mirror of https://github.com/FreeRDP/FreeRDP
Merge pull request #2724 from bmiklautz/leak_fix
Fix leaks in certificate and identity handling
This commit is contained in:
commit
20878e50fe
|
@ -102,10 +102,35 @@ static SECURITY_STATUS nla_decrypt_public_key_echo(rdpNla* nla);
|
|||
static SECURITY_STATUS nla_encrypt_ts_credentials(rdpNla* nla);
|
||||
static SECURITY_STATUS nla_decrypt_ts_credentials(rdpNla* nla);
|
||||
static BOOL nla_read_ts_password_creds(rdpNla* nla, wStream* s);
|
||||
static void nla_identity_free(SEC_WINNT_AUTH_IDENTITY* identity);
|
||||
|
||||
#define ber_sizeof_sequence_octet_string(length) ber_sizeof_contextual_tag(ber_sizeof_octet_string(length)) + ber_sizeof_octet_string(length)
|
||||
#define ber_write_sequence_octet_string(stream, context, value, length) ber_write_contextual_tag(stream, context, ber_sizeof_octet_string(length), TRUE) + ber_write_octet_string(stream, value, length)
|
||||
|
||||
void nla_identity_free(SEC_WINNT_AUTH_IDENTITY* identity)
|
||||
{
|
||||
if (identity)
|
||||
{
|
||||
if (identity->User)
|
||||
{
|
||||
memset(identity->User, 0, identity->UserLength*2);
|
||||
free(identity->User);
|
||||
}
|
||||
if (identity->Password)
|
||||
{
|
||||
memset(identity->Password, 0, identity->PasswordLength*2);
|
||||
free(identity->Password);
|
||||
}
|
||||
if (identity->Domain)
|
||||
{
|
||||
memset(identity->Domain, 0, identity->DomainLength*2);
|
||||
free(identity->Domain);
|
||||
}
|
||||
}
|
||||
free(identity);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize NTLMSSP authentication module (client).
|
||||
* @param credssp
|
||||
|
@ -159,7 +184,7 @@ int nla_client_init(rdpNla* nla)
|
|||
|
||||
if (!settings->Username)
|
||||
{
|
||||
free (nla->identity);
|
||||
nla_identity_free(nla->identity);
|
||||
nla->identity = NULL;
|
||||
}
|
||||
else
|
||||
|
@ -1570,13 +1595,6 @@ void nla_free(rdpNla* nla)
|
|||
sspi_SecBufferFree(&nla->tsCredentials);
|
||||
|
||||
free(nla->ServicePrincipalName);
|
||||
if (nla->identity)
|
||||
{
|
||||
free(nla->identity->User);
|
||||
free(nla->identity->Domain);
|
||||
free(nla->identity->Password);
|
||||
}
|
||||
free(nla->identity);
|
||||
|
||||
nla_identity_free(nla->identity);
|
||||
free(nla);
|
||||
}
|
||||
|
|
|
@ -543,6 +543,7 @@ void certificate_store_free(rdpCertificateStore* certstore)
|
|||
{
|
||||
free(certstore->path);
|
||||
free(certstore->file);
|
||||
free(certstore->legacy_file);
|
||||
free(certstore);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1089,6 +1089,7 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int por
|
|||
/* verify certificate name match */
|
||||
certificate_data = crypto_get_certificate_data(cert->px509, hostname, port);
|
||||
|
||||
|
||||
/* extra common name and alternative names */
|
||||
common_name = crypto_cert_subject_common_name(cert->px509, &common_name_length);
|
||||
alt_names = crypto_cert_subject_alt_name(cert->px509, &alt_names_count, &alt_names_lengths);
|
||||
|
@ -1222,12 +1223,7 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int por
|
|||
free(fingerprint);
|
||||
}
|
||||
|
||||
if (certificate_data)
|
||||
{
|
||||
free(certificate_data->fingerprint);
|
||||
free(certificate_data->hostname);
|
||||
free(certificate_data);
|
||||
}
|
||||
certificate_data_free(certificate_data);
|
||||
|
||||
#ifndef _WIN32
|
||||
free(common_name);
|
||||
|
|
Loading…
Reference in New Issue