[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 195/208: gssapi: fix memory leak of output token in
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 195/208: gssapi: fix memory leak of output token in multi round context |
Date: |
Wed, 09 Aug 2017 17:36:32 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.55.0
in repository gnurl.
commit 0b11660234c4f9bbea7308402ad739dc3f153b08
Author: Isaac Boukris <address@hidden>
AuthorDate: Sat Jul 22 02:00:46 2017 +0300
gssapi: fix memory leak of output token in multi round context
When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.
Closes https://github.com/curl/curl/pull/1733
---
lib/vauth/spnego_gssapi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/vauth/spnego_gssapi.c b/lib/vauth/spnego_gssapi.c
index 8840db8fd..5196c2704 100644
--- a/lib/vauth/spnego_gssapi.c
+++ b/lib/vauth/spnego_gssapi.c
@@ -180,6 +180,10 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy
*data,
return CURLE_OUT_OF_MEMORY;
}
+ /* Free previous token */
+ if(nego->output_token.length && nego->output_token.value)
+ gss_release_buffer(&unused_status, &nego->output_token);
+
nego->output_token = output_token;
return CURLE_OK;
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 153/208: nss: unify the coding style of nss_send() and nss_recv(), (continued)
- [GNUnet-SVN] [gnurl] 153/208: nss: unify the coding style of nss_send() and nss_recv(), gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 145/208: winbuild: build with warning level 4, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 53/208: lib: fix the djgpp build, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 129/208: smb: rename variable to fix shadowing warning, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 152/208: tests/server/resolve.c: fix deprecation warning, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 68/208: curl/system.h: add check for XTENSA for 32bit gcc, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 148/208: sockfilt: suppress conversion warning with explicit cast, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 144/208: travis: install libidn2, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 125/208: valgrind.supp: supress OpenSSL false positive seen on travis, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 167/208: include.d: clarify --include is only for response headers, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 195/208: gssapi: fix memory leak of output token in multi round context,
gnunet <=
- [GNUnet-SVN] [gnurl] 193/208: CMake: fix CURL_WERROR for MSVC, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 133/208: ldap: fix MinGW compiler warning, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 66/208: progress: progress.timespent needs to be us, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 154/208: nss: fix a possible use-after-free in SelectClientCert(), gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 151/208: darwinssl: fix pinnedpubkey build error, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 131/208: curl_setup_once: Remove ERRNO/SET_ERRNO macros, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 132/208: curl-compilers.m4: disable warning spam with Cygwin's clang, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 169/208: http: fix response code parser to avoid integer overflow, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 158/208: timeval: struct curltime is a struct timeval replacement, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 59/208: maketgz: switch to xz instead of lzma, gnunet, 2017/08/09