[PATCH 4/4] Use gssalloc_malloc()/gssalloc_free() with gss_buffer_t.

Kevin Wasserman krwasserman at hotmail.com
Mon Oct 3 10:51:32 EDT 2011 

Revised patch attached; it fixes gss-server.c to correctly use
malloc/free/gss_release_buffer as appropriate; no changes
were necessary for gss-client.c or gss-misc.c.

-----Original Message----- 
From: Kevin Wasserman
Sent: Wednesday, September 28, 2011 5:37 PM
To: Nico Williams ; Sam Hartman
Cc: krbdev at mit.edu ; kevin.wasserman at painless-security.com
Subject: Re: [PATCH 4/4] Use gssalloc_malloc()/gssalloc_free() with 
gss_buffer_t.

Yes, sorry, I was just trying to consistently use gssalloc with all
gss_buffer_t; I'll fix the gss_sample applications to just use
malloc/free/gss_release_buffer as appropriate.

-Kevin

-----Original Message----- 
From: Nico Williams
Sent: Wednesday, September 28, 2011 5:03 PM
To: Sam Hartman
Cc: krbdev at mit.edu ; kevin.wasserman at painless-security.com
Subject: Re: [PATCH 4/4] Use gssalloc_malloc()/gssalloc_free() with
gss_buffer_t.

On Wed, Sep 28, 2011 at 2:50 PM, Sam Hartman
<hartmans at painless-security.com> wrote:
> From: Kevin Wasserman <kevin.wasserman at painless-security.com>
>
> gss_buffer_t may be freed in a different module from where they
> are allocated so it is not safe to use malloc/free.
>
> Signed-off-by: Kevin Wasserman <kevin.wasserman at painless-security.com>
...


> diff --git a/src/appl/gss-sample/gss-client.c 
> b/src/appl/gss-sample/gss-client.c
> index 1cb797d..927681f 100644
> --- a/src/appl/gss-sample/gss-client.c
> +++ b/src/appl/gss-sample/gss-client.c
> @@ -65,6 +65,7 @@
>
>  #include <gssapi/gssapi_generic.h>
>  #include <gssapi/gssapi_krb5.h>
> +#include <gssapi/gssapi_alloc.h>
>  #include <gssapi/gssapi_ext.h>
>  #include "gss-misc.h"
>  #include "port-sockets.h"
> @@ -308,7 +309,7 @@ client_establish_context(int s, char *service_name, 
> OM_uint32 gss_flags,
>                                             NULL);  /* time_rec */
>
>             if (token_ptr != GSS_C_NO_BUFFER)
> -                free(recv_tok.value);
> +                gssalloc_free(recv_tok.value);

Er, no, none of the apps should be using new functions, only
gss_release_buffer() when they were free()ing (or, free() when they
were using gss_release_buffer() for application-allocated buffers).

Nico
--

More information about the krbdev mailing list