Fix memleaks of saslconn on error paths

If mutt_sasl_client_new returns an error, the callers would ignore the
allocated saslconn resource from sasl_client_new. Be sure to release
these with sasl_dispose as documented in sasl.h. Likewise, let callers
(POP/IMAP) dispose the resource on their error paths. SMTP was already
taken care of. Found with LeakSanitizer in IMAP.

diff --git a/imap/auth_sasl.c b/imap/auth_sasl.c
index 1cf997d4eedc37389c6c0661eb845533cfc800cf..bd059dc1fd6e293bd3427b048a34d4a077437f97 100644 (file)
--- a/imap/auth_sasl.c
+++ b/imap/auth_sasl.c
@@ -62,8 +62,10 @@ imap_auth_res_t imap_auth_sasl (IMAP_DATA* idata, const char* method)
      * 2. attempt sasl_client_start with only "AUTH=ANONYMOUS" capability
      * 3. if sasl_client_start fails, fall through... */
 
-    if (mutt_account_getuser (&idata->conn->account))
+    if (mutt_account_getuser (&idata->conn->account)) {
+      sasl_dispose (&saslconn);
       return IMAP_AUTH_FAILURE;
+    }
 
     if (mutt_bit_isset (idata->capabilities, AUTH_ANON) &&
        (!idata->conn->account.user[0] ||
@@ -71,9 +73,11 @@ imap_auth_res_t imap_auth_sasl (IMAP_DATA* idata, const char* method)
       rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, &pc, &olen, 
                               &mech);
   } else if (!ascii_strcasecmp ("login", method) &&
-       !strstr (NONULL (idata->capstr), "AUTH=LOGIN"))
+       !strstr (NONULL (idata->capstr), "AUTH=LOGIN")) {
     /* do not use SASL login for regular IMAP login (#3556) */
+    sasl_dispose (&saslconn);
     return IMAP_AUTH_UNAVAIL;
+  }
   
   if (rc != SASL_OK && rc != SASL_CONTINUE)
     do
@@ -95,6 +99,7 @@ imap_auth_res_t imap_auth_sasl (IMAP_DATA* idata, const char* method)
       dprint (1, (debugfile, "imap_auth_sasl: Failure starting authentication exchange. No shared mechanisms?\n"));
     /* SASL doesn't support LOGIN, so fall back */
 
+    sasl_dispose (&saslconn);
     return IMAP_AUTH_UNAVAIL;
   }
 

diff --git a/mutt_sasl.c b/mutt_sasl.c
index f0760acf1d07d099235ed9406b087f9f15b88e78..16a026b6306e1b262d2a6bd0ec8e16b44e417f99 100644 (file)
--- a/mutt_sasl.c
+++ b/mutt_sasl.c
@@ -239,6 +239,7 @@ int mutt_sasl_client_new (CONNECTION* conn, sasl_conn_t** saslconn)
   if (sasl_setprop (*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK)
   {
     mutt_error (_("Error setting SASL security properties"));
+    sasl_dispose (saslconn);
     return -1;
   }
 
@@ -249,6 +250,7 @@ int mutt_sasl_client_new (CONNECTION* conn, sasl_conn_t** saslconn)
     if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &(conn->ssf)) != SASL_OK)
     {
       mutt_error (_("Error setting SASL external security strength"));
+      sasl_dispose (saslconn);
       return -1;
     }
   }
@@ -258,6 +260,7 @@ int mutt_sasl_client_new (CONNECTION* conn, sasl_conn_t** saslconn)
     if (sasl_setprop (*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) != SASL_OK)
     {
       mutt_error (_("Error setting SASL external user name"));
+      sasl_dispose (saslconn);
       return -1;
     }
   }

diff --git a/pop_auth.c b/pop_auth.c
index b2d94b2c3b11da935b0b62c2ed0e11b3b41e543c..2d50fed562af59e6fc76af9cf3612ef413fde9f5 100644 (file)
--- a/pop_auth.c
+++ b/pop_auth.c
@@ -75,6 +75,7 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA *pop_data, const char *method)
     dprint (1, (debugfile, "pop_auth_sasl: Failure starting authentication exchange. No shared mechanisms?\n"));
 
     /* SASL doesn't support suggested mechanisms, so fall back */
+    sasl_dispose (&saslconn);
     return POP_A_UNAVAIL;
   }