Fix a small memory leak in util_errmap

Calls to gssint_mecherrmap_map_errcode would result in calling mecherror_copy with a zero-length mech OID, which would result in an OID with 0 for length and malloc(0) for elements. On platforms which return non-null from malloc(0), gssint_mecherrmap_destroy() wouldn't free the elements pointer. Avoid calling malloc(0) and don't use the length field to decide whether to free an elements pointer.
author: Greg Hudson <ghudson@mit.edu> 2012-12-31 17:21:46 -0500
committer: Greg Hudson <ghudson@mit.edu> 2013-01-01 17:41:49 -0500
commit: 379d39c17b8930718e98185a5b32a0f7f3e3b4b6 (patch)
tree: 8de619a7795a29019f3941a4117ad58684c40d71 /src/lib/gssapi
parent: 54fa4433df7412267375240aba40959e97ac4fe2 (diff)
download: krb5-379d39c17b8930718e98185a5b32a0f7f3e3b4b6.tar.gz
krb5-379d39c17b8930718e98185a5b32a0f7f3e3b4b6.tar.xz
krb5-379d39c17b8930718e98185a5b32a0f7f3e3b4b6.zip
1 files changed, 9 insertions, 12 deletions
diff --git a/src/lib/gssapi/generic/util_errmap.c b/src/lib/gssapi/generic/util_errmap.c
index 9fbc9fc4ca..c26ea7b05a 100644
--- a/src/lib/gssapi/generic/util_errmap.c
+++ b/src/lib/gssapi/generic/util_errmap.c
@@ -79,14 +79,14 @@ static inline int
 mecherror_copy(struct mecherror *dest, struct mecherror src)
 {
     *dest = src;
-    dest->mech.elements = malloc(src.mech.length);
-    if (dest->mech.elements == NULL) {
-        if (src.mech.length)
+    if (src.mech.length > 0) {
+        dest->mech.elements = malloc(src.mech.length);
+        if (dest->mech.elements == NULL)
             return ENOMEM;
-        else
-            return 0;
+        memcpy(dest->mech.elements, src.mech.elements, src.mech.length);
+    } else {
+        dest->mech.elements = NULL;
     }
-    memcpy(dest->mech.elements, src.mech.elements, src.mech.length);
     return 0;
 }
 
@@ -155,8 +155,7 @@ int gssint_mecherrmap_init(void)
    element storage when destroying the collection.  */
 static int free_one(OM_uint32 i, struct mecherror value, void *p)
 {
-    if (value.mech.length && value.mech.elements)
-        free(value.mech.elements);
+    free(value.mech.elements);
     return 0;
 }
 
@@ -229,10 +228,8 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid)
     }
     err = mecherrmap_add(&m, new_status, me_copy);
     k5_mutex_unlock(&mutex);
-    if (err) {
-        if (me_copy.mech.length)
-            free(me_copy.mech.elements);
-    }
+    if (err)
+        free(me_copy.mech.elements);
 #ifdef DEBUG
     fprintf(f, "%s: mapping ", __FUNCTION__);
     mecherror_print(me, f);
author	Greg Hudson <ghudson@mit.edu>	2012-12-31 17:21:46 -0500
committer	Greg Hudson <ghudson@mit.edu>	2013-01-01 17:41:49 -0500
commit	379d39c17b8930718e98185a5b32a0f7f3e3b4b6 (patch)
tree	8de619a7795a29019f3941a4117ad58684c40d71 /src/lib/gssapi
parent	54fa4433df7412267375240aba40959e97ac4fe2 (diff)
download	krb5-379d39c17b8930718e98185a5b32a0f7f3e3b4b6.tar.gz krb5-379d39c17b8930718e98185a5b32a0f7f3e3b4b6.tar.xz krb5-379d39c17b8930718e98185a5b32a0f7f3e3b4b6.zip