krb5 commit: Use DB allocators for default key data encryption

Greg Hudson ghudson at mit.edu
Fri Feb 19 15:46:56 EST 2016 

https://github.com/krb5/krb5/commit/2e9f19882c1e127fd7d9b09f9d6c3331ee638bfd
commit 2e9f19882c1e127fd7d9b09f9d6c3331ee638bfd
Author: Simo Sorce <simo at redhat.com>
Date:   Wed Dec 16 13:19:27 2015 -0500

    Use DB allocators for default key data encryption
    
    krb5_dbe_def_encrypt_key_data() is used by KDB modules as the default
    encryption functions.  It deals with structures allocated or freed by
    the KDB module, so it needs to use the module's memory allocation
    functions.

 src/lib/kdb/encrypt_key.c |   16 +++++++++-------
 1 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c
index 2ca4632..dafe612 100644
--- a/src/lib/kdb/encrypt_key.c
+++ b/src/lib/kdb/encrypt_key.c
@@ -73,9 +73,10 @@ krb5_dbe_def_encrypt_key_data( krb5_context             context,
     krb5_data                     plain;
     krb5_enc_data                 cipher;
 
-    for (i = 0; i < key_data->key_data_ver; i++)
-        if (key_data->key_data_contents[i])
-            free(key_data->key_data_contents[i]);
+    for (i = 0; i < key_data->key_data_ver; i++) {
+        krb5_db_free(context, key_data->key_data_contents[i]);
+        key_data->key_data_contents[i] = NULL;
+    }
 
     key_data->key_data_ver = 1;
     key_data->key_data_kvno = keyver;
@@ -88,7 +89,8 @@ krb5_dbe_def_encrypt_key_data( krb5_context             context,
                                         &len)))
         return(retval);
 
-    if ((ptr = (krb5_octet *) malloc(2 + len)) == NULL)
+    ptr = krb5_db_alloc(context, NULL, 2 + len);
+    if (ptr == NULL)
         return(ENOMEM);
 
     key_data->key_data_type[0] = dbkey->enctype;
@@ -106,7 +108,7 @@ krb5_dbe_def_encrypt_key_data( krb5_context             context,
 
     if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0,
                                  &plain, &cipher))) {
-        free(key_data->key_data_contents[0]);
+        krb5_db_free(context, key_data->key_data_contents[0]);
         return retval;
     }
 
@@ -117,9 +119,9 @@ krb5_dbe_def_encrypt_key_data( krb5_context             context,
             key_data->key_data_type[1] = keysalt->type;
             if ((key_data->key_data_length[1] = keysalt->data.length) != 0) {
                 key_data->key_data_contents[1] =
-                    (krb5_octet *)malloc(keysalt->data.length);
+                    krb5_db_alloc(context, NULL, keysalt->data.length);
                 if (key_data->key_data_contents[1] == NULL) {
-                    free(key_data->key_data_contents[0]);
+                    krb5_db_free(context, key_data->key_data_contents[0]);
                     return ENOMEM;
                 }
                 memcpy(key_data->key_data_contents[1], keysalt->data.data,

More information about the cvs-krb5 mailing list