summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-12-04 16:38:02 +0100
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-12-04 16:40:25 +0100
commitf1db3c52de6e5a68efe697a9af3497251c30f8fb (patch)
tree24874d87de1af5cda8a1ddc17bc2fc0077910a27
parentee311beabe0dd9f904f05a4c8d8bab065eda1fb7 (diff)
downloadsamba-f1db3c52de6e5a68efe697a9af3497251c30f8fb.tar.gz
samba-f1db3c52de6e5a68efe697a9af3497251c30f8fb.tar.bz2
samba-f1db3c52de6e5a68efe697a9af3497251c30f8fb.zip
s4:auth/gensec/gensec_krb5.c - fix/reorder memory free operations
To prevent memory leaks
-rw-r--r--source4/auth/gensec/gensec_krb5.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index deb22adb2d..fc96e3851c 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -153,6 +153,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
(struct sockaddr *) &ss,
sizeof(struct sockaddr_storage));
if (socklen < 0) {
+ talloc_free(gensec_krb5_state);
return NT_STATUS_INTERNAL_ERROR;
}
ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context,
@@ -175,6 +176,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
(struct sockaddr *) &ss,
sizeof(struct sockaddr_storage));
if (socklen < 0) {
+ talloc_free(gensec_krb5_state);
return NT_STATUS_INTERNAL_ERROR;
}
ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context,
@@ -633,6 +635,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
DEBUG(1, ("Unable to parse client principal: %s\n",
smb_get_krb5_error_message(context,
ret, mem_ctx)));
+ krb5_free_principal(context, client_principal);
talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
@@ -646,8 +649,9 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
principal_string,
smb_get_krb5_error_message(context,
ret, mem_ctx)));
- krb5_free_principal(context, client_principal);
free(principal_string);
+ krb5_free_principal(context, client_principal);
+ talloc_free(mem_ctx);
return NT_STATUS_ACCESS_DENIED;
} else if (ret) {
/* NO pac */
@@ -664,6 +668,8 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
principal_string,
NULL, &server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
+ free(principal_string);
+ krb5_free_principal(context, client_principal);
talloc_free(mem_ctx);
return nt_status;
}
@@ -678,10 +684,10 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
} else {
/* Found pac */
union netr_Validation validation;
- free(principal_string);
pac = data_blob_talloc(mem_ctx, pac_data.data, pac_data.length);
if (!pac.data) {
+ free(principal_string);
krb5_free_principal(context, client_principal);
talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
@@ -694,9 +700,10 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
NULL, gensec_krb5_state->keyblock,
client_principal,
gensec_krb5_state->ticket->ticket.authtime, NULL);
- krb5_free_principal(context, client_principal);
if (!NT_STATUS_IS_OK(nt_status)) {
+ free(principal_string);
+ krb5_free_principal(context, client_principal);
talloc_free(mem_ctx);
return nt_status;
}
@@ -707,11 +714,16 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
3, &validation,
&server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
+ free(principal_string);
+ krb5_free_principal(context, client_principal);
talloc_free(mem_ctx);
return nt_status;
}
}
+ free(principal_string);
+ krb5_free_principal(context, client_principal);
+
/* references the server_info into the session_info */
nt_status = gensec_generate_session_info(mem_ctx, gensec_security, server_info, &session_info);