/* avoid spending too much time on single socket */
if (cf_sbuf_loopcnt > 0 && loopcnt >= cf_sbuf_loopcnt) {
+ bool _ignore;
+
log_debug("loopcnt full");
/*
* sbuf_process_pending() avoids some data if buffer is full,
* but as we exit processing loop here, we need to retry
* after resync to process all data. (result is ignored)
*/
- ok = sbuf_process_pending(sbuf);
+ _ignore = sbuf_process_pending(sbuf);
+ (void) _ignore;
sbuf_wait_for_data_forced(sbuf);
return;
if (decoded_len < 0)
goto invalid_verifier;
*salt = strdup(salt_str);
+ if (!*salt)
+ goto invalid_verifier;
/*
* Decode StoredKey and ServerKey.
free(decoded_stored_buf);
free(decoded_server_buf);
free(v);
+ free(*salt);
*salt = NULL;
return false;
}
size_t len;
uint8_t client_proof[SCRAM_KEY_LEN];
- len = snprintf(buf, sizeof(buf), "c=biws,r=%s", server_nonce);
+ snprintf(buf, sizeof(buf), "c=biws,r=%s", server_nonce);
scram_state->client_final_message_without_proof = strdup(buf);
if (scram_state->client_final_message_without_proof == NULL)
{
char *client_first_message_bare = NULL;
char *client_nonce = NULL;
+ char *client_nonce_copy = NULL;
*cbind_flag_p = *input;
switch (*input) {
slog_error(client, "non-printable characters in SCRAM nonce");
goto failed;
}
- client_nonce = strdup(client_nonce);
- if (client_nonce == NULL)
+ client_nonce_copy = strdup(client_nonce);
+ if (client_nonce_copy == NULL)
goto failed;
/*
* There can be any number of optional extensions after this. We don't
* support any extensions, so ignore them.
*/
- while (*input != '\0')
- read_any_attr(client, &input, NULL);
+ while (*input != '\0') {
+ if (!read_any_attr(client, &input, NULL))
+ goto failed;
+ }
*client_first_message_bare_p = client_first_message_bare;
- *client_nonce_p = client_nonce;
+ *client_nonce_p = client_nonce_copy;
return true;
failed:
free(client_first_message_bare);
+ free(client_nonce_copy);
return false;
}
char *channel_binding;
char *client_final_nonce;
char *proof_start;
+ char *value;
char *encoded_proof;
char *proof = NULL;
int prooflen;
do
{
proof_start = input - 1;
- encoded_proof = read_any_attr(client, &input, &attr);
- } while (attr != 'p');
+ value = read_any_attr(client, &input, &attr);
+ } while (value && attr != 'p');
- if (!encoded_proof) {
+ if (!value) {
slog_error(client, "could not read proof");
goto failed;
}
+ encoded_proof = value;
+
proof = malloc(pg_b64_dec_len(strlen(encoded_proof)));
if (proof == NULL) {
slog_error(client, "could not decode proof");