[Spice-devel] [PATCH spice-server 03/11] reds: Remove possible leak during SASL authentication
Uri Lublin
uril at redhat.com
Wed Dec 13 22:07:40 UTC 2017
On 12/11/2017 12:28 PM, Frediano Ziglio wrote:
> We need to free the connection if the mechanism name is wrong
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
Acked-by: Uri Lublin <uril at redhat.com>
Looking at reds_handle_auth_mechname() and reds_handle_auth_mechlen(),
one is calling reds_link_free the other reds_send_link_error.
This patch fixes one of them.
Uri.
> ---
> server/reds.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/server/reds.c b/server/reds.c
> index e7b95980..384ebc58 100644
> --- a/server/reds.c
> +++ b/server/reds.c
> @@ -2202,6 +2202,7 @@ static void reds_handle_auth_mechname(void *opaque)
>
> if (!red_sasl_handle_auth_mechname(link->stream, reds_handle_auth_startlen, link)) {
> reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
> + reds_link_free(link);
> }
> }
>
>
More information about the Spice-devel
mailing list