From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 5 Aug 2013 08:43:38 +0000 (+0200)
Subject: libcli/auth: avoid possible mem leak in read_negTokenInit()
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=f1e60142e12deb560e3c62441fd9ff2acd086b60;p=obnox%2Fsamba%2Fsamba-obnox.git

libcli/auth: avoid possible mem leak in read_negTokenInit()

Also add error checks.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c
index 3bf7aeab627..2c73613e3b1 100644
--- a/libcli/auth/spnego_parse.c
+++ b/libcli/auth/spnego_parse.c
@@ -46,13 +46,24 @@ static bool read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
 			asn1_start_tag(asn1, ASN1_CONTEXT(0));
 			asn1_start_tag(asn1, ASN1_SEQUENCE(0));
 
-			token->mechTypes = talloc(NULL, const char *);
+			token->mechTypes = talloc(mem_ctx, const char *);
+			if (token->mechTypes == NULL) {
+				asn1->has_error = true;
+				return false;
+			}
 			for (i = 0; !asn1->has_error &&
 				     0 < asn1_tag_remaining(asn1); i++) {
 				char *oid;
-				token->mechTypes = talloc_realloc(NULL,
-								  token->mechTypes,
-								  const char *, i+2);
+				const char **p;
+				p = talloc_realloc(mem_ctx,
+						   token->mechTypes,
+						   const char *, i+2);
+				if (p == NULL) {
+					TALLOC_FREE(token->mechTypes);
+					asn1->has_error = true;
+					return false;
+				}
+				token->mechTypes = p;
 				asn1_read_OID(asn1, token->mechTypes, &oid);
 				token->mechTypes[i] = oid;
 			}