krb5-gssapi: Removed a memory leak in krb5_auth. 

We forgot to release the buffer passed to gss_init_sec_context.

The previous logic was difficult to read as we were reusing the same
variable (gssbuf) for both input buffer and output buffer. Splitted the
logic in 2 variables to better underline who needs to be released.
Also made the code break at 80 lines.
This commit is contained in:
Julien Chaffraix 2010-10-02 00:54:34 -07:00
parent 79cd7ef9ab
commit fc137ee272
1 changed files with 19 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
lib/krb5.c
View File

@ -178,7 +178,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
struct SessionHandle *data = conn->data; struct SessionHandle *data = conn->data;
CURLcode result; CURLcode result;
const char *service = "ftp", *srv_host = "host"; const char *service = "ftp", *srv_host = "host";
gss_buffer_desc gssbuf, _gssresp, *gssresp; gss_buffer_desc input_buffer, output_buffer, _gssresp, *gssresp;
OM_uint32 maj, min; OM_uint32 maj, min;
gss_name_t gssname; gss_name_t gssname;
gss_ctx_id_t *context = app_data; gss_ctx_id_t *context = app_data;
@ -214,28 +214,31 @@ krb5_auth(void *app_data, struct connectdata *conn)
return -1; return -1;
} }
gssbuf.value = data->state.buffer; input_buffer.value = data->state.buffer;
gssbuf.length = snprintf(gssbuf.value, BUFSIZE, "%s@%s", service, host); input_buffer.length = snprintf(input_buffer.value, BUFSIZE, "%s@%s",
maj = gss_import_name(&min, &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &gssname); service, host);
maj = gss_import_name(&min, &input_buffer, GSS_C_NT_HOSTBASED_SERVICE,
&gssname);
if(maj != GSS_S_COMPLETE) { if(maj != GSS_S_COMPLETE) {
gss_release_name(&min, &gssname); gss_release_name(&min, &gssname);
if(service == srv_host) { if(service == srv_host) {
Curl_failf(data, "Error importing service name %s", gssbuf.value); Curl_failf(data, "Error importing service name %s", input_buffer.value);
return AUTH_ERROR; return AUTH_ERROR;
} }
service = srv_host; service = srv_host;
continue; continue;
} }
{ /* We pass NULL as |output_name_type| to avoid a leak. */
/* We pass NULL as |output_name_type| to avoid a leak. */ gss_display_name(&min, gssname, &output_buffer, NULL);
gss_display_name(&min, gssname, &gssbuf, NULL); Curl_infof(data, "Trying against %s\n", output_buffer.value);
Curl_infof(data, "Trying against %s\n", gssbuf.value);
gss_release_buffer(&min, &gssbuf);
}
gssresp = GSS_C_NO_BUFFER; gssresp = GSS_C_NO_BUFFER;
*context = GSS_C_NO_CONTEXT; *context = GSS_C_NO_CONTEXT;
do { do {
/* Release the buffer at each iteration to avoid leaking: the first time
we are releasing the memory from gss_display_name. The last item is
taken care by a final gss_release_buffer. */
gss_release_buffer(&min, &output_buffer);
ret = AUTH_OK; ret = AUTH_OK;
maj = gss_init_sec_context(&min, maj = gss_init_sec_context(&min,
GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
@ -247,7 +250,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
&chan, &chan,
gssresp, gssresp,
NULL, NULL,
&gssbuf, &output_buffer,
NULL, NULL,
NULL); NULL);
@ -262,9 +265,9 @@ krb5_auth(void *app_data, struct connectdata *conn)
break; break;
} }
if(gssbuf.length != 0) { if(output_buffer.length != 0) {
if(Curl_base64_encode(data, (char *)gssbuf.value, gssbuf.length, &p) if(Curl_base64_encode(data, (char *)output_buffer.value,
< 1) { output_buffer.length, &p) < 1) {
Curl_infof(data, "Out of memory base64-encoding"); Curl_infof(data, "Out of memory base64-encoding");
ret = AUTH_CONTINUE; ret = AUTH_CONTINUE;
break; break;
@ -307,6 +310,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
} while(maj == GSS_S_CONTINUE_NEEDED); } while(maj == GSS_S_CONTINUE_NEEDED);
gss_release_name(&min, &gssname); gss_release_name(&min, &gssname);
gss_release_buffer(&min, &output_buffer);
if(gssresp) if(gssresp)
free(_gssresp.value); free(_gssresp.value);