diff options
| author | Ezra Peisach <epeisach@mit.edu> | 2003-04-13 13:01:51 +0000 |
|---|---|---|
| committer | Ezra Peisach <epeisach@mit.edu> | 2003-04-13 13:01:51 +0000 |
| commit | c042a565116a44e1c9e11ff179f41ec72cd3e5cb (patch) | |
| tree | 88389665818b01632bad299f11e9fb9f27a070f1 /src/lib/krb5 | |
| parent | e01da4059775fdc4778b32a820a94904a6483f7c (diff) | |
| download | krb5-c042a565116a44e1c9e11ff179f41ec72cd3e5cb.tar.gz krb5-c042a565116a44e1c9e11ff179f41ec72cd3e5cb.tar.xz krb5-c042a565116a44e1c9e11ff179f41ec72cd3e5cb.zip | |
Obscure memory leak in asn1_decode_kdc_req_body
* asn1_k_decode.c (asn1_decode_kdc_req_body): Fix memory leak if
optional server field is lacking,
ticket: new
component: krb5-libs
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15350 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5')
| -rw-r--r-- | src/lib/krb5/asn.1/ChangeLog | 5 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.c | 16 |
2 files changed, 20 insertions, 1 deletions
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index b1ff161c4f..01e6d96cde 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,8 @@ +2003-04-13 Ezra Peisach <epeisach@mit.edu> + + * asn1_k_decode.c (asn1_decode_kdc_req_body): Fix memory leak if + optional server field is lacking, + 2003-03-11 Ken Raeburn <raeburn@mit.edu> * asn1_get.c (asn1_get_tag): Deleted. diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index c64ebb84e0..a19dda2a33 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -541,7 +541,9 @@ asn1_error_code asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val) asn1_error_code asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val) { setup(); - { begin_structure(); + { + krb5_principal psave; + begin_structure(); get_field(val->kdc_options,0,asn1_decode_kdc_options); if(tagnum == 1){ alloc_field(val->client,krb5_principal_data); } opt_field(val->client,1,asn1_decode_principal_name,NULL); @@ -550,7 +552,19 @@ asn1_error_code asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val) if(val->client != NULL){ retval = asn1_krb5_realm_copy(val->client,val->server); if(retval) return retval; } + + /* If opt_field server is missing, memory reference to server is + lost and results in memory leak */ + psave = val->server; opt_field(val->server,3,asn1_decode_principal_name,NULL); + if(val->server == NULL){ + if(psave->realm.data) { + free(psave->realm.data); + psave->realm.data = NULL; + psave->realm.length=0; + } + free(psave); + } opt_field(val->from,4,asn1_decode_kerberos_time,0); get_field(val->till,5,asn1_decode_kerberos_time); opt_field(val->rtime,6,asn1_decode_kerberos_time,0); |