From c82ad321713dbbe77ff861dc2fa29954c214000c Mon Sep 17 00:00:00 2001 From: Patrick Okraku Date: Mon, 6 Nov 2023 15:04:15 +0100 Subject: SASL SCRAM: Apply changes from code review --- src/common/inbound.c | 2 +- src/common/scram.c | 14 ++++++++++++-- src/common/scram.h | 2 +- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/common/inbound.c b/src/common/inbound.c index 9b38f7c7..e8cfd0b5 100644 --- a/src/common/inbound.c +++ b/src/common/inbound.c @@ -1985,7 +1985,7 @@ scram_authenticate (server *serv, const char *data, const char *digest, if (serv->scram_session == NULL) { - serv->scram_session = scram_create_session (digest, user, password); + serv->scram_session = scram_session_create (digest, user, password); if (serv->scram_session == NULL) { diff --git a/src/common/scram.c b/src/common/scram.c index 529abd5d..b9f2beb0 100644 --- a/src/common/scram.c +++ b/src/common/scram.c @@ -35,7 +35,7 @@ #endif scram_session -*scram_create_session (const char *digest, const char *username, const char *password) +*scram_session_create (const char *digest, const char *username, const char *password) { scram_session *session; const EVP_MD *md; @@ -162,10 +162,12 @@ process_server_first (scram_session *session, const char *data, char **output, { if (!strncmp (params[i], "r=", 2)) { + g_free (server_nonce_b64); server_nonce_b64 = g_strdup (params[i] + 2); } else if (!strncmp (params[i], "s=", 2)) { + g_free (salt); salt = g_strdup (params[i] + 2); } else if (!strncmp (params[i], "i=", 2)) @@ -180,6 +182,8 @@ process_server_first (scram_session *session, const char *data, char **output, *salt == '\0' || iteration_count == 0) { session->error = g_strdup_printf ("Invalid server-first-message: %s", data); + g_free (server_nonce_b64); + g_free (salt); return SCRAM_ERROR; } @@ -219,6 +223,10 @@ process_server_first (scram_session *session, const char *data, char **output, // StoredKey := H(ClientKey) if (!create_SHA (session, client_key, session->digest_size, stored_key, &stored_key_len)) { + g_free (client_final_message_without_proof); + g_free (server_nonce_b64); + g_free (salt); + g_free (client_key); return SCRAM_ERROR; } @@ -241,10 +249,12 @@ process_server_first (scram_session *session, const char *data, char **output, *output_len = strlen (*output); g_free (server_nonce_b64); - g_free (client_final_message_without_proof); g_free (salt); + g_free (client_final_message_without_proof); + g_free (client_key); g_free (client_signature); g_free (client_proof); + g_free (client_proof_b64); session->step++; return SCRAM_IN_PROGRESS; diff --git a/src/common/scram.h b/src/common/scram.h index d8f1429c..68672448 100644 --- a/src/common/scram.h +++ b/src/common/scram.h @@ -43,7 +43,7 @@ typedef enum SCRAM_SUCCESS } scram_status; -scram_session *scram_create_session (const char *digset, const char *username, const char *password); +scram_session *scram_session_create (const char *digset, const char *username, const char *password); void scram_free_session (scram_session *session); scram_status scram_process (scram_session *session, const char *input, char **output, size_t *output_len); -- cgit 1.4.1