Commit 7c6d3851 authored by Peter Wu's avatar Peter Wu

Fix memleaks of saslconn on error paths

If mutt_sasl_client_new returns an error, the callers would ignore the
allocated saslconn resource from sasl_client_new. Be sure to release
these with sasl_dispose as documented in sasl.h. Likewise, let callers
(POP/IMAP) dispose the resource on their error paths. SMTP was already
taken care of. Found with LeakSanitizer in IMAP.
parent 420226ce
Pipeline #34371956 passed with stages
in 15 minutes and 28 seconds
......@@ -62,8 +62,10 @@ imap_auth_res_t imap_auth_sasl (IMAP_DATA* idata, const char* method)
* 2. attempt sasl_client_start with only "AUTH=ANONYMOUS" capability
* 3. if sasl_client_start fails, fall through... */
if (mutt_account_getuser (&idata->conn->account))
if (mutt_account_getuser (&idata->conn->account)) {
sasl_dispose (&saslconn);
return IMAP_AUTH_FAILURE;
}
if (mutt_bit_isset (idata->capabilities, AUTH_ANON) &&
(!idata->conn->account.user[0] ||
......@@ -71,9 +73,11 @@ imap_auth_res_t imap_auth_sasl (IMAP_DATA* idata, const char* method)
rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, &pc, &olen,
&mech);
} else if (!ascii_strcasecmp ("login", method) &&
!strstr (NONULL (idata->capstr), "AUTH=LOGIN"))
!strstr (NONULL (idata->capstr), "AUTH=LOGIN")) {
/* do not use SASL login for regular IMAP login (#3556) */
sasl_dispose (&saslconn);
return IMAP_AUTH_UNAVAIL;
}
if (rc != SASL_OK && rc != SASL_CONTINUE)
do
......@@ -95,6 +99,7 @@ imap_auth_res_t imap_auth_sasl (IMAP_DATA* idata, const char* method)
dprint (1, (debugfile, "imap_auth_sasl: Failure starting authentication exchange. No shared mechanisms?\n"));
/* SASL doesn't support LOGIN, so fall back */
sasl_dispose (&saslconn);
return IMAP_AUTH_UNAVAIL;
}
......
......@@ -239,6 +239,7 @@ int mutt_sasl_client_new (CONNECTION* conn, sasl_conn_t** saslconn)
if (sasl_setprop (*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK)
{
mutt_error (_("Error setting SASL security properties"));
sasl_dispose (saslconn);
return -1;
}
......@@ -249,6 +250,7 @@ int mutt_sasl_client_new (CONNECTION* conn, sasl_conn_t** saslconn)
if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &(conn->ssf)) != SASL_OK)
{
mutt_error (_("Error setting SASL external security strength"));
sasl_dispose (saslconn);
return -1;
}
}
......@@ -258,6 +260,7 @@ int mutt_sasl_client_new (CONNECTION* conn, sasl_conn_t** saslconn)
if (sasl_setprop (*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) != SASL_OK)
{
mutt_error (_("Error setting SASL external user name"));
sasl_dispose (saslconn);
return -1;
}
}
......
......@@ -75,6 +75,7 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA *pop_data, const char *method)
dprint (1, (debugfile, "pop_auth_sasl: Failure starting authentication exchange. No shared mechanisms?\n"));
/* SASL doesn't support suggested mechanisms, so fall back */
sasl_dispose (&saslconn);
return POP_A_UNAVAIL;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment