krb5 commit: Add malloc null checks to MSLSA ccache
Greg Hudson
ghudson at mit.edu
Thu Mar 1 11:50:23 EST 2018
https://github.com/krb5/krb5/commit/e8e4115e7ecf18fcf3c3f813f1e1255a04ecf48b
commit e8e4115e7ecf18fcf3c3f813f1e1255a04ecf48b
Author: sashan <anedvedicky at gmail.com>
Date: Tue Feb 20 23:05:13 2018 +0100
Add malloc null checks to MSLSA ccache
src/lib/krb5/ccache/cc_mslsa.c | 38 ++++++++++++++++++++------------------
1 files changed, 20 insertions(+), 18 deletions(-)
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index c741a50..0300983 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -385,6 +385,8 @@ CacheInfoEx2ToMITCred(KERB_TICKET_CACHE_INFO_EX2 *info,
* not a NULL list of addresses.
*/
creds->addresses = (krb5_address **)malloc(sizeof(krb5_address *));
+ if (creds->addresses == NULL)
+ return FALSE;
memset(creds->addresses, 0, sizeof(krb5_address *));
return TRUE;
@@ -739,13 +741,14 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId,
{
NTSTATUS Status = 0;
NTSTATUS SubStatus = 0;
- KERB_SUBMIT_TKT_REQUEST * pSubmitRequest;
+ KERB_SUBMIT_TKT_REQUEST * pSubmitRequest = NULL;
DWORD dwRequestLen;
- krb5_auth_context auth_context;
+ krb5_auth_context auth_context = NULL;
krb5_keyblock * keyblock = 0;
krb5_replay_data replaydata;
krb5_data * krb_cred = 0;
krb5_error_code rc;
+ BOOL rv = FALSE;
if (krb5_auth_con_init(context, &auth_context)) {
return FALSE;
@@ -765,9 +768,13 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId,
* that an enctype other than NULL be used. */
if (keyblock == NULL) {
keyblock = (krb5_keyblock *)malloc(sizeof(krb5_keyblock));
+ if (keyblock == NULL)
+ return FALSE;
keyblock->enctype = ENCTYPE_ARCFOUR_HMAC;
keyblock->length = 16;
keyblock->contents = (krb5_octet *)malloc(16);
+ if (keyblock->contents == NULL)
+ goto cleanup;
keyblock->contents[0] = 0xde;
keyblock->contents[1] = 0xad;
keyblock->contents[2] = 0xbe;
@@ -787,18 +794,14 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId,
krb5_auth_con_setsendsubkey(context, auth_context, keyblock);
}
rc = krb5_mk_1cred(context, auth_context, cred, &krb_cred, &replaydata);
- if (rc) {
- krb5_auth_con_free(context, auth_context);
- if (keyblock)
- krb5_free_keyblock(context, keyblock);
- if (krb_cred)
- krb5_free_data(context, krb_cred);
- return FALSE;
- }
+ if (rc)
+ goto cleanup;
dwRequestLen = sizeof(KERB_SUBMIT_TKT_REQUEST) + krb_cred->length + (keyblock ? keyblock->length : 0);
pSubmitRequest = (PKERB_SUBMIT_TKT_REQUEST)malloc(dwRequestLen);
+ if (pSubmitRequest == NULL)
+ goto cleanup;
memset(pSubmitRequest, 0, dwRequestLen);
pSubmitRequest->MessageType = KerbSubmitTicketMessage;
@@ -822,8 +825,6 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId,
if (keyblock)
memcpy(((CHAR *)pSubmitRequest)+sizeof(KERB_SUBMIT_TKT_REQUEST)+krb_cred->length,
keyblock->contents, keyblock->length);
- krb5_free_data(context, krb_cred);
-
Status = LsaCallAuthenticationPackage( LogonHandle,
PackageId,
pSubmitRequest,
@@ -832,15 +833,16 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId,
NULL,
&SubStatus
);
+
+ rv = (!FAILED(Status) && !FAILED(SubStatus));
+
+cleanup:
free(pSubmitRequest);
- if (keyblock)
- krb5_free_keyblock(context, keyblock);
+ krb5_free_keyblock(context, keyblock);
+ krb5_free_data(context, krb_cred);
krb5_auth_con_free(context, auth_context);
- if (FAILED(Status) || FAILED(SubStatus)) {
- return FALSE;
- }
- return TRUE;
+ return rv;
}
/*
More information about the cvs-krb5
mailing list