From 83c5fa8d325525cadd439f0e05cfdcc0ca2964b0 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <fziglio@redhat.com>
Date: Tue, 12 Dec 2017 17:20:39 +0000
Subject: [PATCH] reds: Remove possible leak during SASL authentication

We need to free the connection if the mechanism name is wrong

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
 server/reds.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/reds.c b/server/reds.c
index e7b95980..384ebc58 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -2202,6 +2202,7 @@ static void reds_handle_auth_mechname(void *opaque)
 
     if (!red_sasl_handle_auth_mechname(link->stream, reds_handle_auth_startlen, link)) {
             reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
+        reds_link_free(link);
     }
 }