diff options
| author | Ezra Peisach <epeisach@mit.edu> | 2007-02-04 02:03:48 +0000 |
|---|---|---|
| committer | Ezra Peisach <epeisach@mit.edu> | 2007-02-04 02:03:48 +0000 |
| commit | cbf68e7ae3bbae299793240ee3b65a45bb09f7c6 (patch) | |
| tree | ae6d04e353e7e5e7378bdc29f46ad09806a96174 /src/lib/krb5/keytab | |
| parent | 1e88e68ab68e74df6b1118a74a3bdcbf0cf4a32f (diff) | |
| download | krb5-cbf68e7ae3bbae299793240ee3b65a45bb09f7c6.tar.gz krb5-cbf68e7ae3bbae299793240ee3b65a45bb09f7c6.tar.xz krb5-cbf68e7ae3bbae299793240ee3b65a45bb09f7c6.zip | |
MEMORY keytab does not copy keytab_entry keyblock contents
In krb5_kt_add_entry: The MEMORY keytab does not make a copy of the
keytab_entry keyblock contents - but instead retains a pointer to the
incomming one.
In krb5_kt_get_entry and krb5_kt_get_next - a pointer to internal
keyblock contents memory is returned to the caller - which is subsequently
freed when tht caller invokes krb5_free_keytab_entry_contents.
Solution is to use krb5_copy_keyblock_contents() instead of simply copying
the structure.
Ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19140 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/keytab')
| -rw-r--r-- | src/lib/krb5/keytab/kt_memory.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c index 5e550d4929..7e055b7376 100644 --- a/src/lib/krb5/keytab/kt_memory.c +++ b/src/lib/krb5/keytab/kt_memory.c @@ -442,12 +442,18 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id, out_entry->timestamp = entry->timestamp;
out_entry->vno = entry->vno;
out_entry->key = entry->key;
+ err = krb5_copy_keyblock_contents(context, &(entry->key),
+ &(out_entry->key));
/*
* Coerce the enctype of the output keyblock in case we
* got an inexact match on the enctype.
*/
out_entry->key.enctype = enctype;
- err = krb5_copy_principal(context, entry->principal, &(out_entry->principal));
+ if(!err) {
+ err = krb5_copy_principal(context,
+ entry->principal,
+ &(out_entry->principal));
+ }
} else {
if (!err)
err = found_wrong_kvno ? KRB5_KT_KVNONOTFOUND : KRB5_KT_NOTFOUND;
@@ -524,7 +530,11 @@ krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry entry->timestamp = mkt_cursor->entry->timestamp;
entry->vno = mkt_cursor->entry->vno;
entry->key = mkt_cursor->entry->key;
- err = krb5_copy_principal(context, mkt_cursor->entry->principal, &(entry->principal));
+ err = krb5_copy_keyblock_contents(context, &(mkt_cursor->entry->key),
+ &(entry->key));
+ if (!err)
+ err = krb5_copy_principal(context, mkt_cursor->entry->principal,
+ &(entry->principal));
if (!err)
*cursor = (krb5_kt_cursor *)mkt_cursor->next;
KTUNLOCK(id);
@@ -571,9 +581,17 @@ krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) cursor->entry->magic = entry->magic;
cursor->entry->timestamp = entry->timestamp;
cursor->entry->vno = entry->vno;
- cursor->entry->key = entry->key;
+ err = krb5_copy_keyblock_contents(context, &(entry->key),
+ &(cursor->entry->key));
+ if (err) {
+ krb5_xfree(cursor->entry);
+ krb5_xfree(cursor);
+ goto done;
+ }
+
err = krb5_copy_principal(context, entry->principal, &(cursor->entry->principal));
if (err) {
+ krb5_free_keyblock_contents(context, &(cursor->entry->key));
krb5_xfree(cursor->entry);
krb5_xfree(cursor);
goto done;
|