diff options
| author | Tom Yu <tlyu@mit.edu> | 2003-06-13 21:43:07 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2003-06-13 21:43:07 +0000 |
| commit | 56d733f6d69e145693258b5e10a02554e4e68f77 (patch) | |
| tree | 1ac09f97eb2aa96617b77ce08fcce5d6fa7fdf20 | |
| parent | 6b7999187e33d4f9ddc1d842f70b587a492de325 (diff) | |
| download | krb5-56d733f6d69e145693258b5e10a02554e4e68f77.tar.gz krb5-56d733f6d69e145693258b5e10a02554e4e68f77.tar.xz krb5-56d733f6d69e145693258b5e10a02554e4e68f77.zip | |
libgss leaks, UMRs
* init_sec_context.c (krb5_gss_init_sec_context): Free
default_enctypes to avoid leaking returned value from
krb5_get_tgs_ktypes.
* k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if
token.length == 0, to avoid spurious uninitialized memory
references when calling memcpy() with a zero length.
ticket: new
target_version: 1.3
tags: pullup
component: krb5-libs
cc: Kent_Wu@trendmicro.com
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15619 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 6 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/init_sec_context.c | 1 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/k5unseal.c | 2 |
3 files changed, 9 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 10f85ad88d..9cccd9d349 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -2,6 +2,12 @@ * init_sec_context.c (make_ap_req_v1): Free checksum_data if needed, to avoid leaking memory. Found by Kent Wu. + (krb5_gss_init_sec_context): Free default_enctypes to avoid + leaking returned value from krb5_get_tgs_ktypes. + + * k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if + token.length == 0, to avoid spurious uninitialized memory + references when calling memcpy() with a zero length. 2003-05-13 Tom Yu <tlyu@mit.edu> diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index a95d3048ac..0d3ddc9689 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -539,6 +539,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if (!is_duplicate_enctype) requested_enctypes[i++] = e; } + krb5_free_ktypes(context, default_enctypes); requested_enctypes[i++] = 0; if ((code = get_credentials(context, cred, ctx->there, now, diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 347d6b8524..e678311f9a 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -224,6 +224,8 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, return(GSS_S_FAILURE); } memcpy(token.value, plain+conflen, token.length); + } else { + token.value = NULL; } } else if (toktype == KG_TOK_SIGN_MSG) { token = *message_buffer; |