diff options
| author | Greg Hudson <ghudson@mit.edu> | 2016-06-28 12:28:11 -0400 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2016-09-02 18:30:08 -0400 |
| commit | 7dd659b97df5799d429b8afcbb0b6b804d3feabf (patch) | |
| tree | 6fea1133392ff469ed6ca59e8487eb7cb5234da6 | |
| parent | 1f612b3d1c241efd95cc0d5027e8273218209898 (diff) | |
| download | krb5-7dd659b97df5799d429b8afcbb0b6b804d3feabf.zip krb5-7dd659b97df5799d429b8afcbb0b6b804d3feabf.tar.gz krb5-7dd659b97df5799d429b8afcbb0b6b804d3feabf.tar.bz2 | |
Fix leak in gss_display_name() for non-MN names
RFC 2744 states that the gss_display_name() output_name_type result is
"a pointer into static storage, and should be treated as read-only by
the caller (in particular, the application should not attempt to free
it)". For non-mechanism names, we were making a copy of the name type
from the union name structure, causing a memory leak; stop doing that.
(cherry picked from commit 20fcbf2cb820df0d31e66bb11f64fb50a31008f5)
ticket: 8439
version_fixed: 1.13.7
| -rw-r--r-- | src/lib/gssapi/mechglue/g_dsp_name.c | 27 |
1 files changed, 4 insertions, 23 deletions
diff --git a/src/lib/gssapi/mechglue/g_dsp_name.c b/src/lib/gssapi/mechglue/g_dsp_name.c index 825bf4d..21867c8 100644 --- a/src/lib/gssapi/mechglue/g_dsp_name.c +++ b/src/lib/gssapi/mechglue/g_dsp_name.c @@ -102,36 +102,17 @@ gss_OID * output_name_type; output_name_type)); } - /* - * copy the value of the external_name component of the union - * name into the output_name_buffer and point the output_name_type - * to the name_type component of union_name - */ - if (output_name_type != NULL && - union_name->name_type != GSS_C_NULL_OID) { - major_status = generic_gss_copy_oid(minor_status, - union_name->name_type, - output_name_type); - if (major_status != GSS_S_COMPLETE) { - map_errcode(minor_status); - return (major_status); - } - } - if ((output_name_buffer->value = - gssalloc_malloc(union_name->external_name->length + 1)) == NULL) { - if (output_name_type && *output_name_type != GSS_C_NULL_OID) { - (void) generic_gss_release_oid(minor_status, - output_name_type); - *output_name_type = NULL; - } + gssalloc_malloc(union_name->external_name->length + 1)) == NULL) return (GSS_S_FAILURE); - } output_name_buffer->length = union_name->external_name->length; (void) memcpy(output_name_buffer->value, union_name->external_name->value, union_name->external_name->length); ((char *)output_name_buffer->value)[output_name_buffer->length] = '\0'; + if (output_name_type != NULL) + *output_name_type = union_name->name_type; + return(GSS_S_COMPLETE); } |