1 files changed, 5 insertions, 1 deletions

diff --git a/noncore/comm/keypebble/vncauth.c b/noncore/comm/keypebble/vncauth.c
index 277d145..7de837a 100644
--- a/noncore/comm/keypebble/vncauth.c
+++ b/noncore/comm/keypebble/vncauth.c
@@ -49,102 +49,106 @@ int
 vncEncryptAndStorePasswd(char *passwd, char *fname)
 {
     FILE *fp;
     uint i;
     unsigned char encryptedPasswd[8];
 
     if ((fp = fopen(fname,"w")) == NULL) return 1;
 
     chmod(fname, S_IRUSR|S_IWUSR);
 
     /* pad password with nulls */
 
     for (i = 0; i < 8; i++) {
 	if (i < strlen(passwd)) {
 	    encryptedPasswd[i] = passwd[i];
 	} else {
 	    encryptedPasswd[i] = 0;
 	}
     }
 
     /* Do encryption in-place - this way we overwrite our copy of the plaintext
        password */
 
     deskey(fixedkey, EN0);
     des(encryptedPasswd, encryptedPasswd);
 
     for (i = 0; i < 8; i++) {
 	putc(encryptedPasswd[i], fp);
     }
   
     fclose(fp);
     return 0;
 }
 
 
 /*
  * Decrypt a password from a file.  Returns a pointer to a newly allocated
  * string containing the password or a null pointer if the password could
  * not be retrieved for some reason.
  */
 
 char *
 vncDecryptPasswdFromFile(char *fname)
 {
     FILE *fp;
     int i, ch;
     unsigned char *passwd = (unsigned char *)malloc(9);
 
-    if ((fp = fopen(fname,"r")) == NULL) return NULL;
+    if ((fp = fopen(fname,"r")) == NULL) {
+	free(passwd);
+        return NULL;
+    }
 
     for (i = 0; i < 8; i++) {
 	ch = getc(fp);
 	if (ch == EOF) {
 	    fclose(fp);
+	    free(passwd);
 	    return NULL;
 	}
 	passwd[i] = ch;
     }
 
     deskey(fixedkey, DE1);
     des(passwd, passwd);
 
     passwd[8] = 0;
 
     return (char *)passwd;
 }
 
 
 /*
  * Generate CHALLENGESIZE random bytes for use in challenge-response
  * authentication.
  */
 
 void
 vncRandomBytes(unsigned char *bytes)
 {
     int i;
     unsigned int seed = (unsigned int) time(0);
 
     srandom(seed);
     for (i = 0; i < CHALLENGESIZE; i++) {
 	bytes[i] = (unsigned char)(random() & 255);    
     }
 }
 
 
 /*
  * Encrypt CHALLENGESIZE bytes in memory using a password.
  */
 
 void
 vncEncryptBytes(unsigned char *bytes, char *passwd)
 {
     unsigned char key[8];
     int i;
 
     /* key is simply password padded with nulls */
 
     for (i = 0; i < 8; i++) {
 	if (i < strlen(passwd)) {
 	    key[i] = passwd[i];
 	} else {