* src/ne_auth.c (request_digest): Don't leak sess->response_rhs

when generating it. (clean_session): Free h_a1 if set.
author: Joe Orton <joe@manyfish.uk> 2020-06-10 19:26:01 +0100
committer: Joe Orton <jorton@apache.org> 2020-06-18 08:01:27 +0100
commit: 5e67f71bb448328a52f2812a49c896d66b60f4db (patch)
tree: b390d965c6e1befa974e963de8cb487c5964fabe
parent: d505edb06cdbd72faf02a6b282d5b889c12796cb (diff)
download: neon-git-5e67f71bb448328a52f2812a49c896d66b60f4db.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/src/ne_auth.c b/src/ne_auth.c
index 87935c5..ad5ef15 100644
--- a/src/ne_auth.c
+++ b/src/ne_auth.c
@@ -302,8 +302,10 @@ static void clean_session(auth_session *sess)
     if (sess->realm) ne_free(sess->realm);
     if (sess->userhash) ne_free(sess->userhash);
     if (sess->response_rhs) ne_free(sess->response_rhs);
+    if (sess->h_a1) ne_free(sess->h_a1);
     sess->realm = sess->basic = sess->cnonce = sess->nonce =
-        sess->opaque = sess->userhash = sess->response_rhs = NULL;
+        sess->opaque = sess->userhash = sess->response_rhs =
+        sess->h_a1 = NULL;
     if (sess->ndomains) free_domains(sess);
 #ifdef HAVE_GSSAPI
     {
@@ -982,6 +984,7 @@ static char *request_digest(auth_session *sess, struct auth_request *req)
         sess->nonce_count++;
         ne_snprintf(nc_value, 9, "%08x", sess->nonce_count);
 
+        if (sess->response_rhs) ne_free(sess->response_rhs);
         sess->response_rhs = ne_concat(sess->nonce, ":",
                                        nc_value, ":", sess->cnonce, ":",
                                        qop_value, NULL);
author	Joe Orton <joe@manyfish.uk>	2020-06-10 19:26:01 +0100
committer	Joe Orton <jorton@apache.org>	2020-06-18 08:01:27 +0100
commit	5e67f71bb448328a52f2812a49c896d66b60f4db (patch)
tree	b390d965c6e1befa974e963de8cb487c5964fabe
parent	d505edb06cdbd72faf02a6b282d5b889c12796cb (diff)
download	neon-git-5e67f71bb448328a52f2812a49c896d66b60f4db.tar.gz