diff options
author | Jeremy Allison <jra@samba.org> | 2006-06-16 22:25:17 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:17:32 -0500 |
commit | 3a8bf11ae341c34db61ef35cbdba6ff835940c79 (patch) | |
tree | 96960c268f21808027355ee4f08a3c2de99f83e3 /source3 | |
parent | eb41bfb91ba754458bfb9bd68bf38992995c0d01 (diff) | |
download | samba-3a8bf11ae341c34db61ef35cbdba6ff835940c79.tar.gz samba-3a8bf11ae341c34db61ef35cbdba6ff835940c79.tar.bz2 samba-3a8bf11ae341c34db61ef35cbdba6ff835940c79.zip |
r16306: Error handling in this asn1 code *sucks*. Fix a generic
class of memory leak bugs on error found by Klocwork (#123).
Many of these functions didn't free allocated memory on
error exit.
Jeremy.
(This used to be commit 8ef11a7c6de74024b7d535d959db2d462662a86f)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libsmb/asn1.c | 20 | ||||
-rw-r--r-- | source3/libsmb/clispnego.c | 27 |
2 files changed, 39 insertions, 8 deletions
diff --git a/source3/libsmb/asn1.c b/source3/libsmb/asn1.c index 8c986c9588..544ee78d40 100644 --- a/source3/libsmb/asn1.c +++ b/source3/libsmb/asn1.c @@ -393,20 +393,30 @@ BOOL asn1_check_OID(ASN1_DATA *data, const char *OID) BOOL asn1_read_GeneralString(ASN1_DATA *data, char **s) { int len; - if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) return False; + char *str; + + *s = NULL; + + if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) { + return False; + } len = asn1_tag_remaining(data); if (len < 0) { data->has_error = True; return False; } - *s = SMB_MALLOC(len+1); - if (! *s) { + str = SMB_MALLOC(len+1); + if (!str) { data->has_error = True; return False; } - asn1_read(data, *s, len); - (*s)[len] = 0; + asn1_read(data, str, len); + str[len] = 0; asn1_end_tag(data); + + if (!data->has_error) { + *s = str; + } return !data->has_error; } diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index e87e9f0c7c..3dad37d9e1 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -163,11 +163,18 @@ BOOL spnego_parse_negTokenInit(DATA_BLOB blob, asn1_end_tag(&data); ret = !data.has_error; + if (data.has_error) { + int j; + SAFE_FREE(principal); + for(j = 0; j < i && j < ASN1_MAX_OIDS-1; j++) { + SAFE_FREE(OIDs[j]); + } + } + asn1_free(&data); return ret; } - /* generate a negTokenTarg packet given a list of OIDs and a security blob */ @@ -212,7 +219,6 @@ DATA_BLOB gen_negTokenTarg(const char *OIDs[], DATA_BLOB blob) return ret; } - /* parse a negTokenTarg packet giving a list of OIDs and a security blob */ @@ -248,6 +254,11 @@ BOOL parse_negTokenTarg(DATA_BLOB blob, char *OIDs[ASN1_MAX_OIDS], DATA_BLOB *se asn1_end_tag(&data); if (data.has_error) { + int j; + data_blob_free(secblob); + for(j = 0; j < i && j < ASN1_MAX_OIDS-1; j++) { + SAFE_FREE(OIDs[j]); + } DEBUG(1,("Failed to parse negTokenTarg at offset %d\n", (int)data.ofs)); asn1_free(&data); return False; @@ -313,6 +324,10 @@ BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) ret = !data.has_error; + if (data.has_error) { + data_blob_free(ticket); + } + asn1_free(&data); return ret; @@ -390,6 +405,12 @@ BOOL spnego_parse_challenge(const DATA_BLOB blob, asn1_end_tag(&data); ret = !data.has_error; + + if (data.has_error) { + data_blob_free(chal1); + data_blob_free(chal2); + } + asn1_free(&data); return ret; } @@ -438,6 +459,7 @@ BOOL spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth) if (data.has_error) { DEBUG(3,("spnego_parse_auth failed at %d\n", (int)data.ofs)); + data_blob_free(auth); asn1_free(&data); return False; } @@ -537,4 +559,3 @@ BOOL spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, asn1_free(&data); return True; } - |