aboutsummaryrefslogtreecommitdiff
path: root/src/gssapi.c
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2013-07-14 14:45:26 +0200
committerAndreas Schneider <asn@cryptomilk.org>2013-07-14 15:02:05 +0200
commit0138c9fd59a3fdf63791db6dd65aa2ff2abcb176 (patch)
treeddfb807ebf8cb1e3f4d9f636391ed0f3c8ff52fd /src/gssapi.c
parent831ed08a56060a5cb0008f7bea0339b3aa3adfe1 (diff)
downloadlibssh-0138c9fd59a3fdf63791db6dd65aa2ff2abcb176.tar.gz
libssh-0138c9fd59a3fdf63791db6dd65aa2ff2abcb176.tar.xz
libssh-0138c9fd59a3fdf63791db6dd65aa2ff2abcb176.zip
gssapi: Refactor ssh_gssapi_send_mic() to not leak memory.
CID #0
Diffstat (limited to 'src/gssapi.c')
-rw-r--r--src/gssapi.c24
1 files changed, 21 insertions, 3 deletions
diff --git a/src/gssapi.c b/src/gssapi.c
index e5040c3d..09fb2d5b 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -827,6 +827,7 @@ static int ssh_gssapi_send_mic(ssh_session session){
gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
gss_buffer_desc mic_token_buf = GSS_C_EMPTY_BUFFER;
ssh_buffer mic_buffer;
+ int rc;
SSH_LOG(SSH_LOG_PACKET,"Sending SSH_MSG_USERAUTH_GSSAPI_MIC");
@@ -840,14 +841,31 @@ static int ssh_gssapi_send_mic(ssh_session session){
maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT, &mic_buf, &mic_token_buf);
if (GSS_ERROR(maj_stat)){
+ ssh_buffer_free(mic_buffer);
ssh_gssapi_log_error(0, "generating MIC", maj_stat);
return SSH_ERROR;
}
- buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_GSSAPI_MIC);
- buffer_add_u32(session->out_buffer, htonl(mic_token_buf.length));
- buffer_add_data(session->out_buffer, mic_token_buf.value, mic_token_buf.length);
+ rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_GSSAPI_MIC);
+ if (rc < 0) {
+ ssh_buffer_free(mic_buffer);
+ ssh_set_error_oom(session);
+ return SSH_ERROR;
+ }
+
+ rc = buffer_add_u32(session->out_buffer, htonl(mic_token_buf.length));
+ if (rc < 0) {
+ ssh_buffer_free(mic_buffer);
+ ssh_set_error_oom(session);
+ return SSH_ERROR;
+ }
+
+ rc = buffer_add_data(session->out_buffer, mic_token_buf.value, mic_token_buf.length);
ssh_buffer_free(mic_buffer);
+ if (rc < 0) {
+ ssh_set_error_oom(session);
+ return SSH_ERROR;
+ }
return packet_send(session);
}