diff options
author | Joe Orton <joe@manyfish.uk> | 2020-06-10 19:26:01 +0100 |
---|---|---|
committer | Joe Orton <jorton@apache.org> | 2020-06-18 08:01:27 +0100 |
commit | 5e67f71bb448328a52f2812a49c896d66b60f4db (patch) | |
tree | b390d965c6e1befa974e963de8cb487c5964fabe | |
parent | d505edb06cdbd72faf02a6b282d5b889c12796cb (diff) | |
download | neon-git-5e67f71bb448328a52f2812a49c896d66b60f4db.tar.gz |
* src/ne_auth.c (request_digest): Don't leak sess->response_rhs
when generating it.
(clean_session): Free h_a1 if set.
-rw-r--r-- | src/ne_auth.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/ne_auth.c b/src/ne_auth.c index 87935c5..ad5ef15 100644 --- a/src/ne_auth.c +++ b/src/ne_auth.c @@ -302,8 +302,10 @@ static void clean_session(auth_session *sess) if (sess->realm) ne_free(sess->realm); if (sess->userhash) ne_free(sess->userhash); if (sess->response_rhs) ne_free(sess->response_rhs); + if (sess->h_a1) ne_free(sess->h_a1); sess->realm = sess->basic = sess->cnonce = sess->nonce = - sess->opaque = sess->userhash = sess->response_rhs = NULL; + sess->opaque = sess->userhash = sess->response_rhs = + sess->h_a1 = NULL; if (sess->ndomains) free_domains(sess); #ifdef HAVE_GSSAPI { @@ -982,6 +984,7 @@ static char *request_digest(auth_session *sess, struct auth_request *req) sess->nonce_count++; ne_snprintf(nc_value, 9, "%08x", sess->nonce_count); + if (sess->response_rhs) ne_free(sess->response_rhs); sess->response_rhs = ne_concat(sess->nonce, ":", nc_value, ":", sess->cnonce, ":", qop_value, NULL); |