diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-02-10 19:05:58 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-02-10 19:05:58 +0000 |
commit | 16e6ccc30efadf78c3d8b3b092e984a379a6d711 (patch) | |
tree | 5e513d950f4fdbe9057508f9f18c7529975deded /src/lib/krb5/ccache/ser_cc.c | |
parent | dc8410d699a0cf9d1f0d47804ba0b4920cdf46ae (diff) | |
download | krb5-16e6ccc30efadf78c3d8b3b092e984a379a6d711.zip krb5-16e6ccc30efadf78c3d8b3b092e984a379a6d711.tar.gz krb5-16e6ccc30efadf78c3d8b3b092e984a379a6d711.tar.bz2 |
In krb5_ccache_internalize: fix resource leaks, fix several cases
where success could be returned on failure, validate the length of the
ccache name, make the value of *argp well-defined on failure, and lay
out the function in a linear style with a cleanup handler.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21952 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/ccache/ser_cc.c')
-rw-r--r-- | src/lib/krb5/ccache/ser_cc.c | 71 |
1 files changed, 46 insertions, 25 deletions
diff --git a/src/lib/krb5/ccache/ser_cc.c b/src/lib/krb5/ccache/ser_cc.c index 88e6a13..33e7f51 100644 --- a/src/lib/krb5/ccache/ser_cc.c +++ b/src/lib/krb5/ccache/ser_cc.c @@ -158,36 +158,57 @@ krb5_ccache_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet ** krb5_int32 ibuf; krb5_octet *bp; size_t remain; - char *ccname; + char *ccname = NULL; + + *argp = NULL; bp = *buffer; remain = *lenremain; - kret = EINVAL; - /* Read our magic number */ - if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; - if (ibuf == KV5M_CCACHE) { - kret = ENOMEM; - /* Get the length of the ccache name */ - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - - if (!kret && - (ccname = (char *) malloc((size_t) (ibuf+1))) && - !(kret = krb5_ser_unpack_bytes((krb5_octet *) ccname, - (size_t) ibuf, - &bp, &remain))) { - ccname[ibuf] = '\0'; - if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) && - !(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)) && - (ibuf == KV5M_CCACHE)) { - *buffer = bp; - *lenremain = remain; - *argp = (krb5_pointer) ccache; - } - free(ccname); - } + /* Read our magic number. */ + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (kret) + return kret; + if (ibuf != KV5M_CCACHE) + return EINVAL; + + /* Unpack and validate the length of the ccache name. */ + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (kret) + return kret; + if (ibuf < 0 || ibuf > remain) + return EINVAL; + + /* Allocate and unpack the name. */ + ccname = malloc(ibuf + 1); + if (!ccname) + return ENOMEM; + kret = krb5_ser_unpack_bytes((krb5_octet *) ccname, (size_t) ibuf, + &bp, &remain); + if (kret) + goto cleanup; + ccname[ibuf] = '\0'; + + /* Read the second magic number. */ + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (kret) + goto cleanup; + if (ibuf != KV5M_CCACHE) { + kret = EINVAL; + goto cleanup; } + + /* Resolve the named credential cache. */ + kret = krb5_cc_resolve(kcontext, ccname, &ccache); + if (kret) + goto cleanup; + + *buffer = bp; + *lenremain = remain; + *argp = ccache; + +cleanup: + free(ccname); return(kret); } |