ID-FF 1.2: fix some real and potential memory leaks

 * lasso/id-ff/provider.c:
 * lasso/id-ff/server.c:
 * lasso/id-ff/session.c:
   use macros to release previous value when necessary,
   release object used as parameters to constructors,
   free the encryption key associated with a provider,
   release the key manager created for a saml signature
   verification.

3 files changed, 16 insertions, 10 deletions

diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c
index fff9edb0..f369fa03 100644
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@@ -1005,9 +1005,9 @@ lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType publi
 		g_free(value);
 
 		if (public_key_type == LASSO_PUBLIC_KEY_SIGNING) {
-			provider->private_data->public_key = pub_key;
+			lasso_assign_new_sec_key(provider->private_data->public_key, pub_key);
 		} else {
-			provider->private_data->encryption_public_key = pub_key;
+			lasso_assign_new_sec_key(provider->private_data->encryption_public_key, pub_key);
 		}
 
 		if (pub_key) {
@@ -1035,7 +1035,7 @@ lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType publi
 			break; /* with a warning ? */
 	}
 
-	provider->private_data->public_key = pub_key;
+	lasso_assign_new_sec_key(provider->private_data->public_key, pub_key);
 
 	return (pub_key != NULL);
 }
@@ -1104,6 +1104,7 @@ lasso_provider_verify_saml_signature(LassoProvider *provider,
 			LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED);
 	rc = lasso_verify_signature(signed_node, doc, id_attribute_name, keys_manager, public_key,
 			NO_OPTION, NULL);
+	lasso_release_key_manager(keys_manager);
 exit:
 	lasso_release_key_manager(keys_manager);
 	return rc;
diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c
index 3e50fa94..3260c167 100644
--- a/lasso/id-ff/server.c
+++ b/lasso/id-ff/server.c
@@ -625,11 +625,10 @@ dispose(GObject *object)
 	}
 	server->private_data->dispose_has_run = TRUE;
 
-	/* FIXME : Probably necessary, must be tested */
-/* 	if (server->private_data->encryption_private_key != NULL) { */
-/* 		xmlSecKeyDestroy(server->private_data->encryption_private_key); */
-/* 		server->private_data->encryption_private_key = NULL; */
-/* 	} */
+	if (server->private_data->encryption_private_key != NULL) {
+		xmlSecKeyDestroy(server->private_data->encryption_private_key);
+		server->private_data->encryption_private_key = NULL;
+	}
 
 	if (server->private_data->svc_metadatas != NULL) {
 		g_list_foreach(server->private_data->svc_metadatas, (GFunc)g_object_unref, NULL);
@@ -637,7 +636,13 @@ dispose(GObject *object)
 		server->private_data->svc_metadatas = NULL;
 	}
 
+	if (server->services) {
+		g_hash_table_destroy(server->services);
+		server->services = NULL;
+	}
+
 	/* free allocated memory for hash tables */
+	lasso_mem_debug("LassoServer", "Providers", server->providers);
 	g_hash_table_destroy(server->providers);
 	server->providers = NULL;
 
diff --git a/lasso/id-ff/session.c b/lasso/id-ff/session.c
index 15774d7e..a4bd629b 100644
--- a/lasso/id-ff/session.c
+++ b/lasso/id-ff/session.c
@@ -456,8 +456,7 @@ lasso_session_get_assertion_identity_token(LassoSession *session, const gchar *s
 			if (security_context->Token != NULL) {
 				sec_token = security_context->Token->data;
 				if (LASSO_IS_SAML2_ASSERTION(sec_token->any)) {
-					assertion = LASSO_SAML2_ASSERTION(
-						g_object_ref(sec_token->any));
+					lasso_assign_gobject(assertion, sec_token->any);
 					break;
 				}
 			}
@@ -652,6 +651,7 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode)
 
 					assertion = lasso_node_new_from_xmlNode(n);
 					lasso_session_add_assertion_simple(session, (char*)value, assertion);
+					lasso_release_gobject(assertion);
 					xmlFree(value);
 				}
 			} else if ((value = xmlGetProp(t, (xmlChar*)"ID"))) {