diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-08-11 00:16:25 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-08-11 00:28:33 -0400 |
| commit | 1870feda057e24826f505eb5f3151aad3041ab1e (patch) | |
| tree | b1b0368ccaf818979d541a56e711572c66ac5c25 /src/lib/rpc/auth_gss.c | |
| parent | b0edf38aafe3a365821cae4874e4608f95e28896 (diff) | |
| download | krb5-1870feda057e24826f505eb5f3151aad3041ab1e.tar.gz krb5-1870feda057e24826f505eb5f3151aad3041ab1e.tar.xz krb5-1870feda057e24826f505eb5f3151aad3041ab1e.zip | |
Stop misusing gss_release_buffer in libgssrpc
Use free() instead of gss_release_buffer() when freeing buffers in
libgssrpc which weren't constructed by GSSAPI. This mixing is
harmless in normal configurations (since libgssrpc is only used on
Unix), but fails with DEBUG_GSSALLOC.
Diffstat (limited to 'src/lib/rpc/auth_gss.c')
| -rw-r--r-- | src/lib/rpc/auth_gss.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c index 6e61179151..ab161c17d9 100644 --- a/src/lib/rpc/auth_gss.c +++ b/src/lib/rpc/auth_gss.c @@ -432,7 +432,8 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg) log_status("gss_init_sec_context", maj_stat, min_stat); if (recv_tokenp != GSS_C_NO_BUFFER) { - gss_release_buffer(&min_stat, &gr.gr_token); + free(gr.gr_token.value); + gr.gr_token.value = NULL; recv_tokenp = GSS_C_NO_BUFFER; } if (maj_stat != GSS_S_COMPLETE && @@ -459,9 +460,7 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg) break; if (gr.gr_ctx.length != 0) { - if (gd->gc.gc_ctx.value) - gss_release_buffer(&min_stat, - &gd->gc.gc_ctx); + free(gd->gc.gc_ctx.value); gd->gc.gc_ctx = gr.gr_ctx; } if (gr.gr_token.length != 0) { @@ -490,17 +489,18 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg) log_debug("authgss_refresh: GSS_S_COMPLETE: calling verify_mic"); maj_stat = gss_verify_mic(&min_stat,gd->ctx, &bufin, &bufout, &qop_state); + free(gd->gc_wire_verf.value); + gd->gc_wire_verf.length = 0; + gd->gc_wire_verf.value = NULL; if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) { log_status("gss_verify_mic", maj_stat, min_stat); - gss_release_buffer(&min_stat, &gd->gc_wire_verf); if (maj_stat == GSS_S_CONTEXT_EXPIRED) { gd->established = FALSE; authgss_destroy_context(auth); } return (FALSE); } - gss_release_buffer(&min_stat, &gd->gc_wire_verf); gd->established = TRUE; gd->inprogress = FALSE; gd->gc.gc_proc = RPCSEC_GSS_DATA; @@ -513,9 +513,7 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg) /* End context negotiation loop. */ if (gd->gc.gc_proc != RPCSEC_GSS_DATA) { log_debug("authgss_refresh: returning ERROR (gc_proc %d)", gd->gc.gc_proc); - if (gr.gr_token.length != 0) - gss_release_buffer(&min_stat, &gr.gr_token); - + free(gr.gr_token.value); authgss_destroy(auth); auth = NULL; rpc_createerr.cf_stat = RPC_AUTHERROR; @@ -565,7 +563,7 @@ authgss_destroy_context(AUTH *auth) clnt_sperror(gd->clnt, "authgss_destroy_context")); } - gss_release_buffer(&min_stat, &gd->gc.gc_ctx); + free(gd->gc.gc_ctx.value); /* XXX ANDROS check size of context - should be 8 */ memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx)); } |