diff options
| author | Greg Hudson <ghudson@mit.edu> | 2018-06-26 12:47:10 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2018-10-29 15:20:26 -0400 |
| commit | e5d7803051f2d5d8d3b58926693fe63f3cef4380 (patch) | |
| tree | 61b4e1d2326d09897f2592df0c20fd5a2f2682b8 | |
| parent | 8b8cad8b9ff92e2a2d344fc7c4d77277c9c09829 (diff) | |
| download | krb5-e5d7803051f2d5d8d3b58926693fe63f3cef4380.zip krb5-e5d7803051f2d5d8d3b58926693fe63f3cef4380.tar.gz krb5-e5d7803051f2d5d8d3b58926693fe63f3cef4380.tar.bz2 | |
Fix OTP secret file leak and whitespace removal
In read_secret_file() in the OTP kdcpreauth module, add a cleanup
label and free filename on exit. Also fix the whitespace stripping
code to correctly find the end offset, and use size_t rather than int
offsets. The leak was reported by Bean Zhang.
(cherry picked from commit 396c736c0add2e13f4a9aaaefc9c86445b701953)
ticket: 8704
version_fixed: 1.15.4
| -rw-r--r-- | src/plugins/preauth/otp/otp_state.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c index 5ba3d91..7c76bd0 100644 --- a/src/plugins/preauth/otp/otp_state.c +++ b/src/plugins/preauth/otp/otp_state.c @@ -84,23 +84,23 @@ read_secret_file(const char *secret_file, char **secret) { char buf[MAX_SECRET_LEN]; krb5_error_code retval; - char *filename; + char *filename = NULL; FILE *file; - int i, j; + size_t i, j; *secret = NULL; retval = k5_path_join(KDC_DIR, secret_file, &filename); if (retval != 0) { com_err("otp", retval, "Unable to resolve secret file '%s'", filename); - return retval; + goto cleanup; } file = fopen(filename, "r"); if (file == NULL) { retval = errno; com_err("otp", retval, "Unable to open secret file '%s'", filename); - return retval; + goto cleanup; } if (fgets(buf, sizeof(buf), file) == NULL) @@ -108,7 +108,7 @@ read_secret_file(const char *secret_file, char **secret) fclose(file); if (retval != 0) { com_err("otp", retval, "Unable to read secret file '%s'", filename); - return retval; + goto cleanup; } /* Strip whitespace. */ @@ -116,12 +116,15 @@ read_secret_file(const char *secret_file, char **secret) if (!isspace(buf[i])) break; } - for (j = strlen(buf) - i; j > 0; j--) { + for (j = strlen(buf); j > i; j--) { if (!isspace(buf[j - 1])) break; } *secret = k5memdup0(&buf[i], j - i, &retval); + +cleanup: + free(filename); return retval; } |