From 22096f2dd63b09b10a0d89d07471410b5a525a7b Mon Sep 17 00:00:00 2001
From: scantor <scantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Date: Thu, 2 Aug 2012 17:07:07 +0000
Subject: [PATCH] Fix leaks in identifier generation

git-svn-id: https://svn.shibboleth.net/cpp-sp/branches/REL_2@3746 cb58f699-b61c-0410-a6fe-9272a202ed29
---
 shibsp/handler/impl/SAML2Logout.cpp           | 4 +++-
 shibsp/handler/impl/SAML2LogoutInitiator.cpp  | 4 +++-
 shibsp/handler/impl/SAML2SessionInitiator.cpp | 4 +++-
 shibsp/impl/StorageServiceSessionCache.cpp    | 4 +++-
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/shibsp/handler/impl/SAML2Logout.cpp b/shibsp/handler/impl/SAML2Logout.cpp
index 8aa8632..ec201c4 100644
--- a/shibsp/handler/impl/SAML2Logout.cpp
+++ b/shibsp/handler/impl/SAML2Logout.cpp
@@ -679,7 +679,9 @@ pair<bool,long> SAML2Logout::sendResponse(
     logout->setIssuer(issuer);
     issuer->setName(application.getRelyingParty(dynamic_cast<EntityDescriptor*>(role->getParent()))->getXMLString("entityID").second);
     fillStatus(*logout, code, subcode, msg);
-    logout->setID(SAMLConfig::getConfig().generateIdentifier());
+    XMLCh* msgid = SAMLConfig::getConfig().generateIdentifier();
+    logout->setID(msgid);
+    XMLString::release(&msgid);
     logout->setIssueInstant(time(nullptr));
 
     if (logoutEvent) {
diff --git a/shibsp/handler/impl/SAML2LogoutInitiator.cpp b/shibsp/handler/impl/SAML2LogoutInitiator.cpp
index 05d1e88..7de6798 100644
--- a/shibsp/handler/impl/SAML2LogoutInitiator.cpp
+++ b/shibsp/handler/impl/SAML2LogoutInitiator.cpp
@@ -527,7 +527,9 @@ auto_ptr<LogoutRequest> SAML2LogoutInitiator::buildRequest(
         msg->setNameID(nameid->cloneNameID());
     }
 
-    msg->setID(SAMLConfig::getConfig().generateIdentifier());
+    XMLCh* msgid = SAMLConfig::getConfig().generateIdentifier();
+    msg->setID(msgid);
+    XMLString::release(&msgid);
     msg->setIssueInstant(time(nullptr));
 
     if (m_async && encoder) {
diff --git a/shibsp/handler/impl/SAML2SessionInitiator.cpp b/shibsp/handler/impl/SAML2SessionInitiator.cpp
index 7b13888..2e10df3 100644
--- a/shibsp/handler/impl/SAML2SessionInitiator.cpp
+++ b/shibsp/handler/impl/SAML2SessionInitiator.cpp
@@ -713,7 +713,9 @@ pair<bool,long> SAML2SessionInitiator::doRequest(
         }
     }
 
-    req->setID(SAMLConfig::getConfig().generateIdentifier());
+    XMLCh* genid = SAMLConfig::getConfig().generateIdentifier();
+    req->setID(genid);
+    XMLString::release(&genid);
     req->setIssueInstant(time(nullptr));
 
     scoped_ptr<AuthnRequestEvent> ar_event(newAuthnRequestEvent(app, httpRequest));
diff --git a/shibsp/impl/StorageServiceSessionCache.cpp b/shibsp/impl/StorageServiceSessionCache.cpp
index e944c2b..a6078ea 100644
--- a/shibsp/impl/StorageServiceSessionCache.cpp
+++ b/shibsp/impl/StorageServiceSessionCache.cpp
@@ -891,7 +891,9 @@ SSCache::~SSCache()
 
 void SSCache::test()
 {
-    auto_ptr_char temp(SAMLConfig::getConfig().generateIdentifier());
+    XMLCh* wide = SAMLConfig::getConfig().generateIdentifier();
+    auto_ptr_char temp(wide);
+    XMLString::release(&wide);
     m_storage->createString("SessionCacheTest", temp.get(), "Test", time(nullptr) + 60);
     m_storage->deleteString("SessionCacheTest", temp.get());
 }
-- 
2.1.4