lib/ext/srp.c: Add gnutls_free() to avoid memory leak

Add gnutls_free() to free priv->username if the allocation of priv->password fails to avoid memory leak.
Moreover, replace "return" with "goto" to avoid memory leak.

Fixes: a1a15422 ("Fixes and memory leak elimination in SRP authentication.")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>

diff --git a/lib/ext/srp.c b/lib/ext/srp.c
index 409ba20a603c6d68b87e724f861b6b6b31e6558f..750374fb543459536390aceed99af8b8238bb510 100644 (file)
--- a/lib/ext/srp.c
+++ b/lib/ext/srp.c
@@ -150,12 +150,15 @@ static int _gnutls_srp_send_params(gnutls_session_t session,
                priv->username = gnutls_strdup(cred->username);
                if (priv->username == NULL) {
                        gnutls_assert();
+                       ret = GNUTLS_E_MEMORY_ERROR;
                        goto cleanup;
                }
 
                priv->password = gnutls_strdup(cred->password);
                if (priv->password == NULL) {
+                       gnutls_free(priv->username);
                        gnutls_assert();
+                       ret = GNUTLS_E_MEMORY_ERROR;
                        goto cleanup;
                }
 
@@ -171,7 +174,8 @@ static int _gnutls_srp_send_params(gnutls_session_t session,
                if (cred->get_function(session, &username, &password) < 0 ||
                    username == NULL || password == NULL) {
                        gnutls_assert();
-                       return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+                       ret = GNUTLS_E_ILLEGAL_SRP_USERNAME;
+                       goto cleanup;
                }
 
                len = MIN(strlen(username), 255);