Prevent theoretical double free and leak on get_peer_sock_name.

[free-sw/xcb/libxcb] / src / xcb_auth.c

diff --git a/src/xcb_auth.c b/src/xcb_auth.c
index 1af27fc..a3a7e45 100644 (file)
--- a/src/xcb_auth.c
+++ b/src/xcb_auth.c
@@ -261,7 +261,7 @@ static struct sockaddr *get_peer_sock_name(int (*socket_func)(int,
 {
     socklen_t socknamelen = sizeof(struct sockaddr) + INITIAL_SOCKNAME_SLACK;
     socklen_t actual_socknamelen = socknamelen;
-    struct sockaddr *sockname = malloc(socknamelen), *new_sockname = NULL;
+    struct sockaddr *sockname = malloc(socknamelen);
 
     if (sockname == NULL)
         return NULL;
@@ -274,14 +274,17 @@ static struct sockaddr *get_peer_sock_name(int (*socket_func)(int,
 
     if (actual_socknamelen > socknamelen)
     {
+        struct sockaddr *new_sockname = NULL;
         socknamelen = actual_socknamelen;
 
-        if ((new_sockname = realloc(sockname, actual_socknamelen)) == NULL ||
-            socket_func(fd, new_sockname, &actual_socknamelen) == -1 ||
-            actual_socknamelen > socknamelen) 
+        if ((new_sockname = realloc(sockname, actual_socknamelen)) == NULL)
             goto sock_or_realloc_error;
 
         sockname = new_sockname;
+
+        if (socket_func(fd, sockname, &actual_socknamelen) == -1 ||
+            actual_socknamelen > socknamelen)
+            goto sock_or_realloc_error;
     }
 
     return sockname;
@@ -327,10 +330,15 @@ int _xcb_get_auth_info(int fd, xcb_auth_info_t *info, int display)
     if (!info->namelen)
         goto no_auth;   /* out of memory */
 
-    if (!gotsockname && (sockname = get_peer_sock_name(getsockname, fd)) == NULL)
+    if (!gotsockname)
     {
-        free(info->name);
-        goto no_auth;   /* can only authenticate sockets */
+        free(sockname);
+
+        if ((sockname = get_peer_sock_name(getsockname, fd)) == NULL)
+        {
+            free(info->name);
+            goto no_auth;   /* can only authenticate sockets */
+        }
     }
 
     ret = compute_auth(info, authptr, sockname);