This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=b30c0b466604705a63e3a804dd9b4e7ce1edd8a6 The branch, master has been updated via b30c0b466604705a63e3a804dd9b4e7ce1edd8a6 (commit) from 819dcbbee85aa68ebdcc8ccc558c621a8f731f8e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b30c0b466604705a63e3a804dd9b4e7ce1edd8a6 Author: Simon Josefsson <[email protected]> Date: Fri Sep 11 15:28:57 2009 +0200 SCRAM: Cleanup and memory leak fixing. ----------------------------------------------------------------------- Summary of changes: lib/scram/client.c | 58 ++++++++++++++++++++++++++++++++------------------- 1 files changed, 36 insertions(+), 22 deletions(-) diff --git a/lib/scram/client.c b/lib/scram/client.c index 53752d5..26cab0c 100644 --- a/lib/scram/client.c +++ b/lib/scram/client.c @@ -49,6 +49,7 @@ struct scram_client_state int step; char *cfmb; /* client first message bare */ char *serversignature; + char *authmessage; struct scram_client_first cf; struct scram_server_first sf; struct scram_client_final cl; @@ -230,7 +231,6 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx, char saltedpassword[20]; char *clientkey; char *storedkey; - char *authmessage; char *clientsignature; char clientproof[20]; const char *p; @@ -261,6 +261,28 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx, else return GSASL_NO_PASSWORD; + /* Get client-final-message-without-proof. */ + { + char *cfmwp; + int n; + + state->cl.proof = strdup ("p"); + rc = scram_print_client_final (&state->cl, &cfmwp); + if (rc != 0) + return GSASL_MALLOC_ERROR; + free (state->cl.proof); + + /* Compute AuthMessage */ + n = asprintf (&state->authmessage, "%s,%.*s,%.*s", + state->cfmb, + input_len, input, + strlen (cfmwp) - 4, + cfmwp); + free (cfmwp); + if (n <= 0 || !state->authmessage) + return GSASL_MALLOC_ERROR; + } + /* ClientKey := HMAC(SaltedPassword, "Client Key") */ #define CLIENT_KEY "Client Key" rc = gsasl_hmac_sha1 (saltedpassword, 20, @@ -272,30 +294,22 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx, /* StoredKey := H(ClientKey) */ rc = gsasl_sha1 (clientkey, 20, &storedkey); if (rc != 0) - return rc; - - /* Get client-final-message-without-proof. */ - state->cl.proof = strdup ("p"); - rc = scram_print_client_final (&state->cl, output); - if (rc != 0) - return GSASL_MALLOC_ERROR; - free (state->cl.proof); - - /* Compute AuthMessage */ - asprintf (&authmessage, "%s,%.*s,%.*s", - state->cfmb, - input_len, input, - strlen (*output) - 4, - *output); - free (*output); + { + free (clientkey); + return rc; + } /* ClientSignature := HMAC(StoredKey, AuthMessage) */ rc = gsasl_hmac_sha1 (storedkey, 20, - authmessage, strlen (authmessage), + state->authmessage, + strlen (state->authmessage), &clientsignature); free (storedkey); if (rc != 0) - return rc; + { + free (clientkey); + return rc; + } /* ClientProof := ClientKey XOR ClientSignature */ memcpy (clientproof, clientkey, 20); @@ -323,7 +337,8 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx, /* ServerSignature := HMAC(ServerKey, AuthMessage) */ rc = gsasl_hmac_sha1 (serverkey, 20, - authmessage, strlen (authmessage), + state->authmessage, + strlen (state->authmessage), &serversignature); if (rc != 0) return rc; @@ -334,8 +349,6 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx, if (rc != 0) return rc; } - - free (authmessage); } rc = scram_print_client_final (&state->cl, output); @@ -381,6 +394,7 @@ _gsasl_scram_sha1_client_finish (Gsasl_session * sctx, void *mech_data) return; free (state->cfmb); + free (state->authmessage); scram_free_client_first (&state->cf); scram_free_server_first (&state->sf); scram_free_client_final (&state->cl); hooks/post-receive -- GNU gsasl _______________________________________________ Gsasl-commit mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gsasl-commit
