We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hey!
I believe there's a memory leak here in the case where the base64-decoded data does not contain :: https://github.com/pariahsoft/libvmod-authentication/blob/master/src/vmod_authentication.c#L25-L30 (I would have expected to see a free(c); before the return NULL;)
:
free(c);
return NULL;
Also on these lines c is dereferenced before it has been checked if the malloc(sizeof(combination)); succeeded: and an assignment is made to the data at page 0: https://github.com/pariahsoft/libvmod-authentication/blob/master/src/vmod_authentication.c#L33-L34
c
malloc(sizeof(combination));
on a general note, strdup and strndup and friends are not verified to be successful allocations before being used.
strdup
strndup
Also, the base64_decode function is called twice on the input: https://github.com/pariahsoft/libvmod-authentication/blob/master/src/vmod_authentication.c#L63-L70 (base64_decode_alloc also performs the decoding: https://github.com/pariahsoft/libvmod-authentication/blob/master/src/base64.c#L414)
base64_decode_alloc
Also, I believe this should be return false;? https://github.com/pariahsoft/libvmod-authentication/blob/master/src/base64.c#L412
return false;
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hey!
I believe there's a memory leak here in the case where the base64-decoded data does not contain
::https://github.com/pariahsoft/libvmod-authentication/blob/master/src/vmod_authentication.c#L25-L30
(I would have expected to see a
free(c);before thereturn NULL;)Also on these lines
cis dereferenced before it has been checked if themalloc(sizeof(combination));succeeded: and an assignment is made to the data at page 0:https://github.com/pariahsoft/libvmod-authentication/blob/master/src/vmod_authentication.c#L33-L34
on a general note,
strdupandstrndupand friends are not verified to be successful allocations before being used.Also, the base64_decode function is called twice on the input:
https://github.com/pariahsoft/libvmod-authentication/blob/master/src/vmod_authentication.c#L63-L70 (
base64_decode_allocalso performs the decoding: https://github.com/pariahsoft/libvmod-authentication/blob/master/src/base64.c#L414)Also, I believe this should be
return false;? https://github.com/pariahsoft/libvmod-authentication/blob/master/src/base64.c#L412The text was updated successfully, but these errors were encountered: