diff options
| author | Isaac Boukris <iboukris@gmail.com> | 2020-01-26 21:49:47 +0100 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2020-01-28 10:59:32 -0500 |
| commit | 4a2c5d259f5a7eda0f0f9028c061fcd032a72de0 (patch) | |
| tree | 5fdad78a80b996d9d21a1b0752fd67931dac61c1 /src/lib/krb5 | |
| parent | a5aa5969bc6ed404b86318b47c38dfc3d3aeb8df (diff) | |
| download | krb5-4a2c5d259f5a7eda0f0f9028c061fcd032a72de0.zip krb5-4a2c5d259f5a7eda0f0f9028c061fcd032a72de0.tar.gz krb5-4a2c5d259f5a7eda0f0f9028c061fcd032a72de0.tar.bz2 | |
Zero length fields when freeing object contents
In krb5_free_data_contents() and krb5_free_checksum_contents(), zero
the length as well as the data pointer to leave the object in a valid
state. Add asserts to existing test harnesses to verify the new
behavior.
In the krb5 GSS mech's kg_checksum_channel_bindings(), remove the code
to reallocate the checksum with xmalloc(), as it relied on
krb5_free_checksum_contents() leaving the object in an invalid state.
This code was added in commit a30fb4c4400f13a2690df7ef910b7ac0ccbcf194
to match an xfree() call, but commit
29337e7c7b796685fb6a03466d32147e17aa2d16 replaced that xfree() with a
krb5_free_checksum_contents(). (In addition, the xmalloc and xfree
wrappers never evolved to do anything beyond malloc and free.)
In kpropd's recv_database(), don't free outbuf until we are done using
its length.
[ghudson@mit.edu: rewrote commit message; edited doxygen comment
changes to mention version]
ticket: 8871 (new)
Diffstat (limited to 'src/lib/krb5')
| -rw-r--r-- | src/lib/krb5/krb/kfree.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index ab2409f..6e38044 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -145,6 +145,7 @@ krb5_free_checksum_contents(krb5_context context, krb5_checksum *val) return; free(val->contents); val->contents = NULL; + val->length = 0; } void KRB5_CALLCONV @@ -242,10 +243,9 @@ krb5_free_data_contents(krb5_context context, krb5_data *val) { if (val == NULL) return; - if (val->data) { - free(val->data); - val->data = 0; - } + free(val->data); + val->data = NULL; + val->length = 0; } void KRB5_CALLCONV |