From: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: Mon, 10 Jan 2022 20:02:02 +0000 (+0400)
Subject: auth: fix a no-memory case
X-Git-Tag: dbus-1.13.22~12^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cfdfac916971113d1d2e98ca28c26c07ba34ee46;p=thirdparty%2Fdbus.git

auth: fix a no-memory case

Jumping to "out" will call _dbus_string_zero() unconditionally on tmp
string variables. Do not attempt to zero what wasn't even initialized.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---

diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index 62b5b13c7..d4faa7376 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -525,8 +525,8 @@ sha1_handle_first_client_response (DBusAuth         *auth,
   /* We haven't sent a challenge yet, we're expecting a desired
    * username from the client.
    */
-  DBusString tmp;
-  DBusString tmp2;
+  DBusString tmp = _DBUS_STRING_INIT_INVALID;
+  DBusString tmp2 = _DBUS_STRING_INIT_INVALID;
   dbus_bool_t retval = FALSE;
   DBusError error = DBUS_ERROR_INIT;
   DBusCredentials *myself = NULL;
@@ -557,7 +557,7 @@ sha1_handle_first_client_response (DBusAuth         *auth,
       if (dbus_error_has_name (&error, DBUS_ERROR_NO_MEMORY))
         {
           dbus_error_free (&error);
-          goto out;
+          return FALSE;
         }
 
       _dbus_verbose ("%s: Did not get a valid username from client: %s\n",