From e5d7803051f2d5d8d3b58926693fe63f3cef4380 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 26 Jun 2018 12:47:10 -0400 Subject: Fix OTP secret file leak and whitespace removal In read_secret_file() in the OTP kdcpreauth module, add a cleanup label and free filename on exit. Also fix the whitespace stripping code to correctly find the end offset, and use size_t rather than int offsets. The leak was reported by Bean Zhang. (cherry picked from commit 396c736c0add2e13f4a9aaaefc9c86445b701953) ticket: 8704 version_fixed: 1.15.4 --- src/plugins/preauth/otp/otp_state.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c index 5ba3d91..7c76bd0 100644 --- a/src/plugins/preauth/otp/otp_state.c +++ b/src/plugins/preauth/otp/otp_state.c @@ -84,23 +84,23 @@ read_secret_file(const char *secret_file, char **secret) { char buf[MAX_SECRET_LEN]; krb5_error_code retval; - char *filename; + char *filename = NULL; FILE *file; - int i, j; + size_t i, j; *secret = NULL; retval = k5_path_join(KDC_DIR, secret_file, &filename); if (retval != 0) { com_err("otp", retval, "Unable to resolve secret file '%s'", filename); - return retval; + goto cleanup; } file = fopen(filename, "r"); if (file == NULL) { retval = errno; com_err("otp", retval, "Unable to open secret file '%s'", filename); - return retval; + goto cleanup; } if (fgets(buf, sizeof(buf), file) == NULL) @@ -108,7 +108,7 @@ read_secret_file(const char *secret_file, char **secret) fclose(file); if (retval != 0) { com_err("otp", retval, "Unable to read secret file '%s'", filename); - return retval; + goto cleanup; } /* Strip whitespace. */ @@ -116,12 +116,15 @@ read_secret_file(const char *secret_file, char **secret) if (!isspace(buf[i])) break; } - for (j = strlen(buf) - i; j > 0; j--) { + for (j = strlen(buf); j > i; j--) { if (!isspace(buf[j - 1])) break; } *secret = k5memdup0(&buf[i], j - i, &retval); + +cleanup: + free(filename); return retval; } -- cgit v1.1