From 822f95071a5cb4becb3a7aa3a3c864f287bb612f Mon Sep 17 00:00:00 2001 From: Dmitry Podgorny Date: Sun, 18 Feb 2018 14:02:17 +0200 Subject: [PATCH] sasl: fix memory leak in DIGEST-MD5 implementation Don't add "qop" two times to hash table, otherwise, an entry is lost without freeing memory. --- src/sasl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/sasl.c b/src/sasl.c index 5ae5a7f..d49865b 100644 --- a/src/sasl.c +++ b/src/sasl.c @@ -264,7 +264,8 @@ char *sasl_digest_md5(xmpp_ctx_t *ctx, const char *challenge, xmpp_rand_nonce(ctx->rand, cnonce, sizeof(cnonce)); hash_add(table, "cnonce", xmpp_strdup(ctx, cnonce)); hash_add(table, "nc", xmpp_strdup(ctx, "00000001")); - hash_add(table, "qop", xmpp_strdup(ctx, "auth")); + if (hash_get(table, "qop") == NULL) + hash_add(table, "qop", xmpp_strdup(ctx, "auth")); value = xmpp_alloc(ctx, 5 + strlen(domain) + 1); memcpy(value, "xmpp/", 5); memcpy(value+5, domain, strlen(domain));