X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/90edb255effd0d29d94e662ca5bf3e9eda7ed122..1e424a2249aa6b911fd3be973de00cee413342eb:/sbr/netsec.c?ds=sidebyside diff --git a/sbr/netsec.c b/sbr/netsec.c index 990b2318..c07371ac 100644 --- a/sbr/netsec.c +++ b/sbr/netsec.c @@ -188,27 +188,19 @@ netsec_init(void) void netsec_shutdown(netsec_context *nsc, int closeflag) { - if (nsc->ns_userid) - free(nsc->ns_userid); - if (nsc->ns_inbuffer) - free(nsc->ns_inbuffer); - if (nsc->ns_outbuffer) - free(nsc->ns_outbuffer); - if (nsc->sasl_mech) - free(nsc->sasl_mech); - if (nsc->sasl_chosen_mech) - free(nsc->sasl_chosen_mech); + mh_xfree(nsc->ns_userid); + mh_xfree(nsc->ns_inbuffer); + mh_xfree(nsc->ns_outbuffer); + mh_xfree(nsc->sasl_mech); + mh_xfree(nsc->sasl_chosen_mech); #ifdef OAUTH_SERVICE - if (nsc->oauth_service) - free(nsc->oauth_service); + mh_xfree(nsc->oauth_service); #endif /* OAUTH_SERVICE */ #ifdef CYRUS_SASL if (nsc->sasl_conn) sasl_dispose(&nsc->sasl_conn); - if (nsc->sasl_hostname) - free(nsc->sasl_hostname); - if (nsc->sasl_cbs) - free(nsc->sasl_cbs); + mh_xfree(nsc->sasl_hostname); + mh_xfree(nsc->sasl_cbs); if (nsc->sasl_creds) nmh_credentials_free(nsc->sasl_creds); if (nsc->sasl_secret) { @@ -217,8 +209,7 @@ netsec_shutdown(netsec_context *nsc, int closeflag) } free(nsc->sasl_secret); } - if (nsc->sasl_tmpbuf) - free(nsc->sasl_tmpbuf); + mh_xfree(nsc->sasl_tmpbuf); #endif /* CYRUS_SASL */ #ifdef TLS_SUPPORT if (nsc->ssl_io) @@ -627,7 +618,8 @@ retry: if (nsc->ns_snoop) ERR_print_errors_fp(stderr); return NOTOK; - } else if (rc < 0) { + } + if (rc < 0) { /* Definitely an error */ netsec_err(errstr, "Read on TLS connection failed: %s", ERR_error_string(ERR_get_error(), NULL)); @@ -826,19 +818,18 @@ retry: "%d bytes, but our buffer size was only %d bytes", rc, nsc->ns_outbufsize); return NOTOK; - } else { - /* - * Generate a flush (which may be inefficient, but hopefully - * it isn't) and then try again. - */ - if (netsec_flush(nsc, errstr) != OK) - return NOTOK; - /* - * After this, outbuffer should == outptr, so we shouldn't - * hit this next time around. - */ - goto retry; } + /* + * Generate a flush (which may be inefficient, but hopefully + * it isn't) and then try again. + */ + if (netsec_flush(nsc, errstr) != OK) + return NOTOK; + /* + * After this, outbuffer should == outptr, so we shouldn't + * hit this next time around. + */ + goto retry; } if (nsc->ns_snoop) { @@ -1023,7 +1014,7 @@ netsec_set_sasl_params(netsec_context *nsc, const char *hostname, nsc->sasl_mech = mh_xstrdup(mechanism); for (p = nsc->sasl_mech; *p; p++) - if (isascii((unsigned char) *p)) /* Just in case */ + if (isascii((unsigned char) *p)) /* Leave non-ASCII lower alone. */ *p = toupper((unsigned char) *p); } @@ -1277,8 +1268,7 @@ netsec_negotiate_sasl(netsec_context *nsc, const char *mechlist, char **errstr) rc = sasl_client_step(nsc->sasl_conn, (char *) outbuf, outbuflen, NULL, (const char **) &saslbuf, &saslbuflen); - if (outbuf) - free(outbuf); + mh_xfree(outbuf); if (rc != SASL_OK && rc != SASL_CONTINUE) { netsec_err(errstr, "SASL client negotiation failed: %s", @@ -1534,13 +1524,12 @@ netsec_set_tls(netsec_context *nsc, int tls, char **errstr) BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); nsc->ssl_io = ssl_bio; - return OK; - } else { - BIO_free_all(nsc->ssl_io); - nsc->ssl_io = NULL; - return OK; } + BIO_free_all(nsc->ssl_io); + nsc->ssl_io = NULL; + + return OK; #else /* TLS_SUPPORT */ netsec_err(errstr, "TLS is not supported");