diff options
| -rw-r--r-- | libextra/auth_srp.c | 2 | ||||
| -rw-r--r-- | libextra/auth_srp_passwd.c | 39 | ||||
| -rw-r--r-- | libextra/auth_srp_passwd.h | 6 | ||||
| -rw-r--r-- | libextra/gnutls_srp.c | 3 |
4 files changed, 31 insertions, 19 deletions
diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index 850e1b29d5..e72f460946 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -147,7 +147,7 @@ int _gnutls_gen_srp_server_hello(gnutls_session state, opaque * data, size_t _da ret = pwd_entry->g.size + pwd_entry->n.size + pwd_entry->salt.size + 5; - _gnutls_srp_clear_pwd_entry( pwd_entry); + _gnutls_srp_entry_free( pwd_entry); return ret; } diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c index 359b7eefb9..a032b176fa 100644 --- a/libextra/auth_srp_passwd.c +++ b/libextra/auth_srp_passwd.c @@ -109,6 +109,7 @@ int indx; entry->username = gnutls_strdup(str); if (entry->username==NULL) { _gnutls_free_datum( &entry->salt); + _gnutls_free_datum( &entry->v); gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } @@ -232,7 +233,7 @@ SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, if (cred==NULL) { *err = 1; gnutls_assert(); - gnutls_free(entry); + _gnutls_srp_entry_free(entry); return NULL; } @@ -242,10 +243,11 @@ SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, if (cred->pwd_callback != NULL) { ret = cred->pwd_callback( state, username, &entry->salt, &entry->v, &entry->g, &entry->n); + entry->malloced = 1; if (ret < 0) { gnutls_assert(); - gnutls_free(entry); + _gnutls_srp_entry_free(entry); return NULL; } @@ -273,7 +275,7 @@ SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, if (fd==NULL) { *err = 1; /* failed due to critical error */ gnutls_assert(); - gnutls_free(entry); + _gnutls_srp_entry_free(entry); return NULL; } @@ -289,11 +291,11 @@ SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, if (pwd_read_conf( cred->password_conf_file[pwd_index], entry, index)==0) { return entry; } else { - gnutls_free(entry); + _gnutls_srp_entry_free(entry); return NULL; } else { - gnutls_free(entry); + _gnutls_srp_entry_free(entry); return NULL; } } @@ -315,14 +317,14 @@ SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() { ret = _gnutls_get_rnd_srp_params( &pwd_entry->g, &pwd_entry->n, 1024); if (ret < 0) { gnutls_assert(); - _gnutls_srp_clear_pwd_entry( pwd_entry); + _gnutls_srp_entry_free( pwd_entry); return NULL; } pwd_entry->username = gnutls_malloc(strlen(RNDUSER)+1); if (pwd_entry->username == NULL) { gnutls_assert(); - _gnutls_srp_clear_pwd_entry( pwd_entry); + _gnutls_srp_entry_free( pwd_entry); return NULL; } _gnutls_str_cpy( pwd_entry->username, MAX_SRP_USERNAME, RNDUSER); /* Flawfinder: ignore */ @@ -331,7 +333,7 @@ SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() { pwd_entry->v.size = 20; if (pwd_entry->v.data==NULL) { gnutls_assert(); - _gnutls_srp_clear_pwd_entry( pwd_entry); + _gnutls_srp_entry_free( pwd_entry); return NULL; } @@ -342,13 +344,13 @@ SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() { pwd_entry->salt.data = gnutls_malloc(RND_SALT_SIZE); if (pwd_entry->salt.data==NULL) { gnutls_assert(); - _gnutls_srp_clear_pwd_entry( pwd_entry); + _gnutls_srp_entry_free( pwd_entry); return NULL; } if (_gnutls_get_random(pwd_entry->salt.data, RND_SALT_SIZE, GNUTLS_WEAK_RANDOM) < 0) { gnutls_assert(); - _gnutls_srp_clear_pwd_entry( pwd_entry); + _gnutls_srp_entry_free( pwd_entry); return NULL; } @@ -356,11 +358,18 @@ SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() { } -void _gnutls_srp_clear_pwd_entry( SRP_PWD_ENTRY * entry) { - _gnutls_free_datum(&entry->v); - _gnutls_free_datum(&entry->g); - _gnutls_free_datum(&entry->n); - _gnutls_free_datum(&entry->salt); +void _gnutls_srp_entry_free( SRP_PWD_ENTRY * entry) { + if (entry->malloced) { + free( entry->v.data); entry->v.data = NULL; + free( entry->g.data); entry->g.data = NULL; + free( entry->n.data); entry->n.data = NULL; + free( entry->salt.data); entry->salt.data = NULL; + } else { + _gnutls_free_datum(&entry->v); + _gnutls_free_datum(&entry->g); + _gnutls_free_datum(&entry->n); + _gnutls_free_datum(&entry->salt); + } gnutls_free(entry->username); gnutls_free(entry); diff --git a/libextra/auth_srp_passwd.h b/libextra/auth_srp_passwd.h index 992ddea420..2171adb782 100644 --- a/libextra/auth_srp_passwd.h +++ b/libextra/auth_srp_passwd.h @@ -7,11 +7,15 @@ typedef struct { gnutls_datum v; gnutls_datum g; gnutls_datum n; + + int malloced; /* if non zero, use free() instead of gnutls_free() + */ + } SRP_PWD_ENTRY; /* this is localy alocated. It should be freed using the provided function */ SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, int* err); -void _gnutls_srp_clear_pwd_entry( SRP_PWD_ENTRY * entry); +void _gnutls_srp_entry_free( SRP_PWD_ENTRY * entry); SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry(void); int _gnutls_sbase64_encode(uint8 * data, size_t data_size, uint8 ** result); int _gnutls_sbase64_decode(uint8 * data, size_t data_size, uint8 ** result); diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c index 3d0f3a05ef..2279a28f7a 100644 --- a/libextra/gnutls_srp.c +++ b/libextra/gnutls_srp.c @@ -32,7 +32,6 @@ #include "debug.h" - /* Here functions for SRP (like g^x mod n) are defined */ @@ -515,7 +514,7 @@ void gnutls_srp_server_set_select_function(gnutls_session session, * 'username' contains the actual username. * * The 'salt', 'verifier', 'generator' and 'prime' must be filled - * in. + * in (using malloc). * * In case the callback returned a negative number then gnutls will * assume that the username does not exist. |