svn commit: samba r16306 - in branches/SAMBA_3_0/source/libsmb: .
jra at samba.org
jra at samba.org
Fri Jun 16 22:25:22 GMT 2006
Author: jra
Date: 2006-06-16 22:25:17 +0000 (Fri, 16 Jun 2006)
New Revision: 16306
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16306
Log:
Error handling in this asn1 code *sucks*. Fix a generic
class of memory leak bugs on error found by Klocwork (#123).
Many of these functions didn't free allocated memory on
error exit.
Jeremy.
Modified:
branches/SAMBA_3_0/source/libsmb/asn1.c
branches/SAMBA_3_0/source/libsmb/clispnego.c
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/asn1.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/asn1.c 2006-06-16 22:25:19 UTC (rev 16305)
+++ branches/SAMBA_3_0/source/libsmb/asn1.c 2006-06-16 22:25:17 UTC (rev 16306)
@@ -393,20 +393,30 @@
BOOL asn1_read_GeneralString(ASN1_DATA *data, char **s)
{
int len;
- if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) return False;
+ char *str;
+
+ *s = NULL;
+
+ if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) {
+ return False;
+ }
len = asn1_tag_remaining(data);
if (len < 0) {
data->has_error = True;
return False;
}
- *s = SMB_MALLOC(len+1);
- if (! *s) {
+ str = SMB_MALLOC(len+1);
+ if (!str) {
data->has_error = True;
return False;
}
- asn1_read(data, *s, len);
- (*s)[len] = 0;
+ asn1_read(data, str, len);
+ str[len] = 0;
asn1_end_tag(data);
+
+ if (!data->has_error) {
+ *s = str;
+ }
return !data->has_error;
}
Modified: branches/SAMBA_3_0/source/libsmb/clispnego.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/clispnego.c 2006-06-16 22:25:19 UTC (rev 16305)
+++ branches/SAMBA_3_0/source/libsmb/clispnego.c 2006-06-16 22:25:17 UTC (rev 16306)
@@ -163,11 +163,18 @@
asn1_end_tag(&data);
ret = !data.has_error;
+ if (data.has_error) {
+ int j;
+ SAFE_FREE(principal);
+ for(j = 0; j < i && j < ASN1_MAX_OIDS-1; j++) {
+ SAFE_FREE(OIDs[j]);
+ }
+ }
+
asn1_free(&data);
return ret;
}
-
/*
generate a negTokenTarg packet given a list of OIDs and a security blob
*/
@@ -212,7 +219,6 @@
return ret;
}
-
/*
parse a negTokenTarg packet giving a list of OIDs and a security blob
*/
@@ -248,6 +254,11 @@
asn1_end_tag(&data);
if (data.has_error) {
+ int j;
+ data_blob_free(secblob);
+ for(j = 0; j < i && j < ASN1_MAX_OIDS-1; j++) {
+ SAFE_FREE(OIDs[j]);
+ }
DEBUG(1,("Failed to parse negTokenTarg at offset %d\n", (int)data.ofs));
asn1_free(&data);
return False;
@@ -313,6 +324,10 @@
ret = !data.has_error;
+ if (data.has_error) {
+ data_blob_free(ticket);
+ }
+
asn1_free(&data);
return ret;
@@ -390,6 +405,12 @@
asn1_end_tag(&data);
ret = !data.has_error;
+
+ if (data.has_error) {
+ data_blob_free(chal1);
+ data_blob_free(chal2);
+ }
+
asn1_free(&data);
return ret;
}
@@ -438,6 +459,7 @@
if (data.has_error) {
DEBUG(3,("spnego_parse_auth failed at %d\n", (int)data.ofs));
+ data_blob_free(auth);
asn1_free(&data);
return False;
}
@@ -537,4 +559,3 @@
asn1_free(&data);
return True;
}
-
More information about the samba-cvs
mailing list