krb5 commit: Fix bugs in recent locate_kdc.c change
Greg Hudson
ghudson at mit.edu
Thu Jun 2 19:48:05 EDT 2016
https://github.com/krb5/krb5/commit/ce112dec844e4650b5ad174bd40f21c32aebe1d1
commit ce112dec844e4650b5ad174bd40f21c32aebe1d1
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Jun 2 11:58:35 2016 -0400
Fix bugs in recent locate_kdc.c change
The most recent change to locate_srv_conf_1() introduced a possible
double-free bug (detected by Coverity), and also broke MS-KKDCP
support. Separate the three uses of the "host" variable: the C string
copy of the realm name (now "realmstr"), the pointer to the hostname
or hostname:port specification in the profile values array (now
"hostspec"), and the hostname result of k5_parse_host_string() (still
"host"). Pass the correct pointer to k5_parse_host_string() if the
profile value is a URI.
src/lib/krb5/os/locate_kdc.c | 28 +++++++++++-----------------
1 files changed, 11 insertions(+), 17 deletions(-)
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index 7b46765..cd48627 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -218,29 +218,23 @@ locate_srv_conf_1(krb5_context context, const krb5_data *realm,
const char * name, struct serverlist *serverlist,
k5_transport transport, int udpport)
{
- const char *realm_srv_names[4];
- char **hostlist, *host = NULL;
+ const char *realm_srv_names[4];
+ char **hostlist = NULL, *realmstr = NULL, *host = NULL, *hostspec;
krb5_error_code code;
int i, default_port;
Tprintf ("looking in krb5.conf for realm %s entry %s; ports %d,%d\n",
realm->data, name, ntohs(udpport));
- if ((host = malloc(realm->length + 1)) == NULL)
- return ENOMEM;
-
- strncpy(host, realm->data, realm->length);
- host[realm->length] = '\0';
- hostlist = 0;
+ realmstr = k5memdup0(realm->data, realm->length, &code);
+ if (realmstr == NULL)
+ goto cleanup;
realm_srv_names[0] = KRB5_CONF_REALMS;
- realm_srv_names[1] = host;
+ realm_srv_names[1] = realmstr;
realm_srv_names[2] = name;
realm_srv_names[3] = 0;
-
code = profile_get_values(context->profile, realm_srv_names, &hostlist);
- free(host);
-
if (code) {
Tprintf ("config file lookup failed: %s\n",
error_message(code));
@@ -254,14 +248,13 @@ locate_srv_conf_1(krb5_context context, const krb5_data *realm,
k5_transport this_transport = transport;
char *uri_path = NULL;
- host = hostlist[i];
- Tprintf ("entry %d is '%s'\n", i, host);
+ hostspec = hostlist[i];
+ Tprintf ("entry %d is '%s'\n", i, hostspec);
- parse_uri_if_https(host, &this_transport, &host, &uri_path);
+ parse_uri_if_https(hostspec, &this_transport, &hostspec, &uri_path);
default_port = (this_transport == HTTPS) ? htons(443) : udpport;
- code = k5_parse_host_string(hostlist[i], default_port, &host,
- &port_num);
+ code = k5_parse_host_string(hostspec, default_port, &host, &port_num);
if (code == 0 && host == NULL)
code = EINVAL;
if (code)
@@ -277,6 +270,7 @@ locate_srv_conf_1(krb5_context context, const krb5_data *realm,
}
cleanup:
+ free(realmstr);
free(host);
profile_free_list(hostlist);
return code;
More information about the cvs-krb5
mailing list