krb5 commit: Add and use k5memdup, k5memdup0 helpers
Greg Hudson
ghudson at MIT.EDU
Sat Feb 9 18:44:46 EST 2013
https://github.com/krb5/krb5/commit/7905cd6a2eddbf264242bb2a85f811878b2da7ab
commit 7905cd6a2eddbf264242bb2a85f811878b2da7ab
Author: Greg Hudson <ghudson at mit.edu>
Date: Sat Feb 9 00:43:35 2013 -0500
Add and use k5memdup, k5memdup0 helpers
Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.
src/include/k5-int.h | 22 ++++++++++++++++++++
src/kadmin/server/schpw.c | 5 +---
src/kdc/fast_util.c | 11 +++------
src/kdc/kdc_preauth.c | 4 +--
src/lib/crypto/krb/checksum_confounder.c | 9 +++----
src/lib/crypto/krb/derive.c | 3 +-
src/lib/crypto/krb/enc_old.c | 3 +-
src/lib/gssapi/krb5/gssapi_krb5.c | 5 +---
src/lib/gssapi/krb5/import_cred.c | 6 +---
src/lib/gssapi/krb5/import_name.c | 6 +---
src/lib/gssapi/krb5/naming_exts.c | 4 +--
src/lib/kadm5/srv/svr_principal.c | 8 ++----
src/lib/kdb/kdb5.c | 7 +----
src/lib/kdb/kdb_default.c | 6 ++--
src/lib/kdb/kdb_log.c | 7 +----
src/lib/krb5/ccache/ccbase.c | 10 ++------
src/lib/krb5/keytab/kt_srvtab.c | 7 ++---
src/lib/krb5/keytab/ktbase.c | 10 ++------
src/lib/krb5/krb/copy_tick.c | 6 +---
src/lib/krb5/krb/fwd_tgt.c | 9 ++-----
src/lib/krb5/krb/get_in_tkt.c | 6 +---
src/lib/krb5/krb/pac.c | 18 +++++----------
src/lib/krb5/krb/pac_sign.c | 6 +---
src/lib/krb5/krb/preauth2.c | 9 +++----
src/lib/krb5/krb/send_tgs.c | 8 +++---
src/lib/krb5/krb/walk_rtree.c | 14 +++---------
src/lib/krb5/os/an_to_ln.c | 22 ++++---------------
src/lib/krb5/os/changepw.c | 13 +++--------
src/lib/krb5/os/get_krbhst.c | 8 +-----
src/lib/krb5/os/hostaddr.c | 7 +----
src/lib/krb5/os/locate_kdc.c | 6 +---
src/lib/krb5/rcache/rc_dfl.c | 4 +--
src/lib/krb5/unicode/ucstr.c | 8 +-----
src/plugins/kdb/db2/adb_policy.c | 9 ++-----
src/plugins/kdb/db2/kdb_xdr.c | 21 +++++++-----------
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 18 +++++----------
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 7 +----
src/plugins/preauth/pkinit/pkinit_srv.c | 4 +-
38 files changed, 125 insertions(+), 211 deletions(-)
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 9da1b63..9136bfc 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -2571,6 +2571,28 @@ k5alloc(size_t len, krb5_error_code *code)
return ptr;
}
+/* Return a copy of the len bytes of memory at in; set *code to 0 or ENOMEM. */
+static inline void *
+k5memdup(const void *in, size_t len, krb5_error_code *code)
+{
+ void *ptr = k5alloc(len, code);
+
+ if (ptr != NULL)
+ memcpy(ptr, in, len);
+ return ptr;
+}
+
+/* Like k5memdup, but add a final null byte. */
+static inline void *
+k5memdup0(const void *in, size_t len, krb5_error_code *code)
+{
+ void *ptr = k5alloc(len + 1, code);
+
+ if (ptr != NULL)
+ memcpy(ptr, in, len);
+ return ptr;
+}
+
krb5_error_code KRB5_CALLCONV
krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
krb5_ccache ccache,
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index 5b5bd9b..15b0ab5 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -216,10 +216,7 @@ process_chpw_request(krb5_context context, void *server_handle, char *realm,
/* change the password */
- ptr = (char *) malloc(clear.length+1);
- memcpy(ptr, clear.data, clear.length);
- ptr[clear.length] = '\0';
-
+ ptr = k5memdup0(clear.data, clear.length, &ret);
ret = schpw_util_wrapper(server_handle, client, target,
(ticket->enc_part2->flags & TKT_FLG_INITIAL) != 0,
ptr, NULL, strresult, sizeof(strresult));
diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c
index 1dd5f3e..40c5783 100644
--- a/src/kdc/fast_util.c
+++ b/src/kdc/fast_util.c
@@ -256,15 +256,12 @@ kdc_find_fast(krb5_kdc_req **requestptr,
} else {
new_padata->pa_type = KRB5_PADATA_FX_COOKIE;
new_padata->length = cookie_padata->length;
- new_padata->contents = malloc(new_padata->length);
- if (new_padata->contents == NULL) {
- retval = ENOMEM;
+ new_padata->contents =
+ k5memdup(cookie_padata->contents, new_padata->length, &retval);
+ if (new_padata->contents == NULL)
free(new_padata);
- } else {
- memcpy(new_padata->contents, cookie_padata->contents,
- new_padata->length);
+ else
state->cookie = new_padata;
- }
}
}
if (retval == 0 && inner_body_out != NULL) {
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 848d0bd..c2bcab9 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -1586,12 +1586,10 @@ return_pw_salt(krb5_context context, krb5_pa_data *in_padata,
padata->magic = KV5M_PA_DATA;
if (salttype == KRB5_KDB_SALTTYPE_AFS3) {
- padata->contents = k5alloc(salt->length + 1, &retval);
+ padata->contents = k5memdup0(salt->data, salt->length, &retval);
if (padata->contents == NULL)
goto cleanup;
- memcpy(padata->contents, salt->data, salt->length);
padata->pa_type = KRB5_PADATA_AFS3_SALT;
- padata->contents[salt->length] = '\0';
padata->length = salt->length + 1;
} else {
padata->pa_type = KRB5_PADATA_PW_SALT;
diff --git a/src/lib/crypto/krb/checksum_confounder.c b/src/lib/crypto/krb/checksum_confounder.c
index 116b3c7..afc473b 100644
--- a/src/lib/crypto/krb/checksum_confounder.c
+++ b/src/lib/crypto/krb/checksum_confounder.c
@@ -41,10 +41,10 @@ mk_xorkey(krb5_key origkey, krb5_key *xorkey)
krb5_keyblock xorkeyblock;
size_t i = 0;
- xorbytes = malloc(origkey->keyblock.length);
+ xorbytes = k5memdup(origkey->keyblock.contents, origkey->keyblock.length,
+ &retval);
if (xorbytes == NULL)
- return ENOMEM;
- memcpy(xorbytes, origkey->keyblock.contents, origkey->keyblock.length);
+ return retval;
for (i = 0; i < origkey->keyblock.length; i++)
xorbytes[i] ^= 0xf0;
@@ -118,7 +118,7 @@ krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
krb5_crypto_iov *hash_iov = NULL, iov;
size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
- plaintext = k5alloc(input->length, &ret);
+ plaintext = k5memdup(input->data, input->length, &ret);
if (plaintext == NULL)
return ret;
@@ -129,7 +129,6 @@ krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
/* Decrypt the input checksum. */
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = make_data(plaintext, input->length);
- memcpy(plaintext, input->data, input->length);
ret = ctp->enc->decrypt(xorkey, NULL, &iov, 1);
if (ret != 0)
goto cleanup;
diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c
index 1509f42..f15fec1 100644
--- a/src/lib/crypto/krb/derive.c
+++ b/src/lib/crypto/krb/derive.c
@@ -52,7 +52,7 @@ add_cached_dkey(krb5_key key, const krb5_data *constant,
dkent = malloc(sizeof(*dkent));
if (dkent == NULL)
goto cleanup;
- data = malloc(constant->length);
+ data = k5memdup(constant->data, constant->length, &ret);
if (data == NULL)
goto cleanup;
ret = krb5_k_create_key(NULL, dkeyblock, &dkey);
@@ -60,7 +60,6 @@ add_cached_dkey(krb5_key key, const krb5_data *constant,
goto cleanup;
/* Add the new entry to the list. */
- memcpy(data, constant->data, constant->length);
dkent->dkey = dkey;
dkent->constant.data = data;
dkent->constant.length = constant->length;
diff --git a/src/lib/crypto/krb/enc_old.c b/src/lib/crypto/krb/enc_old.c
index e7160b1..b44a399 100644
--- a/src/lib/crypto/krb/enc_old.c
+++ b/src/lib/crypto/krb/enc_old.c
@@ -166,10 +166,9 @@ krb5int_old_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
/* Save the checksum, then zero it out in the plaintext. */
checksum = make_data(header->data.data + enc->block_size, hash->hashsize);
- saved_checksum = k5alloc(hash->hashsize, &ret);
+ saved_checksum = k5memdup(checksum.data, checksum.length, &ret);
if (saved_checksum == NULL)
goto cleanup;
- memcpy(saved_checksum, checksum.data, checksum.length);
memset(checksum.data, 0, checksum.length);
/*
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index 31f705d..04d70a6 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -800,16 +800,13 @@ krb5_gss_authorize_localname(OM_uint32 *minor,
return GSS_S_FAILURE;
}
- user = k5alloc(local_user->length + 1, &code);
+ user = k5memdup0(local_user->value, local_user->length, &code);
if (user == NULL) {
*minor = code;
krb5_free_context(context);
return GSS_S_FAILURE;
}
- memcpy(user, local_user->value, local_user->length);
- user[local_user->length] = '\0';
-
user_ok = krb5_kuserok(context, kname->princ, user);
free(user);
diff --git a/src/lib/gssapi/krb5/import_cred.c b/src/lib/gssapi/krb5/import_cred.c
index 4de6fa6..ad9a111 100644
--- a/src/lib/gssapi/krb5/import_cred.c
+++ b/src/lib/gssapi/krb5/import_cred.c
@@ -614,14 +614,12 @@ krb5_gss_import_cred(OM_uint32 *minor_status, gss_buffer_t token,
}
/* Decode token. */
- copy = malloc(token->length + 1);
+ copy = k5memdup0(token->value, token->length, &ret);
if (copy == NULL) {
status = GSS_S_FAILURE;
- *minor_status = ENOMEM;
+ *minor_status = ret;
goto cleanup;
}
- memcpy(copy, token->value, token->length);
- copy[token->length] = '\0';
v = k5_json_decode(copy);
if (v == NULL)
goto invalid;
diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c
index 394aca4..3f5492b 100644
--- a/src/lib/gssapi/krb5/import_name.c
+++ b/src/lib/gssapi/krb5/import_name.c
@@ -196,14 +196,12 @@ krb5_gss_import_name(minor_status, input_name_buffer,
stringrep = NULL;
- tmp = k5alloc(input_name_buffer->length + 1, &code);
+ tmp = k5memdup0(input_name_buffer->value, input_name_buffer->length,
+ &code);
if (tmp == NULL)
goto cleanup;
tmp2 = NULL;
- memcpy(tmp, input_name_buffer->value, input_name_buffer->length);
- tmp[input_name_buffer->length] = '\0';
-
/* Find the appropriate string rep to pass into parse_name. */
if ((input_name_type == GSS_C_NULL_OID) ||
g_OID_equal(input_name_type, gss_nt_krb5_name) ||
diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c
index 535311e..f44f0d2 100644
--- a/src/lib/gssapi/krb5/naming_exts.c
+++ b/src/lib/gssapi/krb5/naming_exts.c
@@ -162,11 +162,9 @@ kg_acceptor_princ(krb5_context context, krb5_gss_name_t name,
/* If a host was given, we have to use the canonicalized form of it (as
* given by krb5_sname_to_principal) for backward compatibility. */
const krb5_data *d = &name->princ->data[1];
- tmp = k5alloc(d->length + 1, &code);
+ tmp = k5memdup0(d->data, d->length, &code);
if (tmp == NULL)
return ENOMEM;
- memcpy(tmp, d->data, d->length);
- tmp[d->length] = '\0';
host = tmp;
} else /* No host was given; use an empty string. */
host = "";
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 2000fe4..6d90628 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -245,12 +245,10 @@ apply_keysalt_policy(kadm5_server_handle_t handle, const char *policy,
ks_tuple = handle->params.keysalts;
}
/* Dup the requested or defaulted keysalt tuples. */
- new_ks_tuple = malloc(n_ks_tuple * sizeof(*new_ks_tuple));
- if (new_ks_tuple == NULL) {
- ret = ENOMEM;
+ new_ks_tuple = k5memdup(ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple),
+ &ret);
+ if (new_ks_tuple == NULL)
goto cleanup;
- }
- memcpy(new_ks_tuple, ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple));
new_n_ks_tuple = n_ks_tuple;
ret = 0;
goto cleanup;
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index 2a040fc..e1ee5f9 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -1167,16 +1167,13 @@ krb5_db_fetch_mkey(krb5_context context, krb5_principal mname,
if (retval)
goto clean_n_exit;
- key->contents = malloc(tmp_key.length);
- if (key->contents == NULL) {
- retval = ENOMEM;
+ key->contents = k5memdup(tmp_key.contents, tmp_key.length, &retval);
+ if (key->contents == NULL)
goto clean_n_exit;
- }
key->magic = tmp_key.magic;
key->enctype = tmp_key.enctype;
key->length = tmp_key.length;
- memcpy(key->contents, tmp_key.contents, tmp_key.length);
}
clean_n_exit:
diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index ee01d9d..9a7f757 100644
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -361,12 +361,12 @@ krb5_db_def_fetch_mkey_keytab(krb5_context context,
* kt_ent will be free'd so need to allocate and copy key contents for
* output to caller.
*/
- if (!(key->contents = (krb5_octet *)malloc(key->length))) {
- retval = ENOMEM;
+ key->contents = k5memdup(kt_ent.key.contents, kt_ent.key.length,
+ &retval);
+ if (key->contents == NULL) {
krb5_kt_free_entry(context, &kt_ent);
goto errout;
}
- memcpy(key->contents, kt_ent.key.contents, kt_ent.key.length);
krb5_kt_free_entry(context, &kt_ent);
}
diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c
index b9906f0..d8d338c 100644
--- a/src/lib/kdb/kdb_log.c
+++ b/src/lib/kdb/kdb_log.c
@@ -321,13 +321,10 @@ ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args)
continue;
if (upd->kdb_deleted) {
- dbprincstr = k5alloc(upd->kdb_princ_name.utf8str_t_len + 1,
- &retval);
+ dbprincstr = k5memdup0(upd->kdb_princ_name.utf8str_t_val,
+ upd->kdb_princ_name.utf8str_t_len, &retval);
if (dbprincstr == NULL)
goto cleanup;
- memcpy(dbprincstr, (char *)upd->kdb_princ_name.utf8str_t_val,
- upd->kdb_princ_name.utf8str_t_len);
- dbprincstr[upd->kdb_princ_name.utf8str_t_len] = '\0';
retval = krb5_parse_name(context, dbprincstr, &dbprinc);
free(dbprincstr);
diff --git a/src/lib/krb5/ccache/ccbase.c b/src/lib/krb5/ccache/ccbase.c
index a1fd3aa..370c943 100644
--- a/src/lib/krb5/ccache/ccbase.c
+++ b/src/lib/krb5/ccache/ccbase.c
@@ -221,13 +221,9 @@ krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *cache)
resid = name;
} else {
resid = name + pfxlen + 1;
-
- pfx = malloc (pfxlen+1);
- if (!pfx)
- return ENOMEM;
-
- memcpy (pfx, name, pfxlen);
- pfx[pfxlen] = '\0';
+ pfx = k5memdup0(name, pfxlen, &err);
+ if (pfx == NULL)
+ return err;
}
*cache = (krb5_ccache) 0;
diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c
index 2ca6166..7bbb658 100644
--- a/src/lib/krb5/keytab/kt_srvtab.c
+++ b/src/lib/krb5/keytab/kt_srvtab.c
@@ -430,12 +430,11 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry
ret_entry->key.enctype = ENCTYPE_DES_CBC_CRC;
ret_entry->key.magic = KV5M_KEYBLOCK;
ret_entry->key.length = sizeof(key);
- ret_entry->key.contents = malloc(sizeof(key));
- if (!ret_entry->key.contents) {
+ ret_entry->key.contents = k5memdup(key, sizeof(key), &kerror);
+ if (ret_entry->key.contents == NULL) {
krb5_free_principal(context, ret_entry->principal);
- return ENOMEM;
+ return kerror;
}
- memcpy(ret_entry->key.contents, key, sizeof(key));
return 0;
}
diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c
index 6f29579..0f3562f 100644
--- a/src/lib/krb5/keytab/ktbase.c
+++ b/src/lib/krb5/keytab/ktbase.c
@@ -188,13 +188,9 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid)
resid = name;
} else {
resid = name + pfxlen + 1;
-
- pfx = malloc (pfxlen+1);
- if (!pfx)
- return ENOMEM;
-
- memcpy (pfx, name, pfxlen);
- pfx[pfxlen] = '\0';
+ pfx = k5memdup0(name, pfxlen, &err);
+ if (pfx == NULL)
+ return err;
}
*ktid = (krb5_keytab) 0;
diff --git a/src/lib/krb5/krb/copy_tick.c b/src/lib/krb5/krb/copy_tick.c
index c3e33ff..660d977 100644
--- a/src/lib/krb5/krb/copy_tick.c
+++ b/src/lib/krb5/krb/copy_tick.c
@@ -53,16 +53,14 @@ copy_enc_tkt_part(krb5_context context, const krb5_enc_tkt_part *partfrom,
tempto->transited.tr_contents.data = 0;
} else {
tempto->transited.tr_contents.data =
- malloc(partfrom->transited.tr_contents.length);
+ k5memdup(partfrom->transited.tr_contents.data,
+ partfrom->transited.tr_contents.length, &retval);
if (!tempto->transited.tr_contents.data) {
krb5_free_principal(context, tempto->client);
krb5_free_keyblock(context, tempto->session);
free(tempto);
return ENOMEM;
}
- memcpy(tempto->transited.tr_contents.data,
- (char *)partfrom->transited.tr_contents.data,
- partfrom->transited.tr_contents.length);
}
retval = krb5_copy_addresses(context, partfrom->caddrs, &tempto->caddrs);
diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c
index 8387cea..2e55066 100644
--- a/src/lib/krb5/krb/fwd_tgt.c
+++ b/src/lib/krb5/krb/fwd_tgt.c
@@ -130,14 +130,11 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context,
goto errout;
}
- rhost = malloc(server->data[1].length+1);
- if (!rhost) {
- retval = ENOMEM;
+ rhost = k5memdup0(server->data[1].data, server->data[1].length,
+ &retval);
+ if (rhost == NULL)
goto errout;
- }
free_rhost = 1;
- memcpy(rhost, server->data[1].data, server->data[1].length);
- rhost[server->data[1].length] = '\0';
}
retval = krb5_os_hostaddr(context, rhost, &addrs);
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index df1bacf..c88b67a 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -891,13 +891,11 @@ krb5_init_creds_init(krb5_context context,
/* enctypes */
if (opte->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
ctx->request->ktype =
- k5alloc((opte->etype_list_length * sizeof(krb5_enctype)),
- &code);
+ k5memdup(opte->etype_list,
+ opte->etype_list_length * sizeof(krb5_enctype), &code);
if (code != 0)
goto cleanup;
ctx->request->nktypes = opte->etype_list_length;
- memcpy(ctx->request->ktype, opte->etype_list,
- ctx->request->nktypes * sizeof(krb5_enctype));
} else if (krb5_get_default_in_tkt_ktypes(context,
&ctx->request->ktype) == 0) {
ctx->request->nktypes = k5_count_etypes(ctx->request->ktype);
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 3262d21..cc6f200 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -186,12 +186,10 @@ krb5_pac_get_buffer(krb5_context context,
if (ret != 0)
return ret;
- data->data = malloc(d.length);
+ data->data = k5memdup(d.data, d.length, &ret);
if (data->data == NULL)
- return ENOMEM;
-
+ return ret;
data->length = d.length;
- memcpy(data->data, d.data, d.length);
return 0;
}
@@ -275,14 +273,12 @@ k5_pac_copy(krb5_context context,
if (pac == NULL)
return ENOMEM;
- pac->pac = (PACTYPE *)malloc(header_len);
+ pac->pac = k5memdup(src->pac, header_len, &code);
if (pac->pac == NULL) {
free(pac);
- return ENOMEM;
+ return code;
}
- memcpy(pac->pac, src->pac, header_len);
-
code = krb5int_copy_data_contents(context, &src->data, &pac->data);
if (code != 0) {
free(pac->pac);
@@ -538,11 +534,9 @@ k5_pac_verify_server_checksum(krb5_context context,
return KRB5KRB_AP_ERR_INAPP_CKSUM;
pac_data.length = pac->data.length;
- pac_data.data = malloc(pac->data.length);
+ pac_data.data = k5memdup(pac->data.data, pac->data.length, &ret);
if (pac_data.data == NULL)
- return ENOMEM;
-
- memcpy(pac_data.data, pac->data.data, pac->data.length);
+ return ret;
/* Zero out both checksum buffers */
ret = k5_pac_zero_signature(context, pac, KRB5_PAC_SERVER_CHECKSUM,
diff --git a/src/lib/krb5/krb/pac_sign.c b/src/lib/krb5/krb/pac_sign.c
index 49e3862..2053581 100644
--- a/src/lib/krb5/krb/pac_sign.c
+++ b/src/lib/krb5/krb/pac_sign.c
@@ -257,13 +257,11 @@ krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
if (ret != 0)
return ret;
- data->data = malloc(pac->data.length);
+ data->data = k5memdup(pac->data.data, pac->data.length, &ret);
if (data->data == NULL)
- return ENOMEM;
-
+ return ret;
data->length = pac->data.length;
- memcpy(data->data, pac->data.data, pac->data.length);
memset(pac->data.data, 0,
PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH));
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index ad1618a..060f98a 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -802,10 +802,9 @@ copy_cookie(krb5_context context, krb5_pa_data **in_padata,
if (pa == NULL)
return ret;
*pa = *cookie;
- pa->contents = k5alloc(cookie->length, &ret);
+ pa->contents = k5memdup(cookie->contents, cookie->length, &ret);
if (pa->contents == NULL)
goto error;
- memcpy(pa->contents, cookie->contents, cookie->length);
ret = grow_pa_list(out_pa_list, out_pa_list_size, &pa, 1);
if (ret)
goto error;
@@ -841,12 +840,12 @@ add_s4u_x509_user_padata(krb5_context context, krb5_s4u_userid *userid,
s4u_padata->magic = KV5M_PA_DATA;
s4u_padata->pa_type = KRB5_PADATA_S4U_X509_USER;
- s4u_padata->contents = malloc(userid->subject_cert.length);
+ s4u_padata->contents = k5memdup(userid->subject_cert.data,
+ userid->subject_cert.length, &code);
if (s4u_padata->contents == NULL) {
free(s4u_padata);
- return ENOMEM;
+ return code;
}
- memcpy(s4u_padata->contents, userid->subject_cert.data, userid->subject_cert.length);
s4u_padata->length = userid->subject_cert.length;
code = grow_pa_list(out_pa_list, out_pa_list_size, &s4u_padata, 1);
diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c
index f4187dc..9a7c261 100644
--- a/src/lib/krb5/krb/send_tgs.c
+++ b/src/lib/krb5/krb/send_tgs.c
@@ -239,10 +239,10 @@ k5_make_tgs_req(krb5_context context,
if (padata[0] == NULL)
goto cleanup;
padata[0]->pa_type = KRB5_PADATA_AP_REQ;
- padata[0]->contents = k5alloc(ap_req_asn1->length, &ret);
+ padata[0]->contents = k5memdup(ap_req_asn1->data, ap_req_asn1->length,
+ &ret);
if (padata[0] == NULL)
goto cleanup;
- memcpy(padata[0]->contents, ap_req_asn1->data, ap_req_asn1->length);
padata[0]->length = ap_req_asn1->length;
/* Append copies of any other supplied padata. */
@@ -252,10 +252,10 @@ k5_make_tgs_req(krb5_context context,
goto cleanup;
pa->pa_type = in_padata[i]->pa_type;
pa->length = in_padata[i]->length;
- pa->contents = k5alloc(in_padata[i]->length, &ret);
+ pa->contents = k5memdup(in_padata[i]->contents, in_padata[i]->length,
+ &ret);
if (pa->contents == NULL)
goto cleanup;
- memcpy(pa->contents, in_padata[i]->contents, in_padata[i]->length);
padata[i + 1] = pa;
}
req.padata = padata;
diff --git a/src/lib/krb5/krb/walk_rtree.c b/src/lib/krb5/krb/walk_rtree.c
index 10711f1..0aed147 100644
--- a/src/lib/krb5/krb/walk_rtree.c
+++ b/src/lib/krb5/krb/walk_rtree.c
@@ -303,19 +303,13 @@ rtree_capath_vals(krb5_context context,
*vals = NULL;
- clientz = calloc(client->length + 1, 1);
- if (clientz == NULL) {
- retval = ENOMEM;
+ clientz = k5memdup0(client->data, client->length, &retval);
+ if (clientz == NULL)
goto error;
- }
- memcpy(clientz, client->data, client->length);
- serverz = calloc(server->length + 1, 1);
- if (serverz == NULL) {
- retval = ENOMEM;
+ serverz = k5memdup0(server->data, server->length, &retval);
+ if (serverz == NULL)
goto error;
- }
- memcpy(serverz, server->data, server->length);
key[0] = "capaths";
key[1] = clientz;
diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c
index 8108f34..0f2600c 100644
--- a/src/lib/krb5/os/an_to_ln.c
+++ b/src/lib/krb5/os/an_to_ln.c
@@ -375,7 +375,6 @@ aname_replacer(char *string, char **contextp, char **result)
krb5_error_code kret;
char *in = NULL, *out = NULL, *rule = NULL, *repl = NULL;
char *cp, *ep, *tp;
- size_t rule_size, repl_size;
int doglobal;
*result = NULL;
@@ -418,24 +417,13 @@ aname_replacer(char *string, char **contextp, char **result)
goto cleanup;
}
- /* Figure out sizes of strings and allocate them */
- rule_size = (size_t) (ep - &cp[2]);
- repl_size = (size_t) (tp - &ep[1]);
- rule = malloc(rule_size + 1);
- if (!rule) {
- kret = ENOMEM;
+ /* Copy the rule and replacement strings. */
+ rule = k5memdup0(&cp[2], ep - &cp[2], &kret);
+ if (rule == NULL)
goto cleanup;
- }
- repl = malloc(repl_size + 1);
- if (!repl) {
- kret = ENOMEM;
+ repl = k5memdup0(&ep[1], tp - &ep[1], &kret);
+ if (repl == NULL)
goto cleanup;
- }
-
- /* Copy the strings */
- memcpy(rule, &cp[2], rule_size);
- memcpy(repl, &ep[1], repl_size);
- rule[rule_size] = repl[repl_size] = '\0';
/* Check for trailing "g" */
doglobal = (tp[1] == 'g') ? 1 : 0;
diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c
index 4ad8f32..46f4f0e 100644
--- a/src/lib/krb5/os/changepw.c
+++ b/src/lib/krb5/os/changepw.c
@@ -156,16 +156,11 @@ kpasswd_sendto_msg_callback(struct conn_state *conn,
local_kaddr.magic = addrs[0]->magic;
local_kaddr.addrtype = addrs[0]->addrtype;
local_kaddr.length = addrs[0]->length;
- local_kaddr.contents = malloc(addrs[0]->length);
- if (local_kaddr.contents == NULL && addrs[0]->length != 0) {
- code = ENOMEM;
- krb5_free_addresses(ctx->context, addrs);
- goto cleanup;
- }
- if (addrs[0]->length)
- memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length);
-
+ local_kaddr.contents = k5memdup(addrs[0]->contents, addrs[0]->length,
+ &code);
krb5_free_addresses(ctx->context, addrs);
+ if (local_kaddr.contents == NULL)
+ goto cleanup;
}
diff --git a/src/lib/krb5/os/get_krbhst.c b/src/lib/krb5/os/get_krbhst.c
index 7db973a..d607366 100644
--- a/src/lib/krb5/os/get_krbhst.c
+++ b/src/lib/krb5/os/get_krbhst.c
@@ -103,13 +103,9 @@ krb5_get_krbhst(krb5_context context, const krb5_data *realm, char ***hostlist)
goto cleanup;
}
for (i = 0; i < count; i++) {
- unsigned int len = strlen (values[i]) + 1;
- rethosts[i] = malloc(len);
- if (!rethosts[i]) {
- retval = ENOMEM;
+ rethosts[i] = k5memdup0(values[i], strlen(values[i]), &retval);
+ if (rethosts[i] == NULL)
goto cleanup;
- }
- memcpy (rethosts[i], values[i], len);
}
rethosts[count] = 0;
cleanup:
diff --git a/src/lib/krb5/os/hostaddr.c b/src/lib/krb5/os/hostaddr.c
index 6be2abe..a38fad5 100644
--- a/src/lib/krb5/os/hostaddr.c
+++ b/src/lib/krb5/os/hostaddr.c
@@ -101,12 +101,9 @@ krb5_os_hostaddr(krb5_context context, const char *name,
addrs[i]->magic = KV5M_ADDRESS;
addrs[i]->addrtype = atype;
addrs[i]->length = addrlen;
- addrs[i]->contents = malloc(addrs[i]->length);
- if (!addrs[i]->contents) {
- retval = ENOMEM;
+ addrs[i]->contents = k5memdup(ptr, addrlen, &retval);
+ if (addrs[i]->contents == NULL)
goto errout;
- }
- memcpy (addrs[i]->contents, ptr, addrs[i]->length);
i++;
}
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index ed8cc64..5bf7776 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -400,13 +400,11 @@ module_locate_server(krb5_context ctx, const krb5_data *realm,
krb5int_free_plugin_dir_data(ptrs);
return ENOMEM;
}
- realmz = malloc(realm->length + 1);
+ realmz = k5memdup0(realm->data, realm->length, &code);
if (realmz == NULL) {
krb5int_free_plugin_dir_data(ptrs);
- return ENOMEM;
+ return code;
}
- memcpy(realmz, realm->data, realm->length);
- realmz[realm->length] = '\0';
for (i = 0; ptrs[i]; i++) {
void *blob;
diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
index cc42f46..2981985 100644
--- a/src/lib/krb5/rcache/rc_dfl.c
+++ b/src/lib/krb5/rcache/rc_dfl.c
@@ -419,11 +419,9 @@ check_hash_extension(krb5_donot_replay *rep)
end = strchr(str, ' ');
if (!end)
return 0;
- msghash = malloc(end - str + 1);
+ msghash = k5memdup0(str, end - str, &retval);
if (!msghash)
return KRB5_RC_MALLOC;
- memcpy(msghash, str, end - str);
- msghash[end - str] = '\0';
str = end + 1;
/* Parse out the client and server. */
diff --git a/src/lib/krb5/unicode/ucstr.c b/src/lib/krb5/unicode/ucstr.c
index 625c9de..38d8d47 100644
--- a/src/lib/krb5/unicode/ucstr.c
+++ b/src/lib/krb5/unicode/ucstr.c
@@ -160,13 +160,9 @@ krb5int_utf8_normalize(
if (i == len) {
newdata->length = len;
- newdata->data = malloc(newdata->length + 1);
- if (newdata->data == NULL) {
- retval = ENOMEM;
+ newdata->data = k5memdup0(s, len, &retval);
+ if (newdata->data == NULL)
goto cleanup;
- }
- memcpy(newdata->data, s, len);
- newdata->data[len] = '\0';
*newdataptr = newdata;
return 0;
}
diff --git a/src/plugins/kdb/db2/adb_policy.c b/src/plugins/kdb/db2/adb_policy.c
index fa6f0a3..5e046ab 100644
--- a/src/plugins/kdb/db2/adb_policy.c
+++ b/src/plugins/kdb/db2/adb_policy.c
@@ -211,10 +211,9 @@ osa_adb_get_policy(osa_adb_policy_t db, char *name,
entry = k5alloc(sizeof(*entry), &ret);
if (entry == NULL)
goto error;
- aligned_data = k5alloc(dbdata.size, &ret);
+ aligned_data = k5memdup(dbdata.data, dbdata.size, &ret);
if (aligned_data == NULL)
goto error;
- memcpy(aligned_data, dbdata.data, dbdata.size);
xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
if (!xdr_osa_policy_ent_rec(&xdrs, entry)) {
ret = OSA_ADB_FAILURE;
@@ -343,11 +342,9 @@ osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
goto error;
}
- if(!(aligned_data = (char *) malloc(dbdata.size))) {
- ret = ENOMEM;
+ aligned_data = k5memdup(dbdata.data, dbdata.size, &ret);
+ if (aligned_data == NULL)
goto error;
- }
- memcpy(aligned_data, dbdata.data, dbdata.size);
memset(entry, 0, sizeof(osa_policy_ent_rec));
xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
diff --git a/src/plugins/kdb/db2/kdb_xdr.c b/src/plugins/kdb/db2/kdb_xdr.c
index 184615c..5264963 100644
--- a/src/plugins/kdb/db2/kdb_xdr.c
+++ b/src/plugins/kdb/db2/kdb_xdr.c
@@ -310,10 +310,9 @@ krb5_decode_princ_entry(krb5_context context, krb5_data *content,
/* Check for extra data */
if (entry->len > KRB5_KDB_V1_BASE_LENGTH) {
entry->e_length = entry->len - KRB5_KDB_V1_BASE_LENGTH;
- entry->e_data = k5alloc(entry->e_length, &retval);
+ entry->e_data = k5memdup(nextloc, entry->e_length, &retval);
if (entry->e_data == NULL)
goto error_out;
- memcpy(entry->e_data, nextloc, entry->e_length);
nextloc += entry->e_length;
}
@@ -363,12 +362,10 @@ krb5_decode_princ_entry(krb5_context context, krb5_data *content,
retval = KRB5_KDB_TRUNCATED_RECORD;
goto error_out;
}
- if (((*tl_data)->tl_data_contents = (krb5_octet *)
- malloc((*tl_data)->tl_data_length)) == NULL) {
- retval = ENOMEM;
+ (*tl_data)->tl_data_contents =
+ k5memdup(nextloc, (*tl_data)->tl_data_length, &retval);
+ if ((*tl_data)->tl_data_contents == NULL)
goto error_out;
- }
- memcpy((*tl_data)->tl_data_contents,nextloc,(*tl_data)->tl_data_length);
nextloc += (*tl_data)->tl_data_length;
tl_data = &((*tl_data)->tl_data_next);
}
@@ -411,13 +408,11 @@ krb5_decode_princ_entry(krb5_context context, krb5_data *content,
goto error_out;
}
if (key_data->key_data_length[j]) {
- if ((key_data->key_data_contents[j] = (krb5_octet *)
- malloc(key_data->key_data_length[j])) == NULL) {
- retval = ENOMEM;
+ key_data->key_data_contents[j] =
+ k5memdup(nextloc, key_data->key_data_length[j],
+ &retval);
+ if (key_data->key_data_contents[j] == NULL)
goto error_out;
- }
- memcpy(key_data->key_data_contents[j], nextloc,
- key_data->key_data_length[j]);
nextloc += key_data->key_data_length[j];
}
}
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index 5f789da..c4024b8 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -826,11 +826,9 @@ decode_tl_data(krb5_tl_data *tl_data, int tl_type, void **data)
UNSTORE16_INT(curr, sublen);
/* forward by 2 bytes */
curr += 2;
- DN = malloc (sublen + 1);
+ DN = k5memdup0(curr, sublen, &st);
if (DN == NULL)
- return ENOMEM;
- memcpy(DN, curr, sublen);
- DN[sublen] = 0;
+ return st;
*data = DN;
curr += sublen;
st = 0;
@@ -854,11 +852,9 @@ decode_tl_data(krb5_tl_data *tl_data, int tl_type, void **data)
UNSTORE16_INT(curr, sublen);
/* forward by 2 bytes */
curr += 2;
- DNarr[i] = malloc (sublen + 1);
+ DNarr[i] = k5memdup0(curr, sublen, &st);
if (DNarr[i] == NULL)
- return ENOMEM;
- memcpy(DNarr[i], curr, sublen);
- DNarr[i][sublen] = 0;
+ return st;
++i;
curr += sublen;
*data = DNarr;
@@ -1292,12 +1288,10 @@ krb5_add_ber_mem_ldap_mod(LDAPMod ***mods, char *attribute, int op,
return ENOMEM;
(*mods)[i]->mod_bvalues[j]->bv_len = ber_values[j]->bv_len;
- (*mods)[i]->mod_bvalues[j]->bv_val = malloc((*mods)[i]->mod_bvalues[j]->bv_len);
+ (*mods)[i]->mod_bvalues[j]->bv_val =
+ k5memdup(ber_values[j]->bv_val, ber_values[j]->bv_len, &st);
if ((*mods)[i]->mod_bvalues[j]->bv_val == NULL)
return ENOMEM;
-
- memcpy((*mods)[i]->mod_bvalues[j]->bv_val, ber_values[j]->bv_val,
- ber_values[j]->bv_len);
}
(*mods)[i]->mod_bvalues[j] = NULL;
return 0;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 1e671c7..527873c 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -331,12 +331,9 @@ process_db_args(krb5_context context, char **db_args, xargs_t *xargs,
dptr)) != 0)
goto cleanup;
} else {
- *dptr = calloc (1, arg_val_len);
- if (*dptr == NULL) {
- st = ENOMEM;
+ *dptr = k5memdup(arg_val, arg_val_len, &st);
+ if (*dptr == NULL)
goto cleanup;
- }
- memcpy(*dptr, arg_val, arg_val_len);
}
}
}
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 132eef6..e379382 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -639,11 +639,11 @@ pkinit_pick_kdf_alg(krb5_context context, krb5_data **kdf_list,
tmp_oid = k5alloc(sizeof(krb5_data), &retval);
if (retval)
goto cleanup;
- tmp_oid->data = k5alloc(supp_oid->length, &retval);
+ tmp_oid->data = k5memdup(supp_oid->data, supp_oid->length,
+ &retval);
if (retval)
goto cleanup;
tmp_oid->length = supp_oid->length;
- memcpy(tmp_oid->data, supp_oid->data, tmp_oid->length);
*alg_oid = tmp_oid;
/* don't free the OID in clean-up if we are returning it */
tmp_oid = NULL;
More information about the cvs-krb5
mailing list