[PATCH 4/4] Use gssalloc_malloc()/gssalloc_free() with gss_buffer_t.
Sam Hartman
hartmans at painless-security.com
Wed Sep 28 15:50:59 EDT 2011
From: Kevin Wasserman <kevin.wasserman at painless-security.com>
gss_buffer_t may be freed in a different module from where they
are allocated so it is not safe to use malloc/free.
Signed-off-by: Kevin Wasserman <kevin.wasserman at painless-security.com>
---
src/appl/gss-sample/gss-client.c | 7 ++-
src/appl/gss-sample/gss-misc.c | 65 ++++++++++++++++++++++++++++-
src/appl/gss-sample/gss-server.c | 19 +++++----
src/lib/gssapi/generic/oid_ops.c | 5 +--
src/lib/gssapi/generic/rel_buffer.c | 2 +-
src/lib/gssapi/generic/util_buffer.c | 3 +-
src/lib/gssapi/krb5/accept_sec_context.c | 2 +-
src/lib/gssapi/krb5/init_sec_context.c | 6 +--
src/lib/gssapi/krb5/k5seal.c | 22 +++++-----
src/lib/gssapi/krb5/k5sealv3.c | 14 +++---
src/lib/gssapi/krb5/k5unseal.c | 22 +++++-----
src/lib/gssapi/krb5/util_crypt.c | 4 +-
src/lib/gssapi/mechglue/g_dsp_status.c | 4 +-
src/lib/gssapi/mechglue/g_glue.c | 2 +-
src/lib/gssapi/mechglue/g_rel_buffer.c | 2 +-
src/lib/gssapi/mechglue/g_rel_name.c | 2 +-
src/lib/gssapi/mechglue/g_wrap_aead.c | 2 +-
17 files changed, 119 insertions(+), 64 deletions(-)
diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index 1cb797d..927681f 100644
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -65,6 +65,7 @@
#include <gssapi/gssapi_generic.h>
#include <gssapi/gssapi_krb5.h>
+#include <gssapi/gssapi_alloc.h>
#include <gssapi/gssapi_ext.h>
#include "gss-misc.h"
#include "port-sockets.h"
@@ -308,7 +309,7 @@ client_establish_context(int s, char *service_name, OM_uint32 gss_flags,
NULL); /* time_rec */
if (token_ptr != GSS_C_NO_BUFFER)
- free(recv_tok.value);
+ gssalloc_free(recv_tok.value);
if (send_tok.length != 0) {
if (verbose)
@@ -623,11 +624,11 @@ call_server(host, port, oid, service_name, gss_flags, auth_flag,
printf("Response received.\n");
}
- free(out_buf.value);
+ gssalloc_free(out_buf.value);
}
if (use_file)
- free(in_buf.value);
+ gssalloc_free(in_buf.value);
/* Send NOOP */
if (!v1_format)
diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c
index 98d2045..e124dcc 100644
--- a/src/appl/gss-sample/gss-misc.c
+++ b/src/appl/gss-sample/gss-misc.c
@@ -70,6 +70,7 @@
#endif
#include <gssapi/gssapi_generic.h>
+#include <gssapi/gssapi_alloc.h>
#include "gss-misc.h"
#ifdef HAVE_STDLIB_H
@@ -124,6 +125,64 @@ read_all(int fildes, char *buf, unsigned int nbyte)
return (ptr - buf);
ret = recv(fildes, ptr, nbyte, 0);
if (ret < 0) {
+#ifdef _WIN32
+ const char* msg = "Unknown error";
+ int error_code = WSAGetLastError();
+ switch (error_code)
+ {
+ case WSANOTINITIALISED:
+ msg = "A successful WSAStartup call must occur before using this function.";
+ break;
+ case WSAENETDOWN:
+ msg = "The network subsystem has failed.";
+ break;
+ case WSAEFAULT:
+ msg = "The buf parameter is not completely contained in a valid part of the user address space.";
+ break;
+ case WSAENOTCONN:
+ msg = "The socket is not connected.";
+ break;
+ case WSAEINTR:
+ msg="The socket was closed.";
+ break;
+ case WSAEINPROGRESS:
+ msg="A blocking Winsock call is in progress, or the service provider is still processing a callback function.";
+ break;
+ case WSAENETRESET:
+ msg = "The connection has been broken due to the keep-alive activity detecting a failure while the operation was in progress.";
+ break;
+ case WSAENOTSOCK:
+ msg = "The descriptor is not a socket.";
+ break;
+ case WSAEOPNOTSUPP:
+ msg = "MSG_OOB was specified, but the socket is not stream style such as type SOCK_STREAM, out of band (OOB) data is not supported in the communication domain associated with this socket, or the socket is unidirectional and supports only send operations.";
+ break;
+ case WSAESHUTDOWN:
+ msg = "The socket has been shut down; it is not possible to receive on a socket after shutdown has been invoked with how set to SD_RECEIVE or SD_BOTH.";
+ break;
+ case WSAEWOULDBLOCK:
+ msg = "The socket is marked as nonblocking and the receive operation would block.";
+ break;
+ case WSAEMSGSIZE:
+ msg = "The message was too large to fit into the specified buffer and was truncated.";
+ break;
+ case WSAEINVAL:
+ msg = "The socket has not been bound with bind (Windows Sockets), an unknown flag was specified, MSG_OOB was specified for a socket with SO_OOBINLINE enabled, or (for byte stream sockets only) len was zero or negative.";
+ break;
+ case WSAECONNABORTED:
+ msg = "The virtual circuit was terminated due to a time-out or other failure. The application should close the socket as it is no longer usable.";
+ break;
+ case WSAETIMEDOUT:
+ msg = "The connection has been dropped because of a network failure or because the peer system failed to respond.";
+ break;
+ case WSAECONNRESET:
+ msg = "The virtual circuit was reset by the remote side executing a hard or abortive close. The application should close the socket because it is no longer usable.";
+ break;
+ default:
+ break;
+ }
+ perror(msg);
+#endif
if (errno == EINTR)
continue;
return (ret);
@@ -280,7 +339,7 @@ recv_token(s, flags, tok)
| (lenbuf[1] << 16)
| (lenbuf[2] << 8)
| lenbuf[3]);
- tok->value = (char *) malloc(tok->length ? tok->length : 1);
+ tok->value = (char *) gssalloc_malloc(tok->length ? tok->length : 1);
if (tok->length && tok->value == NULL) {
if (display_file)
fprintf(display_file, "Out of memory allocating token data\n");
@@ -290,12 +349,12 @@ recv_token(s, flags, tok)
ret = read_all(s, (char *) tok->value, tok->length);
if (ret < 0) {
perror("reading token data");
- free(tok->value);
+ gssalloc_free(tok->value);
return -1;
} else if (ret != tok->length) {
fprintf(stderr, "sending token data: %d of %d bytes written\n",
ret, (int) tok->length);
- free(tok->value);
+ gssalloc_free(tok->value);
return -1;
}
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c
index c08b714..99626fc 100644
--- a/src/appl/gss-sample/gss-server.c
+++ b/src/appl/gss-sample/gss-server.c
@@ -59,6 +59,7 @@
#include <gssapi/gssapi_generic.h>
#include <gssapi/gssapi_krb5.h>
+#include <gssapi/gssapi_alloc.h>
#include "gss-misc.h"
#ifdef HAVE_STRING_H
@@ -178,7 +179,7 @@ server_establish_context(int s, gss_cred_id_t server_creds,
return -1;
if (recv_tok.value) {
- free(recv_tok.value);
+ gssalloc_free(recv_tok.value);
recv_tok.value = NULL;
}
@@ -211,7 +212,7 @@ server_establish_context(int s, gss_cred_id_t server_creds,
NULL); /* del_cred_handle */
if (recv_tok.value) {
- free(recv_tok.value);
+ gssalloc_free(recv_tok.value);
recv_tok.value = NULL;
}
@@ -451,7 +452,7 @@ sign_server(int s, gss_cred_id_t server_creds, int export)
if (logfile)
fprintf(logfile, "NOOP token\n");
if (xmit_buf.value) {
- free(xmit_buf.value);
+ gssalloc_free(xmit_buf.value);
xmit_buf.value = 0;
}
break;
@@ -469,7 +470,7 @@ sign_server(int s, gss_cred_id_t server_creds, int export)
fprintf(logfile,
"Unauthenticated client requested authenticated services!\n");
if (xmit_buf.value) {
- free(xmit_buf.value);
+ gssalloc_free(xmit_buf.value);
xmit_buf.value = 0;
}
return (-1);
@@ -481,7 +482,7 @@ sign_server(int s, gss_cred_id_t server_creds, int export)
if (maj_stat != GSS_S_COMPLETE) {
display_status("unsealing message", maj_stat, min_stat);
if (xmit_buf.value) {
- free(xmit_buf.value);
+ gssalloc_free(xmit_buf.value);
xmit_buf.value = 0;
}
return (-1);
@@ -490,7 +491,7 @@ sign_server(int s, gss_cred_id_t server_creds, int export)
}
if (xmit_buf.value) {
- free(xmit_buf.value);
+ gssalloc_free(xmit_buf.value);
xmit_buf.value = 0;
}
} else {
@@ -520,7 +521,7 @@ sign_server(int s, gss_cred_id_t server_creds, int export)
}
if (msg_buf.value) {
- free(msg_buf.value);
+ gssalloc_free(msg_buf.value);
msg_buf.value = 0;
}
@@ -529,12 +530,12 @@ sign_server(int s, gss_cred_id_t server_creds, int export)
return (-1);
if (xmit_buf.value) {
- free(xmit_buf.value);
+ gssalloc_free(xmit_buf.value);
xmit_buf.value = 0;
}
} else {
if (msg_buf.value) {
- free(msg_buf.value);
+ gssalloc_free(msg_buf.value);
msg_buf.value = 0;
}
if (send_token(s, TOKEN_NOOP, empty_token) < 0)
diff --git a/src/lib/gssapi/generic/oid_ops.c b/src/lib/gssapi/generic/oid_ops.c
index d2aa778..969a872 100644
--- a/src/lib/gssapi/generic/oid_ops.c
+++ b/src/lib/gssapi/generic/oid_ops.c
@@ -270,10 +270,7 @@ generic_gss_oid_to_str(OM_uint32 *minor_status,
*minor_status = ENOMEM;
return(GSS_S_FAILURE);
}
- oid_str->length = krb5int_buf_len(&buf)+1;
- oid_str->value = gss_malloc_buffer(oid_str->length);
- memcpy(oid_str->value, bp, oid_str->length);
- krb5int_free_buf(&buf);
+ gssint_transfer_k5buf_to_gss_buffer(&buf, oid_str);
return(GSS_S_COMPLETE);
}
diff --git a/src/lib/gssapi/generic/rel_buffer.c b/src/lib/gssapi/generic/rel_buffer.c
index 2a57a25..44dc981 100644
--- a/src/lib/gssapi/generic/rel_buffer.c
+++ b/src/lib/gssapi/generic/rel_buffer.c
@@ -48,7 +48,7 @@ generic_gss_release_buffer(
return(GSS_S_COMPLETE);
if (buffer->value) {
- gss_free_buffer(buffer->value);
+ gssalloc_free(buffer->value);
buffer->length = 0;
buffer->value = NULL;
}
diff --git a/src/lib/gssapi/generic/util_buffer.c b/src/lib/gssapi/generic/util_buffer.c
index 218d370..da2d832 100644
--- a/src/lib/gssapi/generic/util_buffer.c
+++ b/src/lib/gssapi/generic/util_buffer.c
@@ -39,11 +39,10 @@ int g_make_string_buffer(const char *str, gss_buffer_t buffer)
buffer->length = strlen(str);
- if ((buffer->value = gss_malloc_buffer(buffer->length+1)) == NULL) {
+ if ((buffer->value = gssalloc_strdup(str)) == NULL) {
buffer->length = 0;
return(0);
}
- strcpy(buffer->value, str);
return(1);
}
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 40dfa8b..64d0b3a 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -1128,7 +1128,7 @@ kg_accept_krb5(minor_status, context_handle,
token.length = g_token_size(mech_used, ap_rep.length);
- if ((token.value = (unsigned char *) xmalloc(token.length))
+ if ((token.value = (unsigned char *) gssalloc_malloc(token.length))
== NULL) {
major_status = GSS_S_FAILURE;
code = ENOMEM;
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index d15dcd9..7d9f494 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -474,14 +474,12 @@ make_ap_req_v1(context, ctx, cred, k_cred, ad_context,
* For DCE RPC, do not encapsulate the AP-REQ in the
* typical GSS wrapping.
*/
- token->length = ap_req.length;
- token->value = gss_malloc_buffer(ap_req.length);
- memcpy(token->value, ap_req.data, ap_req.length);
+ gss_krb5int_transfer_krb5_data_to_gss_buffer(&ap_req, token);
} else {
/* allocate space for the token */
tlen = g_token_size((gss_OID) mech_type, ap_req.length);
- if ((t = (unsigned char *) gss_malloc_buffer(tlen)) == NULL) {
+ if ((t = (unsigned char *) gssalloc_malloc(tlen)) == NULL) {
code = ENOMEM;
goto cleanup;
}
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index ad2a3cf..41604dc 100644
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -112,7 +112,7 @@ make_seal_token_v1 (krb5_context context,
}
tlen = g_token_size((gss_OID) oid, 14+cksum_size+tmsglen);
- if ((t = (unsigned char *) xmalloc(tlen)) == NULL)
+ if ((t = (unsigned char *) gssalloc_malloc(tlen)) == NULL)
return(ENOMEM);
/*** fill in the token */
@@ -159,14 +159,14 @@ make_seal_token_v1 (krb5_context context,
code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
if (code) {
- xfree(t);
+ gssalloc_free(t);
return(code);
}
md5cksum.length = sumlen;
if ((plain = (unsigned char *) xmalloc(msglen ? msglen : 1)) == NULL) {
- xfree(t);
+ gssalloc_free(t);
return(ENOMEM);
}
@@ -174,7 +174,7 @@ make_seal_token_v1 (krb5_context context,
if ((code = kg_make_confounder(context, enc->keyblock.enctype,
plain))) {
xfree(plain);
- xfree(t);
+ gssalloc_free(t);
return(code);
}
}
@@ -188,7 +188,7 @@ make_seal_token_v1 (krb5_context context,
if (! (data_ptr =
(char *) xmalloc(8 + (bigend ? text->length : msglen)))) {
xfree(plain);
- xfree(t);
+ gssalloc_free(t);
return(ENOMEM);
}
(void) memcpy(data_ptr, ptr-2, 8);
@@ -204,7 +204,7 @@ make_seal_token_v1 (krb5_context context,
if (code) {
xfree(plain);
- xfree(t);
+ gssalloc_free(t);
return(code);
}
switch(signalg) {
@@ -218,7 +218,7 @@ make_seal_token_v1 (krb5_context context,
if (code) {
krb5_free_checksum_contents(context, &md5cksum);
xfree (plain);
- xfree(t);
+ gssalloc_free(t);
return code;
}
@@ -249,7 +249,7 @@ make_seal_token_v1 (krb5_context context,
if ((code = kg_make_seq_num(context, seq, direction?0:0xff,
(krb5_ui_4)*seqnum, ptr+14, ptr+6))) {
xfree (plain);
- xfree(t);
+ gssalloc_free(t);
return(code);
}
@@ -265,7 +265,7 @@ make_seal_token_v1 (krb5_context context,
if (code)
{
xfree(plain);
- xfree(t);
+ gssalloc_free(t);
return(code);
}
assert (enc_key->length == 16);
@@ -279,7 +279,7 @@ make_seal_token_v1 (krb5_context context,
if (code)
{
xfree(plain);
- xfree(t);
+ gssalloc_free(t);
return(code);
}
}
@@ -290,7 +290,7 @@ make_seal_token_v1 (krb5_context context,
(krb5_pointer) (ptr+cksum_size+14),
tmsglen))) {
xfree(plain);
- xfree(t);
+ gssalloc_free(t);
return(code);
}
}
diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index b3124bc..ac3d44d 100644
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -136,7 +136,7 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
/* Get size of ciphertext. */
bufsize = 16 + krb5_encrypt_size (plain.length, key->keyblock.enctype);
/* Allocate space for header plus encrypted data. */
- outbuf = gss_malloc_buffer(bufsize);
+ outbuf = gssalloc_malloc(bufsize);
if (outbuf == NULL) {
free(plain.data);
return ENOMEM;
@@ -204,7 +204,7 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
assert(cksumsize <= 0xffff);
bufsize = 16 + message2->length + cksumsize;
- outbuf = gss_malloc_buffer(bufsize);
+ outbuf = gssalloc_malloc(bufsize);
if (outbuf == NULL) {
free(plain.data);
plain.data = 0;
@@ -290,7 +290,7 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
return 0;
error:
- gss_free_buffer(outbuf);
+ gssalloc_free(outbuf);
token->value = NULL;
token->length = 0;
return err;
@@ -401,13 +401,13 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
cipher.ciphertext.length = bodysize - 16;
cipher.ciphertext.data = (char *)ptr + 16;
plain.length = bodysize - 16;
- plain.data = malloc(plain.length);
+ plain.data = gssalloc_malloc(plain.length);
if (plain.data == NULL)
goto no_mem;
err = krb5_k_decrypt(context, key, key_usage, 0,
&cipher, &plain);
if (err) {
- free(plain.data);
+ gssalloc_free(plain.data);
goto error;
}
/* Don't use bodysize here! Use the fact that
@@ -424,7 +424,7 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
message_buffer->value = plain.data;
message_buffer->length = plain.length - ec - 16;
if(message_buffer->length == 0) {
- free(message_buffer->value);
+ gssalloc_free(message_buffer->value);
message_buffer->value = NULL;
}
} else {
@@ -467,7 +467,7 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
return GSS_S_BAD_SIG;
}
message_buffer->length = plain.length - 16;
- message_buffer->value = malloc(message_buffer->length);
+ message_buffer->value = gssalloc_malloc(message_buffer->length);
if (message_buffer->value == NULL)
goto no_mem;
memcpy(message_buffer->value, plain.data, message_buffer->length);
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index f864cc5..9351980 100644
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -214,7 +214,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
}
if (token.length) {
- if ((token.value = (void *) xmalloc(token.length)) == NULL) {
+ if ((token.value = (void *) gssalloc_malloc(token.length)) == NULL) {
if (sealalg != 0xffff)
xfree(plain);
*minor_status = ENOMEM;
@@ -272,7 +272,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
if (sealalg != 0xffff)
xfree(plain);
if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
+ gssalloc_free(token.value);
*minor_status = ENOMEM;
return(GSS_S_FAILURE);
}
@@ -293,7 +293,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
if (code) {
if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
+ gssalloc_free(token.value);
*minor_status = code;
return(GSS_S_FAILURE);
}
@@ -306,7 +306,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
if (code) {
krb5_free_checksum_contents(context, &md5cksum);
if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
+ gssalloc_free(token.value);
*minor_status = code;
return GSS_S_FAILURE;
}
@@ -327,7 +327,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
if (sealalg != 0xffff)
xfree(plain);
if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
+ gssalloc_free(token.value);
*minor_status = code;
return GSS_S_FAILURE;
}
@@ -339,7 +339,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
if (sealalg == 0)
xfree(plain);
if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
+ gssalloc_free(token.value);
*minor_status = ENOMEM;
return(GSS_S_FAILURE);
}
@@ -364,7 +364,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
if (sealalg == 0)
xfree(plain);
if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
+ gssalloc_free(token.value);
*minor_status = code;
return(GSS_S_FAILURE);
}
@@ -387,7 +387,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
if (sealalg != 0xffff)
xfree(plain);
if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
+ gssalloc_free(token.value);
*minor_status = ENOMEM;
return(GSS_S_FAILURE);
}
@@ -408,7 +408,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
if (code) {
if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
+ gssalloc_free(token.value);
*minor_status = code;
return(GSS_S_FAILURE);
}
@@ -425,7 +425,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
if (code) {
if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
+ gssalloc_free(token.value);
*minor_status = 0;
return(GSS_S_BAD_SIG);
}
@@ -447,7 +447,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
if ((ctx->initiate && direction != 0xff) ||
(!ctx->initiate && direction != 0)) {
if (toktype == KG_TOK_SEAL_MSG) {
- xfree(token.value);
+ gssalloc_free(token.value);
message_buffer->value = NULL;
message_buffer->length = 0;
}
diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c
index 0063817..b7b4a0a 100644
--- a/src/lib/gssapi/krb5/util_crypt.c
+++ b/src/lib/gssapi/krb5/util_crypt.c
@@ -661,7 +661,7 @@ kg_release_iov(gss_iov_buffer_desc *iov, int iov_count)
for (i = 0; i < iov_count; i++) {
if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
- free(iov[i].buffer.value);
+ gssalloc_free(iov[i].buffer.value);
iov[i].buffer.length = 0;
iov[i].buffer.value = NULL;
iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
@@ -761,7 +761,7 @@ kg_allocate_iov(gss_iov_buffer_t iov, size_t size)
assert(iov->type & GSS_IOV_BUFFER_FLAG_ALLOCATE);
iov->buffer.length = size;
- iov->buffer.value = xmalloc(size);
+ iov->buffer.value = gssalloc_malloc(size);
if (iov->buffer.value == NULL) {
iov->buffer.length = 0;
return ENOMEM;
diff --git a/src/lib/gssapi/mechglue/g_dsp_status.c b/src/lib/gssapi/mechglue/g_dsp_status.c
index 13f104b..0df34be 100644
--- a/src/lib/gssapi/mechglue/g_dsp_status.c
+++ b/src/lib/gssapi/mechglue/g_dsp_status.c
@@ -84,7 +84,7 @@ gss_buffer_t status_string;
mapped to a flat numbering space. Look up the value we got
passed. If it's not found, complain. */
if (status_value == 0) {
- status_string->value = strdup("Unknown error");
+ status_string->value = gssalloc_strdup("Unknown error");
if (status_string->value == NULL) {
*minor_status = ENOMEM;
map_errcode(minor_status);
@@ -353,7 +353,7 @@ gss_buffer_t outStr;
/* now copy the status code and return to caller */
outStr->length = strlen(errStr);
- outStr->value = strdup(errStr);
+ outStr->value = gssalloc_strdup(errStr);
if (outStr->value == NULL) {
outStr->length = 0;
return (GSS_S_FAILURE);
diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c
index 074437b..2048523 100644
--- a/src/lib/gssapi/mechglue/g_glue.c
+++ b/src/lib/gssapi/mechglue/g_glue.c
@@ -724,7 +724,7 @@ gssint_create_copy_buffer(srcBuf, destBuf, addNullChar)
else
len = srcBuf->length;
- if (!(aBuf->value = (void*)gss_malloc_buffer(len))) {
+ if (!(aBuf->value = (void*)gssalloc_malloc(len))) {
free(aBuf);
return (GSS_S_FAILURE);
}
diff --git a/src/lib/gssapi/mechglue/g_rel_buffer.c b/src/lib/gssapi/mechglue/g_rel_buffer.c
index 31518fe..8c3328a 100644
--- a/src/lib/gssapi/mechglue/g_rel_buffer.c
+++ b/src/lib/gssapi/mechglue/g_rel_buffer.c
@@ -49,7 +49,7 @@ gss_buffer_t buffer;
if ((buffer->length) &&
(buffer->value)) {
- gss_free_buffer(buffer->value);
+ gssalloc_free(buffer->value);
buffer->length = 0;
buffer->value = NULL;
}
diff --git a/src/lib/gssapi/mechglue/g_rel_name.c b/src/lib/gssapi/mechglue/g_rel_name.c
index 762014a..e008692 100644
--- a/src/lib/gssapi/mechglue/g_rel_name.c
+++ b/src/lib/gssapi/mechglue/g_rel_name.c
@@ -70,7 +70,7 @@ gss_name_t * input_name;
if (union_name->external_name != GSS_C_NO_BUFFER) {
if (union_name->external_name->value != NULL)
- gss_free_buffer(union_name->external_name->value);
+ gssalloc_free(union_name->external_name->value);
free(union_name->external_name);
}
diff --git a/src/lib/gssapi/mechglue/g_wrap_aead.c b/src/lib/gssapi/mechglue/g_wrap_aead.c
index 7c059b4..ca1ef12 100644
--- a/src/lib/gssapi/mechglue/g_wrap_aead.c
+++ b/src/lib/gssapi/mechglue/g_wrap_aead.c
@@ -125,7 +125,7 @@ gssint_wrap_aead_iov_shim(gss_mechanism mech,
output_message_buffer->length += iov[i].buffer.length;
}
- output_message_buffer->value = malloc(output_message_buffer->length);
+ output_message_buffer->value = gssalloc_malloc(output_message_buffer->length);
if (output_message_buffer->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
--
1.7.4.1
More information about the krbdev
mailing list