summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2013-08-05 10:43:38 +0200
committerStefan Metzmacher <metze@samba.org>2013-08-10 09:19:04 +0200
commitf1e60142e12deb560e3c62441fd9ff2acd086b60 (patch)
tree7fcf7dc393be413708aa67d9268d0ce6579c808e
parent966faef9c61d2ec02d75fc3ccc82a61524fb77e4 (diff)
downloadsamba-f1e60142e12deb560e3c62441fd9ff2acd086b60.tar.gz
samba-f1e60142e12deb560e3c62441fd9ff2acd086b60.tar.bz2
samba-f1e60142e12deb560e3c62441fd9ff2acd086b60.zip
libcli/auth: avoid possible mem leak in read_negTokenInit()
Also add error checks. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--libcli/auth/spnego_parse.c19
1 files changed, 15 insertions, 4 deletions
diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c
index 3bf7aeab62..2c73613e3b 100644
--- a/libcli/auth/spnego_parse.c
+++ b/libcli/auth/spnego_parse.c
@@ -46,13 +46,24 @@ static bool read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
asn1_start_tag(asn1, ASN1_CONTEXT(0));
asn1_start_tag(asn1, ASN1_SEQUENCE(0));
- token->mechTypes = talloc(NULL, const char *);
+ token->mechTypes = talloc(mem_ctx, const char *);
+ if (token->mechTypes == NULL) {
+ asn1->has_error = true;
+ return false;
+ }
for (i = 0; !asn1->has_error &&
0 < asn1_tag_remaining(asn1); i++) {
char *oid;
- token->mechTypes = talloc_realloc(NULL,
- token->mechTypes,
- const char *, i+2);
+ const char **p;
+ p = talloc_realloc(mem_ctx,
+ token->mechTypes,
+ const char *, i+2);
+ if (p == NULL) {
+ TALLOC_FREE(token->mechTypes);
+ asn1->has_error = true;
+ return false;
+ }
+ token->mechTypes = p;
asn1_read_OID(asn1, token->mechTypes, &oid);
token->mechTypes[i] = oid;
}