From 9f408a6dbd4bf1c374d4963adb75810dc8ef76b7 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Tue, 23 Oct 2018 12:29:26 +0200
Subject: [PATCH] Fix memleaks of saslconn on error paths

If mutt_sasl_client_new returns an error, the callers would ignore the
allocated saslconn resource from sasl_client_new. Be sure to release
these with sasl_dispose as documented in sasl.h. Likewise, let callers
(POP/IMAP) dispose the resource on their error paths. SMTP was already
taken care of. Found with LeakSanitizer in IMAP.
---
 conn/sasl.c      | 3 +++
 imap/auth_sasl.c | 5 +++++
 pop/pop_auth.c   | 1 +
 3 files changed, 9 insertions(+)

diff --git a/conn/sasl.c b/conn/sasl.c
index ea188d302..edd65edfc 100644
--- a/conn/sasl.c
+++ b/conn/sasl.c
@@ -576,6 +576,7 @@ int mutt_sasl_client_new(struct Connection *conn, sasl_conn_t **saslconn)
   if (sasl_setprop(*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK)
   {
     mutt_error(_("Error setting SASL security properties"));
+    sasl_dispose(saslconn);
     return -1;
   }
 
@@ -586,6 +587,7 @@ int mutt_sasl_client_new(struct Connection *conn, sasl_conn_t **saslconn)
     if (sasl_setprop(*saslconn, SASL_SSF_EXTERNAL, &(conn->ssf)) != SASL_OK)
     {
       mutt_error(_("Error setting SASL external security strength"));
+      sasl_dispose(saslconn);
       return -1;
     }
   }
@@ -595,6 +597,7 @@ int mutt_sasl_client_new(struct Connection *conn, sasl_conn_t **saslconn)
     if (sasl_setprop(*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) != SASL_OK)
     {
       mutt_error(_("Error setting SASL external user name"));
+      sasl_dispose(saslconn);
       return -1;
     }
   }
diff --git a/imap/auth_sasl.c b/imap/auth_sasl.c
index 6aa1f21f9..02e8ef00b 100644
--- a/imap/auth_sasl.c
+++ b/imap/auth_sasl.c
@@ -77,7 +77,10 @@ enum ImapAuthRes imap_auth_sasl(struct ImapAccountData *adata, const char *metho
      * 3. if sasl_client_start fails, fall through... */
 
     if (mutt_account_getuser(&adata->conn->account) < 0)
+    {
+      sasl_dispose(&saslconn);
       return IMAP_AUTH_FAILURE;
+    }
 
     if (mutt_bit_isset(adata->capabilities, AUTH_ANON) &&
         (!adata->conn->account.user[0] ||
@@ -90,6 +93,7 @@ enum ImapAuthRes imap_auth_sasl(struct ImapAccountData *adata, const char *metho
            !strstr(NONULL(adata->capstr), "AUTH=LOGIN"))
   {
     /* do not use SASL login for regular IMAP login (#3556) */
+    sasl_dispose(&saslconn);
     return IMAP_AUTH_UNAVAIL;
   }
 
@@ -117,6 +121,7 @@ enum ImapAuthRes imap_auth_sasl(struct ImapAccountData *adata, const char *metho
     }
     /* SASL doesn't support LOGIN, so fall back */
 
+    sasl_dispose(&saslconn);
     return IMAP_AUTH_UNAVAIL;
   }
 
diff --git a/pop/pop_auth.c b/pop/pop_auth.c
index 52f7d6aef..d06c63d2e 100644
--- a/pop/pop_auth.c
+++ b/pop/pop_auth.c
@@ -90,6 +90,7 @@ static enum PopAuthRes pop_auth_sasl(struct PopAccountData *adata, const char *m
         1, "Failure starting authentication exchange. No shared mechanisms?\n");
 
     /* SASL doesn't support suggested mechanisms, so fall back */
+    sasl_dispose(&saslconn);
     return POP_A_UNAVAIL;
   }
 
-- 
2.40.0