diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-08-05 10:43:38 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2013-08-10 09:19:04 +0200 |
commit | f1e60142e12deb560e3c62441fd9ff2acd086b60 (patch) | |
tree | 7fcf7dc393be413708aa67d9268d0ce6579c808e | |
parent | 966faef9c61d2ec02d75fc3ccc82a61524fb77e4 (diff) | |
download | samba-f1e60142e12deb560e3c62441fd9ff2acd086b60.tar.gz samba-f1e60142e12deb560e3c62441fd9ff2acd086b60.tar.bz2 samba-f1e60142e12deb560e3c62441fd9ff2acd086b60.zip |
libcli/auth: avoid possible mem leak in read_negTokenInit()
Also add error checks.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | libcli/auth/spnego_parse.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c index 3bf7aeab62..2c73613e3b 100644 --- a/libcli/auth/spnego_parse.c +++ b/libcli/auth/spnego_parse.c @@ -46,13 +46,24 @@ static bool read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, asn1_start_tag(asn1, ASN1_CONTEXT(0)); asn1_start_tag(asn1, ASN1_SEQUENCE(0)); - token->mechTypes = talloc(NULL, const char *); + token->mechTypes = talloc(mem_ctx, const char *); + if (token->mechTypes == NULL) { + asn1->has_error = true; + return false; + } for (i = 0; !asn1->has_error && 0 < asn1_tag_remaining(asn1); i++) { char *oid; - token->mechTypes = talloc_realloc(NULL, - token->mechTypes, - const char *, i+2); + const char **p; + p = talloc_realloc(mem_ctx, + token->mechTypes, + const char *, i+2); + if (p == NULL) { + TALLOC_FREE(token->mechTypes); + asn1->has_error = true; + return false; + } + token->mechTypes = p; asn1_read_OID(asn1, token->mechTypes, &oid); token->mechTypes[i] = oid; } |