From 34e7cbb6feb2c53109435562d57001f044b9720e Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Mon, 13 Jul 2015 17:17:42 +0100 Subject: [PATCH] Plug memleak on mismatched length --- contrib/slapd-modules/passwd/totp/slapd-totp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/contrib/slapd-modules/passwd/totp/slapd-totp.c b/contrib/slapd-modules/passwd/totp/slapd-totp.c index 9934fdffcf..14f4d92c00 100644 --- a/contrib/slapd-modules/passwd/totp/slapd-totp.c +++ b/contrib/slapd-modules/passwd/totp/slapd-totp.c @@ -425,8 +425,10 @@ static int chk_totp( memset(key.mv_val, 0, key.mv_len); /* compare */ - if (out.mv_len != cred->bv_len) - return LUTIL_PASSWD_ERR; + if (out.mv_len != cred->bv_len) { + rc = LUTIL_PASSWD_ERR; + goto out; + } rc = memcmp(out.mv_val, cred->bv_val, out.mv_len) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; -- 2.39.5