diff options
-rw-r--r-- | source3/libads/sasl.c | 40 |
1 files changed, 32 insertions, 8 deletions
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 1ab71c6ee5..971156ae61 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -29,12 +29,12 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) { const char *mechs[] = {OID_NTLMSSP, NULL}; - DATA_BLOB msg1; + DATA_BLOB msg1 = data_blob(NULL, 0); DATA_BLOB blob, chal1, chal2, auth; uint8 challenge[8]; uint8 nthash[24], lmhash[24], sess_key[16]; uint32 neg_flags; - struct berval cred, *scred; + struct berval cred, *scred = NULL; ADS_STATUS status; int rc; @@ -70,6 +70,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) } blob = data_blob(scred->bv_val, scred->bv_len); + ber_bvfree(scred); /* the server gives us back two challenges */ if (!spnego_parse_challenge(blob, &chal1, &chal2)) { @@ -105,15 +106,29 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) data_blob_free(&blob); + /* Remember to free the msg1 blob. The contents of this + have been copied into cred and need freeing before reassignment. */ + data_blob_free(&msg1); + /* now send the auth packet and we should be done */ cred.bv_val = (char *)auth.data; cred.bv_len = auth.length; rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred); + ber_bvfree(scred); + data_blob_free(&auth); + return ADS_ERROR(rc); failed: + + /* Remember to free the msg1 blob. The contents of this + have been copied into cred and need freeing. */ + data_blob_free(&msg1); + + if(scred) + ber_bvfree(scred); return status; } @@ -122,9 +137,9 @@ failed: */ static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *principal) { - DATA_BLOB blob; - struct berval cred, *scred; - DATA_BLOB session_key; + DATA_BLOB blob = data_blob(NULL, 0); + struct berval cred, *scred = NULL; + DATA_BLOB session_key = data_blob(NULL, 0); int rc; rc = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, &blob, &session_key); @@ -141,6 +156,8 @@ static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *princip data_blob_free(&blob); data_blob_free(&session_key); + if(scred) + ber_bvfree(scred); return ADS_ERROR(rc); } @@ -154,7 +171,7 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) int rc, i; ADS_STATUS status; DATA_BLOB blob; - char *principal; + char *principal = NULL; char *OIDs[ASN1_MAX_OIDS]; BOOL got_kerberos_mechanism = False; @@ -197,8 +214,10 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) && got_kerberos_mechanism) { status = ads_sasl_spnego_krb5_bind(ads, principal); - if (ADS_ERR_OK(status)) + if (ADS_ERR_OK(status)) { + SAFE_FREE(principal); return status; + } status = ADS_ERROR_KRB5(ads_kinit_password(ads)); @@ -209,11 +228,14 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) /* only fallback to NTLMSSP if allowed */ if (ADS_ERR_OK(status) || !(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) { + SAFE_FREE(principal); return status; } } #endif + SAFE_FREE(principal); + /* lets do NTLMSSP ... this has the big advantage that we don't need to sync clocks, and we don't rely on special versions of the krb5 library for HMAC_MD4 encryption */ @@ -242,7 +264,7 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) gss_buffer_desc output_token, input_token; uint32 ret_flags, conf_state; struct berval cred; - struct berval *scred; + struct berval *scred = NULL; int i=0; int gss_rc, rc; uint8 *p; @@ -385,6 +407,8 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) gss_release_buffer(&minor_status, &input_token); failed: + if(scred) + ber_bvfree(scred); return status; } #endif |