From: Jennifer Richards Date: Wed, 2 May 2018 14:29:36 +0000 (-0400) Subject: Fix memory leak in gsscon_connect() X-Git-Tag: 3.4.0~1^2~33^2~4 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=trust_router.git;a=commitdiff_plain;h=8a8bd5293cd798f75060f82b5079db10968a7a27 Fix memory leak in gsscon_connect() * Check for failure to allocate service name * Free input name after importing to GSS --- diff --git a/gsscon/gsscon_active.c b/gsscon/gsscon_active.c index 1227c2b..dc075ba 100755 --- a/gsscon/gsscon_active.c +++ b/gsscon/gsscon_active.c @@ -83,6 +83,7 @@ int gsscon_connect (const char *inHost, unsigned int inPort, const char *inServi gss_buffer_desc nameBuffer; gss_buffer_t inputTokenPtr = GSS_C_NO_BUFFER; char *name; + int len = 0; if (!inServiceName) { err = EINVAL; } if (!outGSSContext) { err = EINVAL; } @@ -185,16 +186,27 @@ int gsscon_connect (const char *inHost, unsigned int inPort, const char *inServi */ if (!err) { - nameBuffer.length = asprintf(&name, "%s@%s", inServiceName, inHost); - nameBuffer.value = name; + len = asprintf(&name, "%s@%s", inServiceName, inHost); + if (len < 0) { + /* asprintf failed, pick an error to return... */ + err = GSS_S_BAD_NAME; + } else { + nameBuffer.length = (size_t) len; + nameBuffer.value = name; - majorStatus = gss_import_name (&minorStatus, &nameBuffer, (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &serviceName); - if (majorStatus != GSS_S_COMPLETE) { - gsscon_print_gss_errors ("gss_import_name(inServiceName)", majorStatus, minorStatus); - err = minorStatus ? minorStatus : majorStatus; + majorStatus = gss_import_name (&minorStatus, &nameBuffer, (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &serviceName); + if (majorStatus != GSS_S_COMPLETE) { + gsscon_print_gss_errors ("gss_import_name(inServiceName)", majorStatus, minorStatus); + err = minorStatus ? minorStatus : majorStatus; + } + + /* free the input name and null pointers to avoid reuse */ + free(name); + name = NULL; + nameBuffer.value = NULL; } } - + /* * The main authentication loop: *