From d9ad02e3e0ca91fb5356f4467d73d5db56a1daa7 Mon Sep 17 00:00:00 2001
From: Kihyung Lee <kihyung2.lee@lge.com>
Date: Fri, 15 Jun 2018 12:46:42 +0900
Subject: [PATCH] Fix memory leak when GateKeeperProxy.verify() returns

After verify() calls verifyChallenge(), the caller acquires the ownership of
returned memory block pointed by *auth_token.
However, the current implementation directly returns and lost the reference
of auth_token without freeing it from heap memory.

This patch solves this problem by explicitly deleting the auth_token array.

Change-Id: I6cfe8427174aa36fbb208e2fff8904095f468ec6
---
 gatekeeperd/gatekeeperd.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 61c880409..abb387c15 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -234,11 +234,13 @@ public:
     virtual int verify(uint32_t uid,
             const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
             const uint8_t *provided_password, uint32_t provided_password_length, bool *request_reenroll) {
-        uint8_t *auth_token;
+        uint8_t *auth_token = nullptr;
         uint32_t auth_token_length;
-        return verifyChallenge(uid, 0, enrolled_password_handle, enrolled_password_handle_length,
+        int ret = verifyChallenge(uid, 0, enrolled_password_handle, enrolled_password_handle_length,
                 provided_password, provided_password_length,
                 &auth_token, &auth_token_length, request_reenroll);
+        delete [] auth_token;
+        return ret;
     }
 
     virtual int verifyChallenge(uint32_t uid, uint64_t challenge,