svn rev #24452: trunk/src/lib/krb5/krb/
hartmans@MIT.EDU
hartmans at MIT.EDU
Tue Oct 12 21:19:14 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24452
Commit By: hartmans
Log Message:
ticket: 6801
target_version: 1.9
Subject: Fix leaks in get_init_creds interface
In Debian Bug 598032, Bastian Blank points out that there are two
leaks in the get_init_creds interface:
* Free ctx->request->padata after sending the KDC request so it is not
overwritten the next time around the loop.
* If options is NULL passed into krb5_get_init_creds_init, then set up
a non-extended options structure so that krb5_get_init_creds_free will
free the options.
Changed Files:
U trunk/src/lib/krb5/krb/get_in_tkt.c
Modified: trunk/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- trunk/src/lib/krb5/krb/get_in_tkt.c 2010-10-11 21:48:13 UTC (rev 24451)
+++ trunk/src/lib/krb5/krb/get_in_tkt.c 2010-10-13 01:19:14 UTC (rev 24452)
@@ -798,6 +798,7 @@
int tmp;
char *str = NULL;
krb5_gic_opt_ext *opte;
+ krb5_get_init_creds_opt local_opts;
TRACE_INIT_CREDS(context, client);
@@ -822,9 +823,12 @@
ctx->start_time = start_time;
if (options == NULL) {
- code = krb5_get_init_creds_opt_alloc(context, &options);
- if (code != 0)
- goto cleanup;
+ /* We initialize a non-extended options because that way the shadowed
+ flag will be sent and they will be freed when the init_creds context is
+ freed. The options will be extended and copied off the stack into
+ storage by opt_to_opte.*/
+ krb5_get_init_creds_opt_init(&local_opts);
+ options = &local_opts;
}
code = krb5int_gic_opt_to_opte(context, options,
@@ -1175,6 +1179,8 @@
goto cleanup;
cleanup:
+ krb5_free_pa_data( context, ctx->request->padata);
+ ctx->request->padata = NULL;
return code;
}
More information about the cvs-krb5
mailing list