krb5-gssapi: Remove several memory leaks.

Remove a leak seen on Kerberos/MIT (gss_OID is copied internally and
we were leaking it). Now we just pass NULL as advised in RFC2744.

|tmp| was never set back to buf->data.

Cleaned up Curl_sec_end to take into account failure in Curl_sec_login
(where conn->mech would be NULL but not conn->app_data or
conn->in_buffer->data).

diff --git a/lib/krb5.c b/lib/krb5.c
index 9fb44f2..28c6a25 100644 (file)
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -218,8 +218,8 @@ krb5_auth(void *app_data, struct connectdata *conn)
       continue;
     }
     {
-      gss_OID t;
-      gss_display_name(&min, gssname, &gssbuf, &t);
+      /* We pass NULL as |output_name_type| to avoid a leak. */
+      gss_display_name(&min, gssname, &gssbuf, NULL);
       Curl_infof(data, "Trying against %s\n", gssbuf.value);
       gss_release_buffer(&min, &gssbuf);
     }

diff --git a/lib/security.c b/lib/security.c
index 303a1be..73a5540 100644 (file)
--- a/lib/security.c
+++ b/lib/security.c
@@ -216,6 +216,7 @@ static CURLcode read_data(struct connectdata *conn,
   if (tmp == NULL)
     return CURLE_OUT_OF_MEMORY;
 
+  buf->data = tmp;
   ret = socket_read(fd, buf->data, len);
   if (ret != CURLE_OK)
     return ret;
@@ -567,12 +568,20 @@ Curl_sec_login(struct connectdata *conn)
 void
 Curl_sec_end(struct connectdata *conn)
 {
-  if(conn->mech != NULL) {
-    if(conn->mech->end)
-      conn->mech->end(conn->app_data);
+  if(conn->mech != NULL && conn->mech->end)
+    conn->mech->end(conn->app_data);
+  if(conn->app_data) {
     free(conn->app_data);
     conn->app_data = NULL;
   }
+  if(conn->in_buffer.data) {
+    free(conn->in_buffer.data);
+    conn->in_buffer.data = NULL;
+    conn->in_buffer.size = 0;
+    conn->in_buffer.index = 0;
+    /* FIXME: Is this really needed? */
+    conn->in_buffer.eof_flag = 0;
+  }
   conn->sec_complete = 0;
   conn->data_prot = (enum protection_level)0;
   conn->mech = NULL;