svn commit: samba r16306 - in branches/SAMBA_3_0/source/libsmb: .

jra at samba.org jra at samba.org
Fri Jun 16 22:25:22 GMT 2006


Author: jra
Date: 2006-06-16 22:25:17 +0000 (Fri, 16 Jun 2006)
New Revision: 16306

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16306

Log:
Error handling in this asn1 code *sucks*. Fix a generic
class of memory leak bugs on error found by Klocwork (#123).
Many of these functions didn't free allocated memory on
error exit.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libsmb/asn1.c
   branches/SAMBA_3_0/source/libsmb/clispnego.c


Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/asn1.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/asn1.c	2006-06-16 22:25:19 UTC (rev 16305)
+++ branches/SAMBA_3_0/source/libsmb/asn1.c	2006-06-16 22:25:17 UTC (rev 16306)
@@ -393,20 +393,30 @@
 BOOL asn1_read_GeneralString(ASN1_DATA *data, char **s)
 {
 	int len;
-	if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) return False;
+	char *str;
+
+	*s = NULL;
+
+	if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) {
+		return False;
+	}
 	len = asn1_tag_remaining(data);
 	if (len < 0) {
 		data->has_error = True;
 		return False;
 	}
-	*s = SMB_MALLOC(len+1);
-	if (! *s) {
+	str = SMB_MALLOC(len+1);
+	if (!str) {
 		data->has_error = True;
 		return False;
 	}
-	asn1_read(data, *s, len);
-	(*s)[len] = 0;
+	asn1_read(data, str, len);
+	str[len] = 0;
 	asn1_end_tag(data);
+
+	if (!data->has_error) {
+		*s = str;
+	}
 	return !data->has_error;
 }
 

Modified: branches/SAMBA_3_0/source/libsmb/clispnego.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/clispnego.c	2006-06-16 22:25:19 UTC (rev 16305)
+++ branches/SAMBA_3_0/source/libsmb/clispnego.c	2006-06-16 22:25:17 UTC (rev 16306)
@@ -163,11 +163,18 @@
 	asn1_end_tag(&data);
 
 	ret = !data.has_error;
+	if (data.has_error) {
+		int j;
+		SAFE_FREE(principal);
+		for(j = 0; j < i && j < ASN1_MAX_OIDS-1; j++) {
+			SAFE_FREE(OIDs[j]);
+		}
+	}
+
 	asn1_free(&data);
 	return ret;
 }
 
-
 /*
   generate a negTokenTarg packet given a list of OIDs and a security blob
 */
@@ -212,7 +219,6 @@
 	return ret;
 }
 
-
 /*
   parse a negTokenTarg packet giving a list of OIDs and a security blob
 */
@@ -248,6 +254,11 @@
 	asn1_end_tag(&data);
 
 	if (data.has_error) {
+		int j;
+		data_blob_free(secblob);
+		for(j = 0; j < i && j < ASN1_MAX_OIDS-1; j++) {
+			SAFE_FREE(OIDs[j]);
+		}
 		DEBUG(1,("Failed to parse negTokenTarg at offset %d\n", (int)data.ofs));
 		asn1_free(&data);
 		return False;
@@ -313,6 +324,10 @@
 
 	ret = !data.has_error;
 
+	if (data.has_error) {
+		data_blob_free(ticket);
+	}
+
 	asn1_free(&data);
 
 	return ret;
@@ -390,6 +405,12 @@
 	asn1_end_tag(&data);
 
 	ret = !data.has_error;
+
+	if (data.has_error) {
+		data_blob_free(chal1);
+		data_blob_free(chal2);
+	}
+
 	asn1_free(&data);
 	return ret;
 }
@@ -438,6 +459,7 @@
 
 	if (data.has_error) {
 		DEBUG(3,("spnego_parse_auth failed at %d\n", (int)data.ofs));
+		data_blob_free(auth);
 		asn1_free(&data);
 		return False;
 	}
@@ -537,4 +559,3 @@
 	asn1_free(&data);
 	return True;
 }
-



More information about the samba-cvs mailing list