Skip to content

Commit 765a942

Browse files
committed
8304136: Match allocation and free in sspi.cpp
Reviewed-by: djelinski
1 parent 3f59b75 commit 765a942

File tree

1 file changed

+29
-20
lines changed
  • src/java.security.jgss/windows/native/libsspi_bridge

1 file changed

+29
-20
lines changed

src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp

+29-20
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved.
2+
* Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
33
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44
*
55
* This code is free software; you can redistribute it and/or modify it
@@ -281,7 +281,13 @@ get_full_name(WCHAR* input)
281281
continue;
282282
}
283283
if (input[i] == L'@') {
284-
return _wcsdup(input);
284+
size_t newlen = wcslen(input) + 1;
285+
WCHAR* result = new WCHAR[newlen];
286+
if (!result) {
287+
return NULL;
288+
}
289+
wcscpy_s(result, newlen, input);
290+
return result;
285291
}
286292
}
287293

@@ -539,7 +545,7 @@ gss_export_name(OM_uint32 *minor_status,
539545
// We only deal with not-so-long names.
540546
// 04 01 00 ** 06 ** OID len:int32 name
541547
int mechLen = KRB5_OID.length;
542-
char* buffer = new char[10 + mechLen + len];
548+
char* buffer = (char*) malloc(10 + mechLen + len);
543549
if (buffer == NULL) {
544550
goto err;
545551
}
@@ -555,7 +561,7 @@ gss_export_name(OM_uint32 *minor_status,
555561
len = WideCharToMultiByte(CP_UTF8, 0, fullname, len,
556562
buffer+10+mechLen, len, NULL, NULL);
557563
if (len == 0) {
558-
delete[] buffer;
564+
free(buffer);
559565
goto err;
560566
}
561567
exported_name->length = 10 + mechLen + len;
@@ -580,13 +586,13 @@ gss_display_name(OM_uint32 *minor_status,
580586

581587
SEC_WCHAR* names = input_name->name;
582588
int len = (int)wcslen(names);
583-
char* buffer = new char[4*len+1];
589+
char* buffer = (char*) malloc(4*len+1);
584590
if (buffer == NULL) {
585591
return GSS_S_FAILURE;
586592
}
587593
len = WideCharToMultiByte(CP_UTF8, 0, names, len, buffer, 4*len, NULL, NULL);
588594
if (len == 0) {
589-
delete[] buffer;
595+
free(buffer);
590596
return GSS_S_FAILURE;
591597
}
592598
buffer[len] = 0;
@@ -802,6 +808,7 @@ gss_inquire_cred(OM_uint32 *minor_status,
802808
}
803809
SEC_WCHAR* names = new SEC_WCHAR[lstrlen(snames.sUserName) + 1];
804810
if (names == NULL) {
811+
FreeContextBuffer(snames.sUserName);
805812
return GSS_S_FAILURE;
806813
}
807814
StringCchCopy(names, lstrlen(snames.sUserName) + 1, snames.sUserName);
@@ -990,7 +997,7 @@ gss_init_sec_context(OM_uint32 *minor_status,
990997
output_token->length = outSecBuff.cbBuffer;
991998
if (outSecBuff.cbBuffer) {
992999
// No idea how user would free the data. Let's duplicate one.
993-
output_token->value = new char[outSecBuff.cbBuffer];
1000+
output_token->value = malloc(outSecBuff.cbBuffer);
9941001
if (!output_token->value) {
9951002
FreeContextBuffer(outSecBuff.pvBuffer);
9961003
goto err;
@@ -1012,13 +1019,13 @@ gss_init_sec_context(OM_uint32 *minor_status,
10121019
return GSS_S_COMPLETE;
10131020
}
10141021
err:
1015-
if (newCred) {
1016-
delete newCred;
1017-
}
10181022
if (firstTime) {
10191023
OM_uint32 dummy;
10201024
gss_delete_sec_context(&dummy, context_handle, GSS_C_NO_BUFFER);
10211025
}
1026+
if (newCred) {
1027+
delete newCred;
1028+
}
10221029
if (output_token->value) {
10231030
gss_release_buffer(NULL, output_token);
10241031
}
@@ -1241,7 +1248,7 @@ gss_get_mic(OM_uint32 *minor_status,
12411248

12421249
secBuff[1].BufferType = SECBUFFER_TOKEN;
12431250
secBuff[1].cbBuffer = context_handle->SecPkgContextSizes.cbMaxSignature;
1244-
secBuff[1].pvBuffer = msg_token->value = new char[secBuff[1].cbBuffer];
1251+
secBuff[1].pvBuffer = msg_token->value = malloc(secBuff[1].cbBuffer);
12451252

12461253
if (!secBuff[1].pvBuffer) {
12471254
goto err;
@@ -1260,7 +1267,7 @@ gss_get_mic(OM_uint32 *minor_status,
12601267
msg_token->length = 0;
12611268
msg_token->value = NULL;
12621269
if (secBuff[1].pvBuffer) {
1263-
delete[] secBuff[1].pvBuffer;
1270+
free(secBuff[1].pvBuffer);
12641271
}
12651272
return GSS_S_FAILURE;
12661273
}
@@ -1324,19 +1331,19 @@ gss_wrap(OM_uint32 *minor_status,
13241331

13251332
SECURITY_STATUS ss;
13261333
SecBufferDesc buffDesc;
1327-
SecBuffer secBuff[3];
1334+
SecBuffer secBuff[3] = {0};
13281335

13291336
buffDesc.ulVersion = SECBUFFER_VERSION;
13301337
buffDesc.cBuffers = 3;
13311338
buffDesc.pBuffers = secBuff;
13321339

13331340
secBuff[0].BufferType = SECBUFFER_TOKEN;
13341341
secBuff[0].cbBuffer = context_handle->SecPkgContextSizes.cbSecurityTrailer;
1335-
output_message_buffer->value = secBuff[0].pvBuffer = malloc(
1342+
secBuff[0].pvBuffer = malloc(
13361343
context_handle->SecPkgContextSizes.cbSecurityTrailer
13371344
+ input_message_buffer->length
13381345
+ context_handle->SecPkgContextSizes.cbBlockSize);;
1339-
if (!output_message_buffer->value) {
1346+
if (!secBuff[0].pvBuffer) {
13401347
goto err;
13411348
}
13421349

@@ -1376,8 +1383,10 @@ gss_wrap(OM_uint32 *minor_status,
13761383
secBuff[2].pvBuffer,
13771384
secBuff[2].cbBuffer);
13781385

1386+
output_message_buffer->value = secBuff[0].pvBuffer;
13791387
output_message_buffer->length = secBuff[0].cbBuffer + secBuff[1].cbBuffer
13801388
+ secBuff[2].cbBuffer;
1389+
13811390
free(secBuff[1].pvBuffer);
13821391
free(secBuff[2].pvBuffer);
13831392

@@ -1413,7 +1422,7 @@ gss_unwrap(OM_uint32 *minor_status,
14131422

14141423
SECURITY_STATUS ss;
14151424
SecBufferDesc buffDesc;
1416-
SecBuffer secBuff[2];
1425+
SecBuffer secBuff[2] = {0};
14171426
ULONG ulQop = 0;
14181427

14191428
buffDesc.cBuffers = 2;
@@ -1445,7 +1454,7 @@ gss_unwrap(OM_uint32 *minor_status,
14451454

14461455
// Must allocate a new memory block so client can release it correctly
14471456
output_message_buffer->length = secBuff[1].cbBuffer;
1448-
output_message_buffer->value = new char[secBuff[1].cbBuffer];
1457+
output_message_buffer->value = malloc(secBuff[1].cbBuffer);
14491458

14501459
if (!output_message_buffer->value) {
14511460
goto err;
@@ -1595,7 +1604,7 @@ gss_display_status(OM_uint32 *minor_status,
15951604
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
15961605
msg, 256, 0);
15971606
if (len > 0) {
1598-
status_string->value = new char[len + 20];
1607+
status_string->value = malloc(len + 20);
15991608
if (!status_string->value) {
16001609
status_string = GSS_C_NO_BUFFER;
16011610
return GSS_S_FAILURE;
@@ -1604,7 +1613,7 @@ gss_display_status(OM_uint32 *minor_status,
16041613
(LPSTR)status_string->value, len + 19,
16051614
"(%lx) %ls", status_value, msg);
16061615
} else {
1607-
status_string->value = new char[33];
1616+
status_string->value = malloc(33);
16081617
if (!status_string->value) {
16091618
status_string = GSS_C_NO_BUFFER;
16101619
return GSS_S_FAILURE;
@@ -1662,7 +1671,7 @@ gss_release_buffer(OM_uint32 *minor_status,
16621671
return GSS_S_COMPLETE;
16631672
}
16641673
if (buffer->value) {
1665-
delete[] buffer->value;
1674+
free(buffer->value);
16661675
buffer->value = NULL;
16671676
}
16681677
buffer->length = 0;

0 commit comments

Comments
 (0)