SASL SCRAM: Apply changes from code review

2024-11-08 12:12:39 +01:00 · 2023-11-06 15:04:15 +01:00 · 2023-11-06 15:04:15 +01:00 · c82ad32171
commit c82ad32171
parent 9b76b557ec
3 changed files with 14 additions and 4 deletions
--- a/src/common/inbound.c
+++ b/src/common/inbound.c
@ -1985,7 +1985,7 @@ scram_authenticate (server *serv, const char *data, const char *digest,

 	if (serv->scram_session == NULL)
 	{
-		serv->scram_session = scram_create_session (digest, user, password);
+		serv->scram_session = scram_session_create (digest, user, password);

 		if (serv->scram_session == NULL)
 		{
--- a/src/common/scram.c
+++ b/src/common/scram.c
@ -35,7 +35,7 @@
 #endif

 scram_session
-*scram_create_session (const char *digest, const char *username, const char *password)
+*scram_session_create (const char *digest, const char *username, const char *password)
 {
 	scram_session *session;
 	const EVP_MD *md;
@ -162,10 +162,12 @@ process_server_first (scram_session *session, const char *data, char **output,
 	{
 		if (!strncmp (params[i], "r=", 2))
 		{
+			g_free (server_nonce_b64);
 			server_nonce_b64 = g_strdup (params[i] + 2);
 		}
 		else if (!strncmp (params[i], "s=", 2))
 		{
+			g_free (salt);
 			salt = g_strdup (params[i] + 2);
 		}
 		else if (!strncmp (params[i], "i=", 2))
@ -180,6 +182,8 @@ process_server_first (scram_session *session, const char *data, char **output,
 		*salt == '\0' || iteration_count == 0)
 	{
 		session->error = g_strdup_printf ("Invalid server-first-message: %s", data);
+		g_free (server_nonce_b64);
+		g_free (salt);
 		return SCRAM_ERROR;
 	}

@ -219,6 +223,10 @@ process_server_first (scram_session *session, const char *data, char **output,
 	// StoredKey := H(ClientKey)
 	if (!create_SHA (session, client_key, session->digest_size, stored_key, &stored_key_len))
 	{
+		g_free (client_final_message_without_proof);
+		g_free (server_nonce_b64);
+		g_free (salt);
+		g_free (client_key);
 		return SCRAM_ERROR;
 	}

@ -241,10 +249,12 @@ process_server_first (scram_session *session, const char *data, char **output,
 	*output_len = strlen (*output);

 	g_free (server_nonce_b64);
-	g_free (client_final_message_without_proof);
 	g_free (salt);
+	g_free (client_final_message_without_proof);
+	g_free (client_key);
 	g_free (client_signature);
 	g_free (client_proof);
+	g_free (client_proof_b64);

 	session->step++;
 	return SCRAM_IN_PROGRESS;
--- a/src/common/scram.h
+++ b/src/common/scram.h
@ -43,7 +43,7 @@ typedef enum
 	SCRAM_SUCCESS
 } scram_status;

-scram_session *scram_create_session (const char *digset, const char *username, const char *password);
+scram_session *scram_session_create (const char *digset, const char *username, const char *password);
 void scram_free_session (scram_session *session);
 scram_status scram_process (scram_session *session, const char *input, char **output, size_t *output_len);