fixed memory management during node decryption

author: Damien Laniel <dlaniel@entrouvert.com> 2008-05-21 14:20:33 +0000
committer: Damien Laniel <dlaniel@entrouvert.com> 2008-05-21 14:20:33 +0000
commit: 5316df50a74a09f2cf78d4a7b8b13c6de1946dcf (patch)
tree: 059bfbdd915efe613c1b651722ab1bca3b9cb4d7
parent: bfb243f3989599cca9b9709daeaa6670d1b569f1 (diff)
2 files changed, 35 insertions, 21 deletions
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index e5f6124f..022a003f 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -1243,6 +1243,7 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
 				encryption_private_key));
 			LASSO_SAMLP2_RESPONSE(response)->Assertion =
 				g_list_append(NULL, LASSO_SAML2_ASSERTION(decrypted_node));
+			g_object_unref(LASSO_SAMLP2_RESPONSE(response)->EncryptedAssertion);
 			LASSO_SAMLP2_RESPONSE(response)->EncryptedAssertion = NULL;
 		}
 	}
@@ -1265,12 +1266,11 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
 			}
 		}
 
-		id_node = g_object_ref(assertion->Subject->EncryptedID);
-		if (id_node == NULL) {
+		if (! LASSO_IS_SAML2_ENCRYPTED_ELEMENT(assertion->Subject->EncryptedID)) {
 			return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER;
 		}
 
-		encrypted_element = LASSO_SAML2_ENCRYPTED_ELEMENT(id_node);
+		encrypted_element = assertion->Subject->EncryptedID;
 		if (encrypted_element != NULL && encryption_private_key == NULL) {
 			return LASSO_PROFILE_ERROR_MISSING_ENCRYPTION_PRIVATE_KEY;
 		}
@@ -1280,11 +1280,13 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
 			profile->nameIdentifier = LASSO_NODE(
 				lasso_node_decrypt(encrypted_element, encryption_private_key));
 			assertion->Subject->NameID = LASSO_SAML2_NAME_ID(profile->nameIdentifier);
+			g_object_unref(assertion->Subject->EncryptedID);
 			assertion->Subject->EncryptedID = NULL;
 		}
 
-		if (profile->nameIdentifier == NULL)
+		if (profile->nameIdentifier == NULL) {
 			return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER;
+		}
 	}
 
 	return ret;
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index fca322c6..732c0582 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -740,8 +740,8 @@ lasso_node_decrypt(LassoSaml2EncryptedElement* encrypted_element,
 	xmlDocPtr doc2 = NULL;
 	xmlSecEncCtxPtr encCtx = NULL;
 	xmlSecKeyPtr sym_key = NULL;
-	xmlSecBufferPtr key_buffer;
-	LassoNode *decrypted_node;
+	xmlSecBufferPtr key_buffer = NULL;
+	LassoNode *decrypted_node = NULL;
 	xmlNodePtr encrypted_data_node = NULL;
 	xmlNodePtr encrypted_key_node = NULL;
 	xmlNodePtr encryption_method_node = NULL;
@@ -751,24 +751,24 @@ lasso_node_decrypt(LassoSaml2EncryptedElement* encrypted_element,
 
 	if (encryption_private_key == NULL || !xmlSecKeyIsValid(encryption_private_key)) {
 		message(G_LOG_LEVEL_WARNING, "Invalid decryption key");
-		return NULL;
+		goto cleanup;
 	}
 
 	/* Need to duplicate it because xmlSecEncCtxDestroy(encCtx); will destroy it */
 	encryption_private_key = xmlSecKeyDuplicate(encryption_private_key);
 
-	encrypted_data_node = encrypted_element->EncryptedData;
+	encrypted_data_node = xmlCopyNode(encrypted_element->EncryptedData, 1);
 
 	/* Get the encryption algorithm for EncryptedData in its EncryptionMethod node */
 	encryption_method_node = xmlSecTmplEncDataGetEncMethodNode(encrypted_data_node);
 	if (encryption_method_node == NULL) {
 		message(G_LOG_LEVEL_WARNING, "No EncryptionMethod node in EncryptedData");
-		return NULL;
+		goto cleanup;
 	}
 	algorithm = (char*)xmlGetProp(encryption_method_node, (xmlChar *)"Algorithm");
 	if (algorithm == NULL) {
 		message(G_LOG_LEVEL_WARNING, "No EncryptionMethod");
-		return NULL;
+		goto cleanup;
 	}
 	if (strstr(algorithm , "#aes")) {
 		key_type = xmlSecKeyDataAesId;
@@ -776,7 +776,7 @@ lasso_node_decrypt(LassoSaml2EncryptedElement* encrypted_element,
 		key_type = xmlSecKeyDataDesId;
 	} else {
 		message(G_LOG_LEVEL_WARNING, "Unknown EncryptionMethod");
-		return NULL;
+		goto cleanup;
 	}
 
 	/* Get the EncryptedKey */
@@ -785,7 +785,7 @@ lasso_node_decrypt(LassoSaml2EncryptedElement* encrypted_element,
 			if (i->data == NULL)
 				continue;
 			if (strcmp((char*)((xmlNode*)i->data)->name, "EncryptedKey") == 0) {
-				encrypted_key_node = (xmlNode*)(i->data);
+				encrypted_key_node = xmlCopyNode((xmlNode*)(i->data), 1);
 				break;
 			}
 		}
@@ -795,15 +795,17 @@ lasso_node_decrypt(LassoSaml2EncryptedElement* encrypted_element,
 		while (encrypted_key_node &&
 				strcmp((char*)encrypted_key_node->name, "EncryptedKey") != 0 ) {
 			if (strcmp((char*)encrypted_key_node->name, "EncryptedData") == 0 ||
-					strcmp((char*)encrypted_key_node->name, "KeyInfo") == 0)
-				encrypted_key_node = encrypted_key_node->children;
+					strcmp((char*)encrypted_key_node->name, "KeyInfo") == 0) {
+				encrypted_key_node = xmlCopyNode(encrypted_key_node->children, 1);
+				break;
+			}
 			encrypted_key_node = encrypted_key_node->next;
 		}
 	}
 
 	if (encrypted_key_node == NULL) {
 		message(G_LOG_LEVEL_WARNING, "No EncryptedKey node");
-		return NULL;
+		goto cleanup;
 	}
 
 	/* Create a document to contain the node to decrypt */
@@ -817,7 +819,7 @@ lasso_node_decrypt(LassoSaml2EncryptedElement* encrypted_element,
 	encCtx = xmlSecEncCtxCreate(NULL);
 	if (encCtx == NULL) {
 		message(G_LOG_LEVEL_WARNING, "Failed to create encryption context");
-		return NULL;
+		goto cleanup;
 	}
 	encCtx->encKey = encryption_private_key;
 	encCtx->mode = xmlEncCtxModeEncryptedKey;
@@ -829,7 +831,7 @@ lasso_node_decrypt(LassoSaml2EncryptedElement* encrypted_element,
 	}
 	if (sym_key == NULL) {
 		message(G_LOG_LEVEL_WARNING, "EncryptedKey decryption failed");
-		return NULL;
+		goto cleanup;
 	}
 
 	/* create encryption context to decrypt EncryptedData */
@@ -837,7 +839,7 @@ lasso_node_decrypt(LassoSaml2EncryptedElement* encrypted_element,
 	encCtx = xmlSecEncCtxCreate(NULL);
 	if (encCtx == NULL) {
 		message(G_LOG_LEVEL_WARNING, "Failed to create encryption context");
-		return NULL;
+		goto cleanup;
 	}
 	encCtx->encKey = sym_key;
 	encCtx->mode = xmlEncCtxModeEncryptedData;
@@ -845,13 +847,23 @@ lasso_node_decrypt(LassoSaml2EncryptedElement* encrypted_element,
 	/* decrypt the EncryptedData */
 	if ((xmlSecEncCtxDecrypt(encCtx, encrypted_data_node) < 0) || (encCtx->result == NULL)) {
 		message(G_LOG_LEVEL_WARNING, "EncryptedData decryption failed");
-		return NULL;
+		goto cleanup;
 	}
 
 	decrypted_node = lasso_node_new_from_xmlNode(doc->children);
 
-	/* cleanup */
-	xmlSecEncCtxDestroy(encCtx);
+cleanup:
+	if (doc == NULL) {
+		if (encrypted_data_node) {
+			xmlFreeNode(encrypted_data_node);
+		}
+		if (encrypted_key_node) {
+			xmlFreeNode(encrypted_key_node);
+		}
+	}
+	if (encCtx) {
+		xmlSecEncCtxDestroy(encCtx);
+	}
 	xmlFreeDoc(doc);
 
 	return decrypted_node;
author	Damien Laniel <dlaniel@entrouvert.com>	2008-05-21 14:20:33 +0000
committer	Damien Laniel <dlaniel@entrouvert.com>	2008-05-21 14:20:33 +0000
commit	5316df50a74a09f2cf78d4a7b8b13c6de1946dcf (patch)
tree	059bfbdd915efe613c1b651722ab1bca3b9cb4d7
parent	bfb243f3989599cca9b9709daeaa6670d1b569f1 (diff)