From f1e60142e12deb560e3c62441fd9ff2acd086b60 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 5 Aug 2013 10:43:38 +0200 Subject: libcli/auth: avoid possible mem leak in read_negTokenInit() Also add error checks. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- libcli/auth/spnego_parse.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'libcli') diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c index 3bf7aeab62..2c73613e3b 100644 --- a/libcli/auth/spnego_parse.c +++ b/libcli/auth/spnego_parse.c @@ -46,13 +46,24 @@ static bool read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, asn1_start_tag(asn1, ASN1_CONTEXT(0)); asn1_start_tag(asn1, ASN1_SEQUENCE(0)); - token->mechTypes = talloc(NULL, const char *); + token->mechTypes = talloc(mem_ctx, const char *); + if (token->mechTypes == NULL) { + asn1->has_error = true; + return false; + } for (i = 0; !asn1->has_error && 0 < asn1_tag_remaining(asn1); i++) { char *oid; - token->mechTypes = talloc_realloc(NULL, - token->mechTypes, - const char *, i+2); + const char **p; + p = talloc_realloc(mem_ctx, + token->mechTypes, + const char *, i+2); + if (p == NULL) { + TALLOC_FREE(token->mechTypes); + asn1->has_error = true; + return false; + } + token->mechTypes = p; asn1_read_OID(asn1, token->mechTypes, &oid); token->mechTypes[i] = oid; } -- cgit