summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorPatrick Okraku <patrick@okraku.com>2023-11-06 15:04:15 +0100
committerPatrick <tingping@tingping.se>2024-01-04 16:17:14 -0600
commitc82ad321713dbbe77ff861dc2fa29954c214000c (patch)
tree1fc908a41f2b3235af42edb2aa5d01ef1498104e
parent9b76b557ecaece2a5fa862ea4dc75ed613e3fbf0 (diff)
SASL SCRAM: Apply changes from code review
-rw-r--r--src/common/inbound.c2
-rw-r--r--src/common/scram.c14
-rw-r--r--src/common/scram.h2
3 files changed, 14 insertions, 4 deletions
diff --git a/src/common/inbound.c b/src/common/inbound.c
index 9b38f7c7..e8cfd0b5 100644
--- a/src/common/inbound.c
+++ b/src/common/inbound.c
@@ -1985,7 +1985,7 @@ scram_authenticate (server *serv, const char *data, const char *digest,
 
 	if (serv->scram_session == NULL)
 	{
-		serv->scram_session = scram_create_session (digest, user, password);
+		serv->scram_session = scram_session_create (digest, user, password);
 
 		if (serv->scram_session == NULL)
 		{
diff --git a/src/common/scram.c b/src/common/scram.c
index 529abd5d..b9f2beb0 100644
--- a/src/common/scram.c
+++ b/src/common/scram.c
@@ -35,7 +35,7 @@
 #endif
 
 scram_session
-*scram_create_session (const char *digest, const char *username, const char *password)
+*scram_session_create (const char *digest, const char *username, const char *password)
 {
 	scram_session *session;
 	const EVP_MD *md;
@@ -162,10 +162,12 @@ process_server_first (scram_session *session, const char *data, char **output,
 	{
 		if (!strncmp (params[i], "r=", 2))
 		{
+			g_free (server_nonce_b64);
 			server_nonce_b64 = g_strdup (params[i] + 2);
 		}
 		else if (!strncmp (params[i], "s=", 2))
 		{
+			g_free (salt);
 			salt = g_strdup (params[i] + 2);
 		}
 		else if (!strncmp (params[i], "i=", 2))
@@ -180,6 +182,8 @@ process_server_first (scram_session *session, const char *data, char **output,
 		*salt == '\0' || iteration_count == 0)
 	{
 		session->error = g_strdup_printf ("Invalid server-first-message: %s", data);
+		g_free (server_nonce_b64);
+		g_free (salt);
 		return SCRAM_ERROR;
 	}
 
@@ -219,6 +223,10 @@ process_server_first (scram_session *session, const char *data, char **output,
 	// StoredKey := H(ClientKey)
 	if (!create_SHA (session, client_key, session->digest_size, stored_key, &stored_key_len))
 	{
+		g_free (client_final_message_without_proof);
+		g_free (server_nonce_b64);
+		g_free (salt);
+		g_free (client_key);
 		return SCRAM_ERROR;
 	}
 
@@ -241,10 +249,12 @@ process_server_first (scram_session *session, const char *data, char **output,
 	*output_len = strlen (*output);
 
 	g_free (server_nonce_b64);
-	g_free (client_final_message_without_proof);
 	g_free (salt);
+	g_free (client_final_message_without_proof);
+	g_free (client_key);
 	g_free (client_signature);
 	g_free (client_proof);
+	g_free (client_proof_b64);
 
 	session->step++;
 	return SCRAM_IN_PROGRESS;
diff --git a/src/common/scram.h b/src/common/scram.h
index d8f1429c..68672448 100644
--- a/src/common/scram.h
+++ b/src/common/scram.h
@@ -43,7 +43,7 @@ typedef enum
 	SCRAM_SUCCESS
 } scram_status;
 
-scram_session *scram_create_session (const char *digset, const char *username, const char *password);
+scram_session *scram_session_create (const char *digset, const char *username, const char *password);
 void scram_free_session (scram_session *session);
 scram_status scram_process (scram_session *session, const char *input, char **output, size_t *output_len);