From 5431d789f6a736924230ff3e51c14e0db441bdb6 Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sat, 28 Aug 2021 00:41:09 -0600 Subject: * Fix of more memory leaks and a crash due to incorrect freeing of memory, introduced in commit 8961761e0b3c7b3cc11a00f6ac6ebf7a29bc5a10 --- imap/src/c-client/auth_oa2.c | 13 +++++-------- imap/src/c-client/oauth2_aux.c | 26 ++++++++++++++++++-------- 2 files changed, 23 insertions(+), 16 deletions(-) (limited to 'imap/src/c-client') diff --git a/imap/src/c-client/auth_oa2.c b/imap/src/c-client/auth_oa2.c index 2f52c4f2..9081a1e3 100644 --- a/imap/src/c-client/auth_oa2.c +++ b/imap/src/c-client/auth_oa2.c @@ -25,7 +25,9 @@ AUTHENTICATOR auth_oa2 = { }; #define OAUTH2_USER "user=" +#define OAUTH2_USER_LEN (5) /* strlen(OAUTH2_USER) */ #define OAUTH2_BEARER "auth=Bearer " +#define OAUTH2_BEARER_LEN (12) /* strlen(OAUTH2_BEARER) */ /* Client authenticator * Accepts: challenger function @@ -142,8 +144,8 @@ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, cha ret = base ? NIL : LONGT; /* will get a BAD response back */ } else { - unsigned long rlen = strlen(OAUTH2_USER) + strlen(user) - + strlen(OAUTH2_BEARER) + strlen(oauth2.access_token) + 1 + 2; + unsigned long rlen = OAUTH2_USER_LEN + OAUTH2_BEARER_LEN + 2 + + strlen(user) + strlen(oauth2.access_token) + 1; char *response = (char *) fs_get (rlen + 1); sprintf(response, "%s%s\001%s%s\001\001", OAUTH2_USER, user, OAUTH2_BEARER, oauth2.access_token); if ((*responder) (stream,base,response,rlen)) { @@ -157,13 +159,8 @@ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, cha * Refresh Token has expired somehow, we invalidate it if we * reach *trial to 3. This forces the process to restart later on. */ - if(*trial == 3){ - if(oauth2.param[OA2_State].value) - fs_give((void **) &oauth2.param[OA2_State].value); - fs_give((void **) &oauth2.param[OA2_RefreshToken].value); - fs_give((void **) &oauth2.access_token); + if(*trial == 3) oauth2.expiration = 0L; - } } } fs_give ((void **) &response); diff --git a/imap/src/c-client/oauth2_aux.c b/imap/src/c-client/oauth2_aux.c index 5af94992..d2ad6ce6 100644 --- a/imap/src/c-client/oauth2_aux.c +++ b/imap/src/c-client/oauth2_aux.c @@ -143,6 +143,7 @@ mm_login_oauth2_c_client_method (NETMBX *mb, char *user, char *method, if(ogci && (x = (*ogci)(oauth2->name, user)) != NULL){ oauth2->param[OA2_Id].value = cpystr(x->client_id); oauth2->param[OA2_Secret].value = x->client_secret ? cpystr(x->client_secret) : NULL; + if(oauth2->param[OA2_Tenant].value) fs_give((void **) &oauth2->param[OA2_Tenant].value); oauth2->param[OA2_Tenant].value = x->tenant ? cpystr(x->tenant) : NULL; free_xoauth2_info(&x); } @@ -207,7 +208,9 @@ mm_login_oauth2_c_client_method (NETMBX *mb, char *user, char *method, case HTTP_UNAUTHORIZED: mm_log("Client not authorized (wrong client-id?)", ERROR); break; - case HTTP_OK: json_assign ((void **) &oauth2->access_token, json, "access_token", JString); + case HTTP_OK: if(oauth2->access_token) + fs_give((void **) &oauth2->access_token); + json_assign ((void **) &oauth2->access_token, json, "access_token", JString); if((jx = json_body_value(json, "expires_in")) != NULL) switch(jx->jtype){ case JString: oauth2->expiration = time(0) + atol((char *) jx->value); @@ -266,7 +269,11 @@ mm_login_oauth2_c_client_method (NETMBX *mb, char *user, char *method, JSON_S *jx; switch(status){ - case HTTP_OK : json_assign ((void **) &oauth2->param[OA2_RefreshToken].value, json, "refresh_token", JString); + case HTTP_OK : if(oauth2->param[OA2_RefreshToken].value) + fs_give((void **) &oauth2->param[OA2_RefreshToken].value); + json_assign ((void **) &oauth2->param[OA2_RefreshToken].value, json, "refresh_token", JString); + if(oauth2->access_token) + fs_give((void **) &oauth2->access_token); json_assign ((void **) &oauth2->access_token, json, "access_token", JString); if((jx = json_body_value(json, "expires_in")) != NULL) @@ -339,8 +346,12 @@ void oauth2deviceinfo_get_accesscode(void *inp, void *outp) break; - case HTTP_OK : json_assign ((void **) &oauth2->param[OA2_RefreshToken].value, json, "refresh_token", JString); - json_assign ((void **) &oauth2->access_token, json, "access_token", JString); + case HTTP_OK : if(oauth2->param[OA2_RefreshToken].value) + fs_give((void **) &oauth2->param[OA2_RefreshToken].value); + json_assign ((void **) &oauth2->param[OA2_RefreshToken].value, json, "refresh_token", JString); + if(oauth2->access_token) + fs_give((void **) &oauth2->access_token); + json_assign ((void **) &oauth2->access_token, json, "access_token", JString); if((jx = json_body_value(json, "expires_in")) != NULL) switch(jx->jtype){ @@ -425,16 +436,15 @@ void renew_accesstoken(MAILSTREAM *stream) user[0] = '\0'; mm_login_method (&mb, user, (void *) &oauth2, trial, stream->auth.name); - oauth2.param[OA2_State].value = NIL; /* this is freed before we get here */ + if(oauth2.access_token) /* we need a new one */ + fs_give((void **) &oauth2.access_token); if(stream->auth.expiration == 0){ stream->auth.expiration = oauth2.expiration; + if(oauth2.param[OA2_RefreshToken].value) fs_give((void **) &oauth2.param[OA2_RefreshToken].value); return; } - if(oauth2.access_token) - fs_give((void **) &oauth2.access_token); - oauth2.param[OA2_State].value = oauth2_generate_state(); mm_login_oauth2_c_client_method (&mb, user, stream->auth.name, &oauth2, trial, &tryanother); -- cgit v1.2.3-70-g09d2