diff options
author | Greg Hudson <ghudson@mit.edu> | 2011-03-17 20:02:01 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2011-03-17 20:02:01 +0000 |
commit | b5d9f6e92ac9291c6f352a2d86b4b0bf9f74fc1f (patch) | |
tree | c1357d249460ecde2e14ced4eda883ff4bf0af3e /src/kdc/do_as_req.c | |
parent | e1ce2955dbaf8fbbc52a9625a62bb3fc4e31215f (diff) | |
download | krb5-b5d9f6e92ac9291c6f352a2d86b4b0bf9f74fc1f.tar.gz krb5-b5d9f6e92ac9291c6f352a2d86b4b0bf9f74fc1f.tar.xz krb5-b5d9f6e92ac9291c6f352a2d86b4b0bf9f74fc1f.zip |
KDC memory leak in FAST error path
When kdc_fast_handle_error() produces a FAST-encoded error, it puts it
into err->e_data and it never gets freed (since in the non-FAST case,
err->e_data contains aliased pointers). Fix this by storing the
encoded error in an output variable which is placed into the error's
e_data by the caller and then freed.
ticket: 6884
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24722 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/do_as_req.c')
-rw-r--r-- | src/kdc/do_as_req.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 0cc21cec49..32ae121928 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -688,7 +688,7 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, { krb5_error errpkt; krb5_error_code retval; - krb5_data *scratch; + krb5_data *scratch, *fast_edata = NULL; krb5_pa_data **pa = NULL; krb5_typed_data **td = NULL; size_t size; @@ -747,9 +747,12 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, } } retval = kdc_fast_handle_error(kdc_context, rstate, - request, pa, &errpkt); - if (retval == 0) + request, pa, &errpkt, &fast_edata); + if (retval == 0) { + if (fast_edata != NULL) + errpkt.e_data = *fast_edata; retval = krb5_mk_error(kdc_context, &errpkt, scratch); + } free(errpkt.text.data); if (retval) @@ -757,6 +760,7 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, else *response = scratch; krb5_free_pa_data(kdc_context, pa); + krb5_free_data(kdc_context, fast_edata); return retval; } |