diff options
| author | Marc Horowitz <marc@mit.edu> | 1998-10-06 08:17:23 +0000 |
|---|---|---|
| committer | Marc Horowitz <marc@mit.edu> | 1998-10-06 08:17:23 +0000 |
| commit | d4e2572f63011cc074c616239faccee192d15e95 (patch) | |
| tree | 44e67b21b11ca67b041df040f4f61f78d48a8849 | |
| parent | ca5b4dfda3050b775cfbc4f7809ddc3e2a4ee067 (diff) | |
| download | krb5-d4e2572f63011cc074c616239faccee192d15e95.zip krb5-d4e2572f63011cc074c616239faccee192d15e95.tar.gz krb5-d4e2572f63011cc074c616239faccee192d15e95.tar.bz2 | |
plug memory leaks
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10969 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/kdc/kdc_preauth.c | 19 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 47 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/init_sec_context.c | 3 |
3 files changed, 45 insertions, 24 deletions
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 25e1cd8..6809e04 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -499,6 +499,7 @@ get_etype_info(context, request, client, server, pa_data) goto cleanup; pa_data->contents = scratch->data; pa_data->length = scratch->length; + free(scratch); retval = 0; @@ -672,6 +673,13 @@ get_sam_edata(context, request, client, server, pa_data) break; } } + + krb5_princ_component(kdc_context,newp,probeslot)->data = 0; + krb5_princ_component(kdc_context,newp,probeslot)->length = 0; + krb5_princ_size(context, newp)--; + + krb5_free_principal(kdc_context, newp); + /* if sc.sam_type is set, it worked */ if (sc.sam_type) { /* so use assoc to get the key out! */ @@ -684,9 +692,10 @@ get_sam_edata(context, request, client, server, pa_data) &assoc_key); if (retval) { char *sname; - krb5_unparse_name(kdc_context, newp, &sname); + krb5_unparse_name(kdc_context, request->client, &sname); com_err("krb5kdc", retval, "snk4 finding the enctype and key <%s>", sname); + free(sname); return retval; } /* convert server.key into a real key */ @@ -701,14 +710,10 @@ get_sam_edata(context, request, client, server, pa_data) } /* now we can use encrypting_key... */ } - } else + } else { /* SAM is not an option - so don't return as hint */ return KRB5_PREAUTH_BAD_TYPE; - - krb5_princ_component(kdc_context,newp,probeslot)->data = 0; - krb5_princ_component(kdc_context,newp,probeslot)->length = 0; - krb5_princ_size(context, newp)--; - krb5_free_principal(kdc_context, newp); + } } sc.magic = KV5M_SAM_CHALLENGE; sc.sam_flags = KRB5_SAM_USE_SAD_AS_KEY; diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index efd3f7d..a26ffc7 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -214,6 +214,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, mic.data = 0; ap_req.data = 0; ap_rep.data = 0; + cksumdata.data = 0; if (mech_type) *mech_type = GSS_C_NULL_OID; @@ -652,6 +653,9 @@ krb5_gss_accept_sec_context(minor_status, context_handle, goto fail; } + free(cksumdata.data); + cksumdata.data = 0; + if (!valid) { code = 0; major_status = GSS_S_BAD_SIG; @@ -830,6 +834,9 @@ krb5_gss_accept_sec_context(minor_status, context_handle, ptr += (2+mic.length); + free(cksumdata.data); + cksumdata.data = 0; + /* gss krb5 v2 */ } else { /* gss krb5 v1 */ @@ -902,25 +909,31 @@ krb5_gss_accept_sec_context(minor_status, context_handle, /* finally! */ - if (authdat) - krb5_free_authenticator(context, authdat); *minor_status = 0; - return(GSS_S_COMPLETE); + major_status = GSS_S_COMPLETE; fail: + if (ctypes) + free(ctypes); if (authdat) krb5_free_authenticator(context, authdat); + if (reqcksum.contents) + xfree(reqcksum.contents); + if (ap_rep.data) + xfree(ap_rep.data); + if (mic.data) + xfree(mic.data); + if (cksumdata.data) + xfree(cksumdata.data); + + if (!GSS_ERROR(major_status)) + return(major_status); + + /* from here on is the real "fail" code */ + if (ctx) (void) krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx, NULL); - if (token.value) - xfree(token.value); - if (name) { - (void) kg_delete_name((gss_name_t) name); - krb5_free_principal(context, name); - } - if (reqcksum.contents) - xfree(reqcksum.contents); if (deleg_cred) { /* free memory associated with the deleg credential */ if (deleg_cred->ccache) (void)krb5_cc_close(context, deleg_cred->ccache); @@ -928,12 +941,12 @@ krb5_gss_accept_sec_context(minor_status, context_handle, krb5_free_principal(context, deleg_cred->princ); xfree(deleg_cred); } - if (ap_req.data && gsskrb5_vers == 2000) - xfree(ap_req.data); - if (ap_rep.data) - xfree(ap_rep.data); - if (mic.data) - xfree(mic.data); + if (token.value) + xfree(token.value); + if (name) { + (void) kg_delete_name((gss_name_t) name); + krb5_free_principal(context, name); + } *minor_status = code; diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 9a1c523..06ef35d 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -855,12 +855,15 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, kg2_parse_token(minor_status, ptr, token_length, &resp_flags, &nctypes, &ctypes, 0, NULL, &ap_rep, &mic))) { + free(ctypes); (void)krb5_gss_delete_sec_context(&dummy, context_handle, NULL); return(major_status); } kg2_intersect_ctypes(&ctx->nctypes, ctx->ctypes, nctypes, ctypes); + free(ctypes); + if (ctx->nctypes == 0) { code = KG_NO_CTYPES; goto fail; |