svn rev #22156: branches/fast/src/ kdc/ lib/krb5/krb/ plugins/preauth/encrypted_challenge/

hartmans@MIT.EDU hartmans at MIT.EDU
Wed Apr 1 17:13:35 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22156
Commit By: hartmans
Log Message:
Fix memory management errors detected through static analysis; thanks Greg Hudson.


Changed Files:
U   branches/fast/src/kdc/do_as_req.c
U   branches/fast/src/kdc/fast_util.c
U   branches/fast/src/kdc/kdc_util.c
U   branches/fast/src/lib/krb5/krb/fast.c
U   branches/fast/src/lib/krb5/krb/get_in_tkt.c
U   branches/fast/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
Modified: branches/fast/src/kdc/do_as_req.c
===================================================================
--- branches/fast/src/kdc/do_as_req.c	2009-04-01 21:13:31 UTC (rev 22155)
+++ branches/fast/src/kdc/do_as_req.c	2009-04-01 21:13:34 UTC (rev 22156)
@@ -760,7 +760,7 @@
 	    if (pa == NULL)
 		retval = ENOMEM;
 	    else 		for (size = 0; td[size]; size++) {
-		krb5_pa_data *pad = malloc(sizeof(krb5_pa_data *));
+		krb5_pa_data *pad = malloc(sizeof(krb5_pa_data ));
 		if (pad == NULL) {
 		    retval = ENOMEM;
 		    break;

Modified: branches/fast/src/kdc/fast_util.c
===================================================================
--- branches/fast/src/kdc/fast_util.c	2009-04-01 21:13:31 UTC (rev 22155)
+++ branches/fast/src/kdc/fast_util.c	2009-04-01 21:13:34 UTC (rev 22156)
@@ -50,7 +50,7 @@
     krb5_ticket *ticket = NULL;
     krb5_keyblock *subkey = NULL;
     
-    assert(armor->armor_type = KRB5_FAST_ARMOR_AP_REQUEST);
+    assert(armor->armor_type == KRB5_FAST_ARMOR_AP_REQUEST);
     krb5_clear_error_message(kdc_context);
     retval = krb5_auth_con_init(kdc_context, &authcontext);
     if (retval == 0)
@@ -270,7 +270,7 @@
     krb5_fast_response fast_response;
     krb5_data *encoded_ticket = NULL;
     krb5_data *encrypted_reply = NULL;
-    krb5_pa_data *pa = NULL, **pa_array;
+    krb5_pa_data *pa = NULL, **pa_array = NULL;
     krb5_cksumtype cksumtype = CKSUMTYPE_RSA_MD5;
     krb5_pa_data *empty_padata[] = {NULL};
     
@@ -309,11 +309,14 @@
 	pa_array[0] = &pa[0];
 	rep->padata = pa_array;
 	pa_array = NULL;
+	free(encrypted_reply);
 	encrypted_reply = NULL;
 	pa = NULL;
     }
     if (pa)
       free(pa);
+    if (pa_array)
+	free(pa_array);
     if (encrypted_reply)
 	krb5_free_data(kdc_context, encrypted_reply);
     if (encoded_ticket)

Modified: branches/fast/src/kdc/kdc_util.c
===================================================================
--- branches/fast/src/kdc/kdc_util.c	2009-04-01 21:13:31 UTC (rev 22155)
+++ branches/fast/src/kdc/kdc_util.c	2009-04-01 21:13:34 UTC (rev 22156)
@@ -347,13 +347,13 @@
 				   authenticator->authorization_data,
 				   KRB5_AUTHDATA_FX_ARMOR, &authdata);
     if (retval != 0)
-	goto cleanup_auth_context;
+	goto cleanup_authenticator;
         if (authdata&& authdata[0]) {
 	krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
 			       "ticket valid only as FAST armor");
 	retval = KRB5KDC_ERR_POLICY;
 	krb5_free_authdata(kdc_context, authdata);
-	goto cleanup_auth_context;
+	goto cleanup_authenticator;
     }
     krb5_free_authdata(kdc_context, authdata);
     

Modified: branches/fast/src/lib/krb5/krb/fast.c
===================================================================
--- branches/fast/src/lib/krb5/krb/fast.c	2009-04-01 21:13:31 UTC (rev 22155)
+++ branches/fast/src/lib/krb5/krb/fast.c	2009-04-01 21:13:34 UTC (rev 22156)
@@ -299,6 +299,8 @@
 	free(scratch.data);
     if (encrypted_response)
 	krb5_free_enc_data(context, encrypted_response);
+    if (local_resp)
+	krb5_free_fast_response(context, local_resp);
     return retval;
 }
 

Modified: branches/fast/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- branches/fast/src/lib/krb5/krb/get_in_tkt.c	2009-04-01 21:13:31 UTC (rev 22155)
+++ branches/fast/src/lib/krb5/krb/get_in_tkt.c	2009-04-01 21:13:34 UTC (rev 22156)
@@ -1340,8 +1340,6 @@
 		out_padata = NULL;
 		krb5_free_error(context, err_reply);
 		err_reply = NULL;
-		if (ret)
-		    goto cleanup;
 		ret = sort_krb5_padata_sequence(context,
 						&request.server->realm,
 						preauth_to_use);

Modified: branches/fast/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
===================================================================
--- branches/fast/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c	2009-04-01 21:13:31 UTC (rev 22155)
+++ branches/fast/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c	2009-04-01 21:13:34 UTC (rev 22156)
@@ -116,6 +116,7 @@
 	krb5_pa_data **pa_array = NULL;
 	krb5_data *encoded_ts = NULL;
 	krb5_pa_enc_ts ts;
+	enc.ciphertext.data = NULL;
 	if (retval == 0)
 	retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec);
 	if (retval == 0)
@@ -300,8 +301,6 @@
     }
     if (armor_key)
 	krb5_free_keyblock(context, armor_key);
-    if (challenge_key)
-	krb5_free_keyblock(context, challenge_key);
     if (plain.data) 
 	free(plain.data);
     if (enc)

More information about the cvs-krb5 mailing list