svn rev #23714: trunk/src/kdc/
ghudson@MIT.EDU
ghudson at MIT.EDU
Tue Feb 9 20:55:36 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23714
Commit By: ghudson
Log Message:
ticket: 6656
Followon fixes to r23712:
* A few formatting fixes.
* Fix unlikely leak in kdc_handle_protected_negotiation: if
add_pa_data_element with copy == FALSE fails, it's still the
caller's responsibility to free pa.contents.
* Fix pre-existing (since r23465) leak of reply_encpart.enc_padata in
process_as_req.
* Call add_pa_data_element with copy == TRUE in
return_referral_enc_padata since we are passing memory owned by the
database entry.
Changed Files:
U trunk/src/kdc/do_as_req.c
U trunk/src/kdc/do_tgs_req.c
U trunk/src/kdc/kdc_preauth.c
U trunk/src/kdc/kdc_util.c
U trunk/src/kdc/kdc_util.h
Modified: trunk/src/kdc/do_as_req.c
===================================================================
--- trunk/src/kdc/do_as_req.c 2010-02-09 19:15:12 UTC (rev 23713)
+++ trunk/src/kdc/do_as_req.c 2010-02-10 01:55:36 UTC (rev 23714)
@@ -133,6 +133,7 @@
server_keyblock.contents = NULL;
client_keyblock.contents = NULL;
reply.padata = 0;
+ reply_encpart.enc_padata = 0;
memset(&reply, 0, sizeof(reply));
session_key.contents = 0;
@@ -623,7 +624,8 @@
goto errout;
}
errcode = return_enc_padata(kdc_context, req_pkt, request,
- as_encrypting_key, &server, &reply_encpart, FALSE);
+ as_encrypting_key, &server, &reply_encpart,
+ FALSE);
if (errcode) {
status = "KDC_RETURN_ENC_PADATA";
goto errout;
@@ -689,6 +691,8 @@
krb5_free_keyblock_contents(kdc_context, &client_keyblock);
if (reply.padata != NULL)
krb5_free_pa_data(kdc_context, reply.padata);
+ if (reply_encpart.enc_padata)
+ krb5_free_pa_data(kdc_context, reply_encpart.enc_padata);
if (cname != NULL)
free(cname);
Modified: trunk/src/kdc/do_tgs_req.c
===================================================================
--- trunk/src/kdc/do_tgs_req.c 2010-02-09 19:15:12 UTC (rev 23713)
+++ trunk/src/kdc/do_tgs_req.c 2010-02-10 01:55:36 UTC (rev 23714)
@@ -950,13 +950,14 @@
}
errcode = return_enc_padata(kdc_context, pkt, request,
reply_key, &server, &reply_encpart,
- is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE));
+ is_referral &&
+ isflagset(s_flags,
+ KRB5_KDB_FLAG_CANONICALIZE));
if (errcode) {
status = "KDC_RETURN_ENC_PADATA";
goto cleanup;
}
-
errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart,
subkey ? 1 : 0,
reply_key,
Modified: trunk/src/kdc/kdc_preauth.c
===================================================================
--- trunk/src/kdc/kdc_preauth.c 2010-02-09 19:15:12 UTC (rev 23713)
+++ trunk/src/kdc/kdc_preauth.c 2010-02-10 01:55:36 UTC (rev 23714)
@@ -3086,9 +3086,10 @@
static krb5_error_code
return_referral_enc_padata( krb5_context context,
- krb5_enc_kdc_rep_part *reply, krb5_db_entry *server)
+ krb5_enc_kdc_rep_part *reply,
+ krb5_db_entry *server)
{
- krb5_error_code code;
+ krb5_error_code code;
krb5_tl_data tl_data;
krb5_pa_data pa_data;
@@ -3101,10 +3102,9 @@
pa_data.pa_type = KRB5_PADATA_SVR_REFERRAL_INFO;
pa_data.length = tl_data.tl_data_length;
pa_data.contents = tl_data.tl_data_contents;
- return add_pa_data_element(context, &pa_data, &reply->enc_padata, FALSE);
+ return add_pa_data_element(context, &pa_data, &reply->enc_padata, TRUE);
}
-
krb5_error_code
return_enc_padata(krb5_context context, krb5_data *req_pkt,
krb5_kdc_req *request, krb5_keyblock *reply_key,
Modified: trunk/src/kdc/kdc_util.c
===================================================================
--- trunk/src/kdc/kdc_util.c 2010-02-09 19:15:12 UTC (rev 23713)
+++ trunk/src/kdc/kdc_util.c 2010-02-10 01:55:36 UTC (rev 23714)
@@ -2697,9 +2697,9 @@
pa.contents = (krb5_octet *) out->data;
pa.length = out->length;
retval = add_pa_data_element(kdc_context, &pa, out_enc_padata, FALSE);
- out->data = NULL;
if (retval)
goto cleanup;
+ out->data = NULL;
pa.magic = KV5M_PA_DATA;
pa.pa_type = KRB5_PADATA_FX_FAST;
pa.length = 0;
Modified: trunk/src/kdc/kdc_util.h
===================================================================
--- trunk/src/kdc/kdc_util.h 2010-02-09 19:15:12 UTC (rev 23713)
+++ trunk/src/kdc/kdc_util.h 2010-02-10 01:55:36 UTC (rev 23714)
@@ -259,7 +259,7 @@
krb5_keyblock *reply_key,
krb5_db_entry *server,
krb5_enc_kdc_rep_part *reply_encpart,
-krb5_boolean is_referral);
+ krb5_boolean is_referral);
krb5_error_code
sign_db_authdata (krb5_context context,
More information about the cvs-krb5
mailing list