[Monetdb-checkins] MonetDB5/src/mal mal_authorize.mx, MonetDB_5-2, 1.50.2.1, 1.50.2.2

Sun, 28 Oct 2007 23:07:28 -0800 

Update of /cvsroot/monetdb/MonetDB5/src/mal
In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv18515/src/mal

Modified Files:
      Tag: MonetDB_5-2
        mal_authorize.mx 
Log Message:
filling some holes... (it leaks less but it needs more work in case of errors!)


Index: mal_authorize.mx
===================================================================
RCS file: /cvsroot/monetdb/MonetDB5/src/mal/mal_authorize.mx,v
retrieving revision 1.50.2.1
retrieving revision 1.50.2.2
diff -u -d -r1.50.2.1 -r1.50.2.2
--- mal_authorize.mx    16 Oct 2007 09:26:58 -0000      1.50.2.1
+++ mal_authorize.mx    29 Oct 2007 07:07:21 -0000      1.50.2.2
@@ -330,12 +330,15 @@
        rethrow("checkCredentials", tmp, AUTHdecypherValue(&pwd, &tmp));
        /* generate the hash as the client should have done */
        rethrow("checkCredentials", tmp, AUTHhashPassword(&hash, algo, &pwd, 
challenge));
+       GDKfree(pwd);
        /* and now we have it, compare it to what was given to us */
        if (strcmp(*passwd, hash) != 0) {
                /* of course we DO NOT print the password here */
+               GDKfree(hash);
                throw(INVCRED, "checkCredentials", "Invalid credentials for 
user '%s'",
                                *username);
        }
+       GDKfree(hash);
 
        /* now see if the scenario is permitted (if restrictions for that
         * apply)
@@ -409,6 +412,7 @@
        /* needs force, as SQL makes a view over user */
        BUNappend(user, *username, TRUE);
        BUNappend(pass, hash, FALSE);   /* should always be private! */
+       GDKfree(hash);
        /* retrieve the oid of the just inserted user */
        p = BUNfnd(BATmirror(user), *username);
        assert (p != NULL);
@@ -553,7 +557,8 @@
        /* cypher the password */
        rethrow("setPassword", tmp, AUTHcypherValue(&hash, passwd));
        /* ok, just overwrite the password field for this user */
-       BUNinplace(pass, p, BUNhead(pass, p), &hash, FALSE);
+       BUNinplace(pass, p, BUNhead(pass, p), hash, FALSE);
+       GDKfree(hash);
        AUTHcommit();
 
        return(MAL_SUCCEED);
@@ -600,7 +605,8 @@
        /* ok, just overwrite the password field for this user */
        p = BUNfnd(pass, &id);
        assert (p != NULL);
-       BUNinplace(pass, p, BUNhead(pass, p), &hash, FALSE);
+       BUNinplace(pass, p, BUNhead(pass, p), hash, FALSE);
+       GDKfree(hash);
        AUTHcommit();
 
        return(MAL_SUCCEED);


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Monetdb-checkins mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/monetdb-checkins

Reply via email to