rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-20 01:52:17 +01:00
Code Issues Projects Releases Wiki Activity

authorize_user_token_ldap: Don't leak memory on failures.

Browse Source
This commit is contained in:
Fredrik Thulin 2011-03-03 12:48:43 +01:00
parent 0bb1630abf
commit a9ef97ea4c
1 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
pam_yubico.c
View File

@ -222,14 +222,16 @@ authorize_user_token_ldap (const char *ldap_uri,
int retval = 0; int retval = 0;
int protocol; int protocol;
#ifdef HAVE_LIBLDAP #ifdef HAVE_LIBLDAP
LDAP *ld; LDAP *ld = NULL;
LDAPMessage *result, *e; LDAPMessage *result = NULL, *e;
BerElement *ber; BerElement *ber;
char *a; char *a;
struct berval **vals; struct berval **vals;
int i, rc; int i, rc;
char *find = NULL, *sr = NULL;
if (user_attr == NULL) { if (user_attr == NULL) {
D (("Trying to look up user to YubiKey mapping in LDAP, but user_attr not set!")); D (("Trying to look up user to YubiKey mapping in LDAP, but user_attr not set!"));
return 0; return 0;
@ -244,8 +246,8 @@ authorize_user_token_ldap (const char *ldap_uri,
} }
/* Allocation of memory for search strings depending on input size */ /* Allocation of memory for search strings depending on input size */
char *find = malloc((strlen(user_attr)+strlen(ldapdn)+strlen(user)+3)*sizeof(char)); find = malloc((strlen(user_attr)+strlen(ldapdn)+strlen(user)+3)*sizeof(char));
char *sr = malloc((strlen(yubi_attr)+5)*sizeof(char)); sr = malloc((strlen(yubi_attr)+5)*sizeof(char));
sprintf (find, "%s=%s,%s", user_attr, user, ldapdn); sprintf (find, "%s=%s,%s", user_attr, user, ldapdn);
sprintf (sr, "(%s=*)", yubi_attr); sprintf (sr, "(%s=*)", yubi_attr);
@ -260,7 +262,8 @@ authorize_user_token_ldap (const char *ldap_uri,
if (rc != LDAP_SUCCESS) if (rc != LDAP_SUCCESS)
{ {
D (("ldap_init: %s", ldap_err2string (rc))); D (("ldap_init: %s", ldap_err2string (rc)));
return 0; retval = 0;
goto done;
} }
} }
else else
@ -268,7 +271,8 @@ authorize_user_token_ldap (const char *ldap_uri,
if ((ld = ldap_init (ldapserver, PORT_NUMBER)) == NULL) if ((ld = ldap_init (ldapserver, PORT_NUMBER)) == NULL)
{ {
D (("ldap_init")); D (("ldap_init"));
return 0; retval = 0;
goto done;
} }
} }
@ -281,7 +285,8 @@ authorize_user_token_ldap (const char *ldap_uri,
if (rc != LDAP_SUCCESS) if (rc != LDAP_SUCCESS)
{ {
D (("ldap_simple_bind_s: %s", ldap_err2string (rc))); D (("ldap_simple_bind_s: %s", ldap_err2string (rc)));
return (0); retval = 0;
goto done;
} }
/* Search for the entry. */ /* Search for the entry. */
@ -294,7 +299,8 @@ authorize_user_token_ldap (const char *ldap_uri,
{ {
D (("ldap_search_ext_s: %s", ldap_err2string (rc))); D (("ldap_search_ext_s: %s", ldap_err2string (rc)));
return (0); retval = 0;
goto done;
} }
e = ldap_first_entry (ld, result); e = ldap_first_entry (ld, result);
@ -326,12 +332,17 @@ authorize_user_token_ldap (const char *ldap_uri,
} }
ldap_msgfree (result); done:
ldap_unbind (ld); if (result != NULL)
ldap_msgfree (result);
if (ld != NULL)
ldap_unbind (ld);
/* free memory allocated for search strings */ /* free memory allocated for search strings */
free(find); if (find != NULL)
free(sr); free(find);
if (sr != NULL)
free(sr);
#else #else
D (("Trying to use LDAP, but this function is not compiled in pam_yubico!!")); D (("Trying to use LDAP, but this function is not compiled in pam_yubico!!"));