diff options
author | Ladar Levison <ladar@lavabit.com> | 2017-03-28 22:35:21 +0300 |
---|---|---|
committer | Ladar Levison <ladar@lavabit.com> | 2017-03-28 22:35:21 +0300 |
commit | 45eff34513586e2de101373a37aebc97eb929504 (patch) | |
tree | f35683beca383d188821c5034d23ae2c5325719a | |
parent | 8bf53f1232921ce9da404b59586659facc363983 (diff) |
Fixed a memory leak in the auth plain function.
-rw-r--r-- | src/servers/smtp/smtp.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/servers/smtp/smtp.c b/src/servers/smtp/smtp.c index c36c7c0f..b06ce564 100644 --- a/src/servers/smtp/smtp.c +++ b/src/servers/smtp/smtp.c @@ -290,27 +290,27 @@ void smtp_auth_plain(connection_t *con) { // Make sure we were able to decode something. if (!decoded || !st_length_get(decoded)) { - st_cleanup(decoded); con_write_bl(con, "501 INVALID AUTH SYNTAX\r\n", 25); + st_cleanup(decoded); return; } // Fetch the different components. if (tok_get_st(decoded, '\0', 0, &authorize_id) || tok_get_st(decoded, '\0', 1, &username) || tok_get_st(decoded, '\0', 2, &password) != 1) { - st_free(decoded); con_write_bl(con, "501 INVALID AUTH SYNTAX\r\n", 25); + st_free(decoded); return; } // If for some reason the username field is NULL, but the authorize-id isn't, try that instead. We really don't need this. - if (st_empty(&username) && !st_empty(&authorize_id)) { + if (st_empty(&username) && st_populated(&authorize_id)) { mm_copy(&username, &authorize_id, sizeof(placer_t)); } // Error check. if (st_empty(&username) || st_empty(&password)) { - st_free(decoded); con_write_bl(con, "501 INVALID AUTH SYNTAX\r\n", 25); + st_free(decoded); return; } @@ -328,6 +328,7 @@ void smtp_auth_plain(connection_t *con) { st_length_int(&username), st_char_get(&username)); con->protocol.violations++; + st_free(decoded); return; } @@ -349,6 +350,7 @@ void smtp_auth_plain(connection_t *con) { con_write_bl(con, "535 AUTHENTICATION FAILURE - INVALID USERNAME AND PASSWORD COMBINATION\r\n", 72); } + st_free(decoded); auth_free(auth); return; } @@ -359,6 +361,7 @@ void smtp_auth_plain(connection_t *con) { // If we made it this far then the connection is authenticated. smtp_add_outbound(con, outbound); smtp_session_reset(con); + st_free(decoded); auth_free(auth); // Adjust the connection object accordingly. |