Fix leaks in certificate and identity handling
This commit is contained in:
parent
e8d194c743
commit
2e87d0ee52
@ -99,10 +99,23 @@ static SECURITY_STATUS nla_decrypt_public_key_echo(rdpNla* nla);
|
||||
static SECURITY_STATUS nla_encrypt_ts_credentials(rdpNla* nla);
|
||||
static SECURITY_STATUS nla_decrypt_ts_credentials(rdpNla* nla);
|
||||
static BOOL nla_read_ts_password_creds(rdpNla* nla, wStream* s);
|
||||
static void nla_identity_free(SEC_WINNT_AUTH_IDENTITY* identity);
|
||||
|
||||
#define ber_sizeof_sequence_octet_string(length) ber_sizeof_contextual_tag(ber_sizeof_octet_string(length)) + ber_sizeof_octet_string(length)
|
||||
#define ber_write_sequence_octet_string(stream, context, value, length) ber_write_contextual_tag(stream, context, ber_sizeof_octet_string(length), TRUE) + ber_write_octet_string(stream, value, length)
|
||||
|
||||
void nla_identity_free(SEC_WINNT_AUTH_IDENTITY* identity)
|
||||
{
|
||||
if (identity)
|
||||
{
|
||||
free(identity->User);
|
||||
free(identity->Domain);
|
||||
free(identity->Password);
|
||||
}
|
||||
free(identity);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize NTLMSSP authentication module (client).
|
||||
* @param credssp
|
||||
@ -156,7 +169,7 @@ int nla_client_init(rdpNla* nla)
|
||||
|
||||
if (!settings->Username)
|
||||
{
|
||||
free (nla->identity);
|
||||
nla_identity_free(nla->identity);
|
||||
nla->identity = NULL;
|
||||
}
|
||||
else
|
||||
@ -1561,13 +1574,6 @@ void nla_free(rdpNla* nla)
|
||||
sspi_SecBufferFree(&nla->tsCredentials);
|
||||
|
||||
free(nla->ServicePrincipalName);
|
||||
if (nla->identity)
|
||||
{
|
||||
free(nla->identity->User);
|
||||
free(nla->identity->Domain);
|
||||
free(nla->identity->Password);
|
||||
}
|
||||
free(nla->identity);
|
||||
|
||||
nla_identity_free(nla->identity);
|
||||
free(nla);
|
||||
}
|
||||
|
@ -543,6 +543,7 @@ void certificate_store_free(rdpCertificateStore* certstore)
|
||||
{
|
||||
free(certstore->path);
|
||||
free(certstore->file);
|
||||
free(certstore->legacy_file);
|
||||
free(certstore);
|
||||
}
|
||||
}
|
||||
|
@ -1089,6 +1089,7 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int por
|
||||
/* verify certificate name match */
|
||||
certificate_data = crypto_get_certificate_data(cert->px509, hostname, port);
|
||||
|
||||
|
||||
/* extra common name and alternative names */
|
||||
common_name = crypto_cert_subject_common_name(cert->px509, &common_name_length);
|
||||
alt_names = crypto_cert_subject_alt_name(cert->px509, &alt_names_count, &alt_names_lengths);
|
||||
@ -1222,12 +1223,7 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int por
|
||||
free(fingerprint);
|
||||
}
|
||||
|
||||
if (certificate_data)
|
||||
{
|
||||
free(certificate_data->fingerprint);
|
||||
free(certificate_data->hostname);
|
||||
free(certificate_data);
|
||||
}
|
||||
certificate_data_free(certificate_data);
|
||||
|
||||
#ifndef _WIN32
|
||||
free(common_name);
|
||||
|
Loading…
Reference in New Issue
Block a user