svn rev #25189: trunk/src/ lib/crypto/krb/ plugins/preauth/pkinit/

hartmans@MIT.EDU hartmans at MIT.EDU
Sun Sep 18 20:34:48 EDT 2011 

http://src.mit.edu/fisheye/changelog/krb5/?cs=25189
Commit By: hartmans
Log Message:
In pkinit_crypto_openssl.c, modified pkinit_octetstring2key() to
eliminate a possible memory leak in the error path, where the
key_block->length was set to zero but the key_block->contents were
not freed.  Also, changed calloc() call to a malloc() call to avoid
allocating up to 8 times as much buffer space as needed.

In keyblocks.c, modified kr5_free_keyblock_contents() to set the
key->length to zero after the key->contents have been freed.


Changed Files:
U   trunk/src/lib/crypto/krb/keyblocks.c
U   trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
Modified: trunk/src/lib/crypto/krb/keyblocks.c
===================================================================
--- trunk/src/lib/crypto/krb/keyblocks.c	2011-09-19 00:34:44 UTC (rev 25188)
+++ trunk/src/lib/crypto/krb/keyblocks.c	2011-09-19 00:34:48 UTC (rev 25189)
@@ -68,6 +68,7 @@
     if (key && key->contents) {
         zapfree(key->contents, key->length);
         key->contents = NULL;
+        key->length = 0;
     }
 }
 

Modified: trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c	2011-09-19 00:34:44 UTC (rev 25188)
+++ trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c	2011-09-19 00:34:48 UTC (rev 25189)
@@ -2143,7 +2143,7 @@
         goto cleanup;
 
     key_block->length = keylength;
-    key_block->contents = calloc(keylength, sizeof(unsigned char *));
+    key_block->contents = malloc(keylength);
     if (key_block->contents == NULL) {
         retval = ENOMEM;
         goto cleanup;
@@ -2156,9 +2156,9 @@
 
 cleanup:
     free(buf);
-    if (retval && key_block->contents != NULL && key_block->length != 0) {
-        memset(key_block->contents, 0, key_block->length);
-        key_block->length = 0;
+    // If this is an error return, free the allocated keyblock, if any
+    if (retval) {
+        krb5_free_keyblock_contents(context, key_block);
     }
 
     return retval;

More information about the cvs-krb5 mailing list