summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-06-16 22:25:17 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:17:32 -0500
commit3a8bf11ae341c34db61ef35cbdba6ff835940c79 (patch)
tree96960c268f21808027355ee4f08a3c2de99f83e3 /source3
parenteb41bfb91ba754458bfb9bd68bf38992995c0d01 (diff)
downloadsamba-3a8bf11ae341c34db61ef35cbdba6ff835940c79.tar.gz
samba-3a8bf11ae341c34db61ef35cbdba6ff835940c79.tar.bz2
samba-3a8bf11ae341c34db61ef35cbdba6ff835940c79.zip
r16306: Error handling in this asn1 code *sucks*. Fix a generic
class of memory leak bugs on error found by Klocwork (#123). Many of these functions didn't free allocated memory on error exit. Jeremy. (This used to be commit 8ef11a7c6de74024b7d535d959db2d462662a86f)
Diffstat (limited to 'source3')
-rw-r--r--source3/libsmb/asn1.c20
-rw-r--r--source3/libsmb/clispnego.c27
2 files changed, 39 insertions, 8 deletions
diff --git a/source3/libsmb/asn1.c b/source3/libsmb/asn1.c
index 8c986c9588..544ee78d40 100644
--- a/source3/libsmb/asn1.c
+++ b/source3/libsmb/asn1.c
@@ -393,20 +393,30 @@ BOOL asn1_check_OID(ASN1_DATA *data, const char *OID)
BOOL asn1_read_GeneralString(ASN1_DATA *data, char **s)
{
int len;
- if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) return False;
+ char *str;
+
+ *s = NULL;
+
+ if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) {
+ return False;
+ }
len = asn1_tag_remaining(data);
if (len < 0) {
data->has_error = True;
return False;
}
- *s = SMB_MALLOC(len+1);
- if (! *s) {
+ str = SMB_MALLOC(len+1);
+ if (!str) {
data->has_error = True;
return False;
}
- asn1_read(data, *s, len);
- (*s)[len] = 0;
+ asn1_read(data, str, len);
+ str[len] = 0;
asn1_end_tag(data);
+
+ if (!data->has_error) {
+ *s = str;
+ }
return !data->has_error;
}
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index e87e9f0c7c..3dad37d9e1 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -163,11 +163,18 @@ BOOL spnego_parse_negTokenInit(DATA_BLOB blob,
asn1_end_tag(&data);
ret = !data.has_error;
+ if (data.has_error) {
+ int j;
+ SAFE_FREE(principal);
+ for(j = 0; j < i && j < ASN1_MAX_OIDS-1; j++) {
+ SAFE_FREE(OIDs[j]);
+ }
+ }
+
asn1_free(&data);
return ret;
}
-
/*
generate a negTokenTarg packet given a list of OIDs and a security blob
*/
@@ -212,7 +219,6 @@ DATA_BLOB gen_negTokenTarg(const char *OIDs[], DATA_BLOB blob)
return ret;
}
-
/*
parse a negTokenTarg packet giving a list of OIDs and a security blob
*/
@@ -248,6 +254,11 @@ BOOL parse_negTokenTarg(DATA_BLOB blob, char *OIDs[ASN1_MAX_OIDS], DATA_BLOB *se
asn1_end_tag(&data);
if (data.has_error) {
+ int j;
+ data_blob_free(secblob);
+ for(j = 0; j < i && j < ASN1_MAX_OIDS-1; j++) {
+ SAFE_FREE(OIDs[j]);
+ }
DEBUG(1,("Failed to parse negTokenTarg at offset %d\n", (int)data.ofs));
asn1_free(&data);
return False;
@@ -313,6 +324,10 @@ BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2])
ret = !data.has_error;
+ if (data.has_error) {
+ data_blob_free(ticket);
+ }
+
asn1_free(&data);
return ret;
@@ -390,6 +405,12 @@ BOOL spnego_parse_challenge(const DATA_BLOB blob,
asn1_end_tag(&data);
ret = !data.has_error;
+
+ if (data.has_error) {
+ data_blob_free(chal1);
+ data_blob_free(chal2);
+ }
+
asn1_free(&data);
return ret;
}
@@ -438,6 +459,7 @@ BOOL spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth)
if (data.has_error) {
DEBUG(3,("spnego_parse_auth failed at %d\n", (int)data.ofs));
+ data_blob_free(auth);
asn1_free(&data);
return False;
}
@@ -537,4 +559,3 @@ BOOL spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status,
asn1_free(&data);
return True;
}
-