mirror of
https://github.com/curl/curl.git
synced 2026-04-14 22:21:41 +03:00
socks_gssapi: also reset buffer length after free
To mimic this behavior of the previously used `gss_release_buffer()`.
Some or all of these zero assignments may be redundant.
Follow-up to e7818999db #19018
Closes #19167
This commit is contained in:
Viktor Szakats
parent
18119eb916
commit
4f03e3fcbd
1 changed files with 12 additions and 1 deletions
|
|
@ -167,6 +167,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
|
|||
}
|
||||
|
||||
Curl_safefree(service.value);
|
||||
service.length = 0;
|
||||
|
||||
if(check_gss_err(data, gss_major_status,
|
||||
gss_minor_status, "gss_import_name()")) {
|
||||
|
|
@ -191,8 +192,10 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
|
|||
TRUE,
|
||||
&gss_ret_flags);
|
||||
|
||||
if(gss_token != GSS_C_NO_BUFFER)
|
||||
if(gss_token != GSS_C_NO_BUFFER) {
|
||||
Curl_safefree(gss_recv_token.value);
|
||||
gss_recv_token.length = 0;
|
||||
}
|
||||
if(check_gss_err(data, gss_major_status,
|
||||
gss_minor_status, "gss_init_sec_context") ||
|
||||
/* the size needs to fit in a 16 bit field */
|
||||
|
|
@ -293,6 +296,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
|
|||
failf(data, "Failed to receive GSS-API authentication token.");
|
||||
gss_release_name(&gss_status, &server);
|
||||
Curl_safefree(gss_recv_token.value);
|
||||
gss_recv_token.length = 0;
|
||||
Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
|
|
@ -403,12 +407,14 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
|
|||
|
||||
if(check_gss_err(data, gss_major_status, gss_minor_status, "gss_wrap")) {
|
||||
Curl_safefree(gss_send_token.value);
|
||||
gss_send_token.length = 0;
|
||||
gss_release_buffer(&gss_status, &gss_w_token);
|
||||
Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
|
||||
failf(data, "Failed to wrap GSS-API encryption value into token.");
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
Curl_safefree(gss_send_token.value);
|
||||
gss_send_token.length = 0;
|
||||
|
||||
us_length = htons((unsigned short)gss_w_token.length);
|
||||
memcpy(socksreq + 2, &us_length, sizeof(short));
|
||||
|
|
@ -482,6 +488,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
|
|||
if(result || (actualread != us_length)) {
|
||||
failf(data, "Failed to receive GSS-API encryption type.");
|
||||
Curl_safefree(gss_recv_token.value);
|
||||
gss_recv_token.length = 0;
|
||||
Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
|
|
@ -493,12 +500,14 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
|
|||
|
||||
if(check_gss_err(data, gss_major_status, gss_minor_status, "gss_unwrap")) {
|
||||
Curl_safefree(gss_recv_token.value);
|
||||
gss_recv_token.length = 0;
|
||||
gss_release_buffer(&gss_status, &gss_w_token);
|
||||
Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
|
||||
failf(data, "Failed to unwrap GSS-API encryption value into token.");
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
Curl_safefree(gss_recv_token.value);
|
||||
gss_recv_token.length = 0;
|
||||
|
||||
if(gss_w_token.length != 1) {
|
||||
failf(data, "Invalid GSS-API encryption response length (%zu).",
|
||||
|
|
@ -516,12 +525,14 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
|
|||
failf(data, "Invalid GSS-API encryption response length (%zu).",
|
||||
gss_recv_token.length);
|
||||
Curl_safefree(gss_recv_token.value);
|
||||
gss_recv_token.length = 0;
|
||||
Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
|
||||
memcpy(socksreq, gss_recv_token.value, gss_recv_token.length);
|
||||
Curl_safefree(gss_recv_token.value);
|
||||
gss_recv_token.length = 0;
|
||||
}
|
||||
|
||||
(void)curlx_nonblock(sock, TRUE);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue