* Fix some memory leaks reported by Valgrind.

5 files changed, 18 insertions, 5 deletions

diff --git a/imap/src/c-client/auth_bea.c b/imap/src/c-client/auth_bea.c
index e05a5007..d6dca992 100644
--- a/imap/src/c-client/auth_bea.c
+++ b/imap/src/c-client/auth_bea.c
@@ -155,5 +155,8 @@ long auth_oauthbearer_client (authchallenge_t challenger,authrespond_t responder
   if(oauth2.param[OA2_Id].value) fs_give((void **) &oauth2.param[OA2_Id].value);
   if(oauth2.param[OA2_Secret].value) fs_give((void **) &oauth2.param[OA2_Secret].value);
   if(oauth2.param[OA2_Tenant].value) fs_give((void **) &oauth2.param[OA2_Tenant].value);
+  if(oauth2.param[OA2_State].value) fs_give((void **) &oauth2.param[OA2_State].value);
+  if(oauth2.param[OA2_RefreshToken].value) fs_give((void **) &oauth2.param[OA2_RefreshToken].value);
+  if(oauth2.access_token) fs_give((void **) &oauth2.access_token);
   return ret;
 }
diff --git a/imap/src/c-client/auth_oa2.c b/imap/src/c-client/auth_oa2.c
index 7fb30542..2f52c4f2 100644
--- a/imap/src/c-client/auth_oa2.c
+++ b/imap/src/c-client/auth_oa2.c
@@ -174,5 +174,8 @@ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, cha
   if(oauth2.param[OA2_Id].value) fs_give((void **) &oauth2.param[OA2_Id].value);
   if(oauth2.param[OA2_Secret].value) fs_give((void **) &oauth2.param[OA2_Secret].value);
   if(oauth2.param[OA2_Tenant].value) fs_give((void **) &oauth2.param[OA2_Tenant].value);
+  if(oauth2.param[OA2_State].value) fs_give((void **) &oauth2.param[OA2_State].value);
+  if(oauth2.param[OA2_RefreshToken].value) fs_give((void **) &oauth2.param[OA2_RefreshToken].value);
+  if(oauth2.access_token) fs_give((void **) &oauth2.access_token);
   return ret;
 }
diff --git a/imap/src/c-client/mail.c b/imap/src/c-client/mail.c
index f3e14fe3..730201c2 100644
--- a/imap/src/c-client/mail.c
+++ b/imap/src/c-client/mail.c
@@ -1440,6 +1440,7 @@ MAILSTREAM *mail_close_full (MAILSTREAM *stream,long options)
     if (stream->dtb) (*stream->dtb->close) (stream,options);
     stream->dtb = NIL;		/* resign driver */
     if (stream->mailbox) fs_give ((void **) &stream->mailbox);
+    if (stream->auth.name) fs_give ((void **) &stream->auth.name);
     if (stream->original_mailbox)
       fs_give ((void **) &stream->original_mailbox);
     if (stream->snarf.name) fs_give ((void **) &stream->snarf.name);
diff --git a/imap/src/c-client/oauth2_aux.c b/imap/src/c-client/oauth2_aux.c
index 4ab538c7..5af94992 100644
--- a/imap/src/c-client/oauth2_aux.c
+++ b/imap/src/c-client/oauth2_aux.c
@@ -425,8 +425,7 @@ void renew_accesstoken(MAILSTREAM *stream)
     user[0] = '\0';
     mm_login_method (&mb, user, (void *) &oauth2, trial, stream->auth.name);
 
-    if(oauth2.param[OA2_State].value)
-      fs_give((void **) &oauth2.param[OA2_State].value);
+    oauth2.param[OA2_State].value = NIL; /* this is freed before we get here */
 
     if(stream->auth.expiration == 0){
        stream->auth.expiration = oauth2.expiration;
@@ -447,4 +446,7 @@ void renew_accesstoken(MAILSTREAM *stream)
     if(oauth2.param[OA2_Id].value) fs_give((void **) &oauth2.param[OA2_Id].value);
     if(oauth2.param[OA2_Secret].value) fs_give((void **) &oauth2.param[OA2_Secret].value);
     if(oauth2.param[OA2_Tenant].value) fs_give((void **) &oauth2.param[OA2_Tenant].value);
+    if(oauth2.param[OA2_State].value) fs_give((void **) &oauth2.param[OA2_State].value);
+    if(oauth2.param[OA2_RefreshToken].value) fs_give((void **) &oauth2.param[OA2_RefreshToken].value);
+    if(oauth2.access_token) fs_give((void **) &oauth2.access_token);
 }
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c
index b43842df..9d0124ff 100644
--- a/imap/src/osdep/unix/ssl_unix.c
+++ b/imap/src/osdep/unix/ssl_unix.c
@@ -468,16 +468,18 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
   if (SSL_write (stream->con,"",0) < 0)
     return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
 				/* need to validate host names? */
+  cert = SSL_get_peer_certificate (stream->con);
   if (!(flags & NET_NOVALIDATECERT) &&
-      (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
-				host))) {
+      (err = ssl_validate_cert (cert, host))) {
 				/* application callback */
     X509_NAME_oneline (X509_get_subject_name(cert), buf, sizeof(buf));
     if (scq) return (*scq) (err,host,cert ? buf : "???") ? NIL : "";
 				/* error message to return via mm_log() */
     sprintf (tmp,"*%.128s: %.255s",err,cert ? buf : "???");
+    X509_free(cert);
     return ssl_last_error = cpystr (tmp);
   }
+  X509_free(cert);
   return NIL;
 }
 
@@ -520,7 +522,7 @@ static char *ssl_validate_cert (X509 *cert,char *host)
 {
   int i,j,n, m = 0;
   char *s=NULL,*t,*ret = NIL;
-  void *ext;
+  void *ext = NIL;
   GENERAL_NAME *name;
   X509_NAME *cname;
   X509_NAME_ENTRY *e;
@@ -546,6 +548,7 @@ static char *ssl_validate_cert (X509 *cert,char *host)
 	 if ((name = sk_GENERAL_NAME_value (ext,i)) &&
 	    (name->type = GEN_DNS) && (s = name->d.ia5->data) &&
 	    ssl_compare_hostnames (host,s)) ret = NIL;
+     if(ext) GENERAL_NAMES_free(ext);
   }
 #endif /* OPENSSL_1_1_0 */
 				/* Method 2, use cname */
@@ -569,6 +572,7 @@ static char *ssl_validate_cert (X509 *cert,char *host)
 		  if ((name = sk_GENERAL_NAME_value (ext,i)) &&
 		     (name->type = GEN_DNS) && (s = name->d.ia5->data) &&
 		     ssl_compare_hostnames (host,s)) ret = NIL;
+	  if(ext) GENERAL_NAMES_free(ext);
         }
      }
   }