diff options
| author | Tomas Popela <tpopela@redhat.com> | 2016-03-01 15:58:20 +0100 |
|---|---|---|
| committer | Tomas Popela <tpopela@redhat.com> | 2016-03-01 15:58:20 +0100 |
| commit | 7b94d026e370177d171c0bfb7b730681d1239cdd (patch) | |
| tree | 7c69c187e41c95f7a3e19c372d680e10d8635e86 | |
| parent | bc7d459261a28a0d3f0d2608f4fdfbca42accc7a (diff) | |
| download | libsoup-7b94d026e370177d171c0bfb7b730681d1239cdd.tar.gz | |
soup-auth-negotiate: Don't leak the GSSAPI objects
| -rw-r--r-- | libsoup/soup-auth-negotiate.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/libsoup/soup-auth-negotiate.c b/libsoup/soup-auth-negotiate.c index 5dc67a38..e8d92bca 100644 --- a/libsoup/soup-auth-negotiate.c +++ b/libsoup/soup-auth-negotiate.c @@ -108,6 +108,15 @@ soup_auth_negotiate_create_connection_state (SoupConnectionAuth *auth) } static void +free_connection_state_data (SoupNegotiateConnectionState *conn) +{ +#ifdef LIBSOUP_HAVE_GSSAPI + soup_gss_client_cleanup (conn); +#endif /* LIBSOUP_HAVE_GSSAPI */ + g_free (conn->response_header); +} + +static void soup_auth_negotiate_free_connection_state (SoupConnectionAuth *auth, gpointer state) { @@ -115,10 +124,7 @@ soup_auth_negotiate_free_connection_state (SoupConnectionAuth *auth, SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (negotiate); SoupNegotiateConnectionState *conn = state; -#ifdef LIBSOUP_HAVE_GSSAPI - soup_gss_client_cleanup (conn); -#endif /* LIBSOUP_HAVE_GSSAPI */ - g_free (conn->response_header); + free_connection_state_data (conn); g_slice_free (SoupNegotiateConnectionState, conn); priv->conn_state = NULL; @@ -143,8 +149,10 @@ soup_auth_negotiate_update_connection (SoupConnectionAuth *auth, SoupMessage *ms if (strcmp (header, "Negotiate") == 0) { /* If we were already negotiating and we get a 401 * with no token, start again. */ - if (conn->state == SOUP_NEGOTIATE_SENT_RESPONSE) + if (conn->state == SOUP_NEGOTIATE_SENT_RESPONSE) { + free_connection_state_data (conn); conn->initialized = FALSE; + } conn->state = SOUP_NEGOTIATE_RECEIVED_CHALLENGE; if (soup_gss_build_response (conn, SOUP_AUTH (auth), &err)) { @@ -566,8 +574,11 @@ out: static void soup_gss_client_cleanup (SoupNegotiateConnectionState *conn) { - OM_uint32 min_stat; + OM_uint32 maj_stat, min_stat; gss_release_name (&min_stat, &conn->server_name); + maj_stat = gss_delete_sec_context (&min_stat, &conn->context, GSS_C_NO_BUFFER); + if (maj_stat != GSS_S_COMPLETE) + maj_stat = gss_delete_sec_context (&min_stat, &conn->context, GSS_C_NO_BUFFER); } #endif /* LIBSOUP_HAVE_GSSAPI */ |