From f1e60142e12deb560e3c62441fd9ff2acd086b60 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 5 Aug 2013 10:43:38 +0200
Subject: libcli/auth: avoid possible mem leak in read_negTokenInit()

Also add error checks.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 libcli/auth/spnego_parse.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'libcli')

diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c
index 3bf7aeab62..2c73613e3b 100644
--- a/libcli/auth/spnego_parse.c
+++ b/libcli/auth/spnego_parse.c
@@ -46,13 +46,24 @@ static bool read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
 			asn1_start_tag(asn1, ASN1_CONTEXT(0));
 			asn1_start_tag(asn1, ASN1_SEQUENCE(0));
 
-			token->mechTypes = talloc(NULL, const char *);
+			token->mechTypes = talloc(mem_ctx, const char *);
+			if (token->mechTypes == NULL) {
+				asn1->has_error = true;
+				return false;
+			}
 			for (i = 0; !asn1->has_error &&
 				     0 < asn1_tag_remaining(asn1); i++) {
 				char *oid;
-				token->mechTypes = talloc_realloc(NULL,
-								  token->mechTypes,
-								  const char *, i+2);
+				const char **p;
+				p = talloc_realloc(mem_ctx,
+						   token->mechTypes,
+						   const char *, i+2);
+				if (p == NULL) {
+					TALLOC_FREE(token->mechTypes);
+					asn1->has_error = true;
+					return false;
+				}
+				token->mechTypes = p;
 				asn1_read_OID(asn1, token->mechTypes, &oid);
 				token->mechTypes[i] = oid;
 			}
-- 
cgit