krb5 commit: Filter CAMMAC authdata by module->ad_type
Greg Hudson
ghudson at mit.edu
Wed Jun 22 12:45:56 EDT 2016
https://github.com/krb5/krb5/commit/7df4aec92aebabaaf14de9de062f526228e65f48
commit 7df4aec92aebabaaf14de9de062f526228e65f48
Author: Matt Rogers <mrogers at redhat.com>
Date: Wed Jun 22 10:29:43 2016 -0400
Filter CAMMAC authdata by module->ad_type
Also, do not leak cammac_authdata.
[ghudson at mit.edu: also fix two sizeof() expressions]
ticket: 8425
src/lib/krb5/krb/authdata.c | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c
index b5cb788..c56f7bc 100644
--- a/src/lib/krb5/krb/authdata.c
+++ b/src/lib/krb5/krb/authdata.c
@@ -561,13 +561,13 @@ extract_cammacs(krb5_context kcontext, krb5_authdata **cammacs,
/* Add the verified elements to list and free the container array. */
for (n_elements = 0; elements[n_elements] != NULL; n_elements++);
- new_list = realloc(list, (count + n_elements + 1) * sizeof(list));
+ new_list = realloc(list, (count + n_elements + 1) * sizeof(*list));
if (new_list == NULL) {
ret = ENOMEM;
goto cleanup;
}
list = new_list;
- memcpy(list + count, elements, n_elements * sizeof(list));
+ memcpy(list + count, elements, n_elements * sizeof(*list));
count += n_elements;
list[count] = NULL;
free(elements);
@@ -657,7 +657,11 @@ krb5int_authdata_verify(krb5_context kcontext,
}
if (cammac_authdata != NULL && (module->flags & AD_CAMMAC_PROTECTED)) {
- authdata = cammac_authdata;
+ code = krb5_find_authdata(kcontext, cammac_authdata, NULL,
+ module->ad_type, &authdata);
+ if (code)
+ break;
+
kdc_issued_flag = TRUE;
}
@@ -715,6 +719,7 @@ krb5int_authdata_verify(krb5_context kcontext,
cleanup:
krb5_free_principal(kcontext, kdc_issuer);
krb5_free_authdata(kcontext, kdc_issued_authdata);
+ krb5_free_authdata(kcontext, cammac_authdata);
return code;
}
More information about the cvs-krb5
mailing list