diff options
Diffstat (limited to 'src/kdc/fast_util.c')
-rw-r--r-- | src/kdc/fast_util.c | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c index 860dfcb..65e4600 100644 --- a/src/kdc/fast_util.c +++ b/src/kdc/fast_util.c @@ -338,6 +338,7 @@ kdc_fast_response_handle_padata(struct kdc_request_state *state, pa[0].length = encrypted_reply->length; pa[0].contents = (unsigned char *) encrypted_reply->data; pa_array[0] = &pa[0]; + krb5_free_pa_data(kdc_context, rep->padata); rep->padata = pa_array; pa_array = NULL; free(encrypted_reply); @@ -363,14 +364,15 @@ kdc_fast_response_handle_padata(struct kdc_request_state *state, /* * We assume the caller is responsible for passing us an in_padata * sufficient to include in a FAST error. In the FAST case we will - * throw away the e_data in the error (if any); in the non-FAST case - * we will not use the in_padata. + * set *fast_edata_out to the edata to be included in the error; in + * the non-FAST case we will set it to NULL. */ krb5_error_code kdc_fast_handle_error(krb5_context context, struct kdc_request_state *state, krb5_kdc_req *request, - krb5_pa_data **in_padata, krb5_error *err) + krb5_pa_data **in_padata, krb5_error *err, + krb5_data **fast_edata_out) { krb5_error_code retval = 0; krb5_fast_response resp; @@ -380,8 +382,8 @@ kdc_fast_handle_error(krb5_context context, krb5_pa_data *outer_pa[3], *cookie = NULL; krb5_pa_data **inner_pa = NULL; size_t size = 0; - krb5_data *encoded_e_data = NULL; + *fast_edata_out = NULL; memset(outer_pa, 0, sizeof(outer_pa)); if (!state || !state->armor_key) return 0; @@ -429,15 +431,7 @@ kdc_fast_handle_error(krb5_context context, pa[0].contents = (unsigned char *) encrypted_reply->data; outer_pa[0] = &pa[0]; } - retval = encode_krb5_padata_sequence(outer_pa, &encoded_e_data); - if (retval == 0) { - /*process_as holds onto a pointer to the original e_data and frees it*/ - err->e_data = *encoded_e_data; - free(encoded_e_data); /*contents belong to err*/ - encoded_e_data = NULL; - } - if (encoded_e_data) - krb5_free_data(kdc_context, encoded_e_data); + retval = encode_krb5_padata_sequence(outer_pa, fast_edata_out); if (encrypted_reply) krb5_free_data(kdc_context, encrypted_reply); if (encoded_fx_error) |