/curl

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory leak in Curl_override_sspi_http_realm #635

Closed
silveja1 opened this Issue Feb 4, 2016 · 3 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
2 participants
@silveja1 @jay
@silveja1

silveja1 commented Feb 4, 2016

I've fixed a 1 byte memory leak with Curl_override_sspi_http_realm in curl_sasl_sspi.c on line 297. Without being intimately involved in the project I don't want to check it in.

Here is the fix:

CURLcode Curl_override_sspi_http_realm(const char *chlg,
                                       SEC_WINNT_AUTH_IDENTITY *identity)
{
  xcharp_u domain, dup_domain;

  /* If domain is blank or unset, check challenge message for realm */
  if(!identity->Domain || !identity->DomainLength) {
    // --------------------- ADDED BELOW -----------------------------
    if( identity->Domain )
    {
      // free the domain due to strdup
      free(identity->Domain);
      identity->Domain = NULL;
    }

@jay jay added the memory-leak label Feb 4, 2016

@jay

This comment has been minimized.

Show comment
Hide comment
@jay

jay Feb 4, 2016

Member

Ah. The default is a dup of a zero length string so it looks like that is possible. I think only if we are updating the domain pointer would we free the old one, so:

--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@@ -316,6 +316,7 @@ CURLcode Curl_override_sspi_http_realm(const char *chlg,
             Curl_unicodefree(domain.tchar_ptr);
             return CURLE_OUT_OF_MEMORY;
           }
+          free(identity->Domain);
           identity->Domain = dup_domain.tbyte_ptr;
           identity->DomainLength = curlx_uztoul(_tcslen(dup_domain.tchar_ptr));
           dup_domain.tchar_ptr = NULL;

Can you try that?
Member

jay commented Feb 4, 2016

Ah. The default is a dup of a zero length string so it looks like that is possible. I think only if we are updating the domain pointer would we free the old one, so:

--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@@ -316,6 +316,7 @@ CURLcode Curl_override_sspi_http_realm(const char *chlg,
             Curl_unicodefree(domain.tchar_ptr);
             return CURLE_OUT_OF_MEMORY;
           }
+          free(identity->Domain);
           identity->Domain = dup_domain.tbyte_ptr;
           identity->DomainLength = curlx_uztoul(_tcslen(dup_domain.tchar_ptr));
           dup_domain.tchar_ptr = NULL;

Can you try that?

@jay jay changed the title from Memory leak fix to Memory leak in Curl_override_sspi_http_realm Feb 4, 2016

@silveja1

This comment has been minimized.

Show comment
Hide comment
@silveja1

silveja1 Feb 4, 2016

Yes, that works fine. Wouldn't it be better not initialize with strdup("") and just leave as NULL?

Thanks,
Jay

silveja1 commented Feb 4, 2016

Yes, that works fine. Wouldn't it be better not initialize with strdup("") and just leave as NULL?

Thanks,
Jay

jay added a commit that referenced this issue Feb 4, 2016

@jay
sasl_sspi: Fix memory leak in domain populate 
Free an existing domain before replacing it.

Bug: #635
Reported-by: silveja1@users.noreply.github.com
742deff
@jay

This comment has been minimized.

Show comment
Hide comment
@jay

jay Feb 4, 2016

Member

No, we need a pointer to a domain even if it's zero length. There's no guarantee the domain will be replaced, that's why I changed it to free only if there's a replacement. Landed in 742deff, thanks!
Member

jay commented Feb 4, 2016

No, we need a pointer to a domain even if it's zero length. There's no guarantee the domain will be replaced, that's why I changed it to free only if there's a replacement. Landed in 742deff, thanks!

@jay jay closed this Feb 4, 2016

@lock lock bot locked as resolved and limited conversation to collaborators May 7, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.