[tpop3d-discuss][PATCH] memleaks in auth_mysql.c

Martin Blapp mb at imp.ch
Tue, 7 Nov 2006 13:11:52 +0100 (CET) 

Hi,

There are 4 possible places where we can leak memory there and just
goto fail directly without calling the needed mysql_free_result. Can
you apply this patch to the cvs version ?

Thank you !

Martin

--- auth_mysql.c	Tue Nov  7 11:49:20 2006
+++ auth_mysql.c	Tue Nov  7 11:50:32 2006
@@ -285,6 +285,7 @@
   * Attempt to authenticate a user via APOP, using the template SELECT query in
   * the config file or the default defined above otherwise. */
  authcontext auth_mysql_new_apop(const char *name, const char *local_part, const char *domain, const char *timestamp, const unsigned char *digest, const char *clienthost /* unused */, const char *serverhost) {
+    MYSQL_RES *result = NULL;
      char *query = NULL;
      authcontext a = NULL;
      char *who;
@@ -306,7 +307,6 @@
          log_print(LOG_DEBUG, _("auth_mysql_new_apop: SQL query: %s"), query);

      if (mysql_query(mysql, query) == 0) {
-        MYSQL_RES *result;
          int i;

          result = mysql_store_result(mysql);
@@ -371,13 +371,12 @@
              break;
          }

-        mysql_free_result(result);
-
      } else
          log_print(LOG_ERR, "auth_mysql_new_apop: mysql_query: %s", mysql_error(mysql));

  fail:
      if (query) xfree(query);
+    if (result) mysql_free_result(result);

      return a;
  }
@@ -386,6 +385,7 @@
   * Attempt to authenticate a user via USER/PASS, using the template SELECT
   * query in the config file or the default defined above otherwise. */
  authcontext auth_mysql_new_user_pass(const char *user, const char *local_part, const char *domain, const char *pass, const char *clienthost /* unused */, const char *serverhost) {
+    MYSQL_RES *result = NULL;
      char *query = NULL, *who;
      authcontext a = NULL;

@@ -406,7 +406,6 @@
          log_print(LOG_DEBUG, _("auth_mysql_new_user_pass: SQL query: %s"), query);

      if (mysql_query(mysql, query) == 0) {
-        MYSQL_RES *result;
          int i;

          result = mysql_store_result(mysql);
@@ -488,12 +487,12 @@
              break;
          }

-        mysql_free_result(result);
      } else
          log_print(LOG_ERR, "auth_mysql_new_user_pass: mysql_query: %s", mysql_error(mysql));

  fail:
-    xfree(query);
+    if (query) xfree(query);
+    if (result) mysql_free_result(result);

      return a;
  }


Martin Blapp, <mb@imp.ch> <mbr@FreeBSD.org>
------------------------------------------------------------------
ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH
Phone: +41 61 826 93 00 Fax: +41 61 826 93 01
PGP: <finger -l mbr@freebsd.org>
PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E
------------------------------------------------------------------