krb5 commit [krb5-1.13]: Fix leak in gss_display_name() for non-MN names
Tom Yu
tlyu at mit.edu
Fri Sep 9 14:48:09 EDT 2016
https://github.com/krb5/krb5/commit/7dd659b97df5799d429b8afcbb0b6b804d3feabf
commit 7dd659b97df5799d429b8afcbb0b6b804d3feabf
Author: Greg Hudson <ghudson at mit.edu>
Date: Tue Jun 28 12:28:11 2016 -0400
Fix leak in gss_display_name() for non-MN names
RFC 2744 states that the gss_display_name() output_name_type result is
"a pointer into static storage, and should be treated as read-only by
the caller (in particular, the application should not attempt to free
it)". For non-mechanism names, we were making a copy of the name type
from the union name structure, causing a memory leak; stop doing that.
(cherry picked from commit 20fcbf2cb820df0d31e66bb11f64fb50a31008f5)
ticket: 8439
version_fixed: 1.13.7
src/lib/gssapi/mechglue/g_dsp_name.c | 27 ++++-----------------------
1 files changed, 4 insertions(+), 23 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_dsp_name.c b/src/lib/gssapi/mechglue/g_dsp_name.c
index 825bf4d..21867c8 100644
--- a/src/lib/gssapi/mechglue/g_dsp_name.c
+++ b/src/lib/gssapi/mechglue/g_dsp_name.c
@@ -102,36 +102,17 @@ gss_OID * output_name_type;
output_name_type));
}
- /*
- * copy the value of the external_name component of the union
- * name into the output_name_buffer and point the output_name_type
- * to the name_type component of union_name
- */
- if (output_name_type != NULL &&
- union_name->name_type != GSS_C_NULL_OID) {
- major_status = generic_gss_copy_oid(minor_status,
- union_name->name_type,
- output_name_type);
- if (major_status != GSS_S_COMPLETE) {
- map_errcode(minor_status);
- return (major_status);
- }
- }
-
if ((output_name_buffer->value =
- gssalloc_malloc(union_name->external_name->length + 1)) == NULL) {
- if (output_name_type && *output_name_type != GSS_C_NULL_OID) {
- (void) generic_gss_release_oid(minor_status,
- output_name_type);
- *output_name_type = NULL;
- }
+ gssalloc_malloc(union_name->external_name->length + 1)) == NULL)
return (GSS_S_FAILURE);
- }
output_name_buffer->length = union_name->external_name->length;
(void) memcpy(output_name_buffer->value,
union_name->external_name->value,
union_name->external_name->length);
((char *)output_name_buffer->value)[output_name_buffer->length] = '\0';
+ if (output_name_type != NULL)
+ *output_name_type = union_name->name_type;
+
return(GSS_S_COMPLETE);
}
More information about the cvs-krb5
mailing list