Commit 87badbef authored by Julien Chaffraix's avatar Julien Chaffraix
Browse files

krb5-gssapi: Remove several memory leaks. 

Remove a leak seen on Kerberos/MIT (gss_OID is copied internally and
we were leaking it). Now we just pass NULL as advised in RFC2744.

|tmp| was never set back to buf->data.

Cleaned up Curl_sec_end to take into account failure in Curl_sec_login
(where conn->mech would be NULL but not conn->app_data or
conn->in_buffer->data).
parent e3811ed7

lib/krb5.c

+2 −2
Original line number Diff line number Diff line
@@ -218,8 +218,8 @@ krb5_auth(void *app_data, struct connectdata *conn) 
      continue;

    }

    {

      gss_OID t;

      gss_display_name(&min, gssname, &gssbuf, &t);

      /* We pass NULL as |output_name_type| to avoid a leak. */

      gss_display_name(&min, gssname, &gssbuf, NULL);

      Curl_infof(data, "Trying against %s\n", gssbuf.value);

      gss_release_buffer(&min, &gssbuf);

    }

lib/security.c

+12 −3
Original line number Diff line number Diff line
@@ -216,6 +216,7 @@ static CURLcode read_data(struct connectdata *conn, 
  if (tmp == NULL)

    return CURLE_OUT_OF_MEMORY;



  buf->data = tmp;

  ret = socket_read(fd, buf->data, len);

  if (ret != CURLE_OK)

    return ret;
@@ -567,12 +568,20 @@ Curl_sec_login(struct connectdata *conn) 
void

Curl_sec_end(struct connectdata *conn)

{

  if(conn->mech != NULL) {

    if(conn->mech->end)

  if(conn->mech != NULL && conn->mech->end)

    conn->mech->end(conn->app_data);

  if(conn->app_data) {

    free(conn->app_data);

    conn->app_data = NULL;

  }

  if(conn->in_buffer.data) {

    free(conn->in_buffer.data);

    conn->in_buffer.data = NULL;

    conn->in_buffer.size = 0;

    conn->in_buffer.index = 0;

    /* FIXME: Is this really needed? */

    conn->in_buffer.eof_flag = 0;

  }

  conn->sec_complete = 0;

  conn->data_prot = (enum protection_level)0;

  conn->mech = NULL;