[src/trunk]: src/libexec/httpd Fixed memory leak in case of multiple authenti...

[shm <shm%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b9d9a8749a43
branches:  trunk
changeset: 333899:b9d9a8749a43
user:      shm <shm%NetBSD.org@localhost>
date:      Fri Nov 21 08:58:28 2014 +0000

description:
Fixed memory leak in case of multiple authentication headers sent by the
client.

OK mrg@

diffstat:

 libexec/httpd/auth-bozo.c |  11 ++++++++++-
 libexec/httpd/bozohttpd.c |   3 ++-
 libexec/httpd/bozohttpd.h |   4 +++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diffs (74 lines):

diff -r 5a5a70f6257f -r b9d9a8749a43 libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Fri Nov 21 08:54:12 2014 +0000
+++ b/libexec/httpd/auth-bozo.c Fri Nov 21 08:58:28 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: auth-bozo.c,v 1.13 2014/07/08 14:01:21 mrg Exp $       */
+/*     $NetBSD: auth-bozo.c,v 1.14 2014/11/21 08:58:28 shm Exp $       */
 
 /*     $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $       */
 
@@ -118,6 +118,13 @@
 }
 
 void
+bozo_auth_init(bozo_httpreq_t *request)
+{
+       request->hr_authuser = NULL;
+       request->hr_authpass = NULL;
+}
+
+void
 bozo_auth_cleanup(bozo_httpreq_t *request)
 {
 
@@ -150,6 +157,8 @@
                        return bozo_http_error(httpd, 400, request,
                            "bad authorization field");
                *pass++ = '\0';
+               free(request->hr_authuser);
+               free(request->hr_authpass);
                request->hr_authuser = bozostrdup(httpd, authbuf);
                request->hr_authpass = bozostrdup(httpd, pass);
                debug((httpd, DEBUG_FAT,
diff -r 5a5a70f6257f -r b9d9a8749a43 libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Fri Nov 21 08:54:12 2014 +0000
+++ b/libexec/httpd/bozohttpd.c Fri Nov 21 08:58:28 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.c,v 1.58 2014/11/21 08:54:12 shm Exp $       */
+/*     $NetBSD: bozohttpd.c,v 1.59 2014/11/21 08:58:28 shm Exp $       */
 
 /*     $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $      */
 
@@ -541,6 +541,7 @@
        request->hr_virthostname = NULL;
        request->hr_file = NULL;
        request->hr_oldfile = NULL;
+       bozo_auth_init(request);
 
        slen = sizeof(ss);
        if (getpeername(0, (struct sockaddr *)(void *)&ss, &slen) < 0)
diff -r 5a5a70f6257f -r b9d9a8749a43 libexec/httpd/bozohttpd.h
--- a/libexec/httpd/bozohttpd.h Fri Nov 21 08:54:12 2014 +0000
+++ b/libexec/httpd/bozohttpd.h Fri Nov 21 08:58:28 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.h,v 1.33 2014/07/17 06:27:52 mrg Exp $       */
+/*     $NetBSD: bozohttpd.h,v 1.34 2014/11/21 08:58:28 shm Exp $       */
 
 /*     $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $       */
 
@@ -247,6 +247,7 @@
 
 /* auth-bozo.c */
 #ifdef DO_HTPASSWD
+void   bozo_auth_init(bozo_httpreq_t *);
 int    bozo_auth_check(bozo_httpreq_t *, const char *);
 void   bozo_auth_cleanup(bozo_httpreq_t *);
 int    bozo_auth_check_headers(bozo_httpreq_t *, char *, char *, ssize_t);
@@ -255,6 +256,7 @@
 void   bozo_auth_cgi_setenv(bozo_httpreq_t *, char ***);
 int    bozo_auth_cgi_count(bozo_httpreq_t *);
 #else
+#define        bozo_auth_init(x)                       do { /* nothing */ } while (0)
 #define        bozo_auth_check(x, y)                   0
 #define        bozo_auth_cleanup(x)                    do { /* nothing */ } while (0)
 #define        bozo_auth_check_headers(y, z, a, b)     0