diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-12-09 17:57:47 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-12-09 17:57:47 +0000 |
| commit | 50fb5d3192e68abf02d2c1dbebe51b4eb268972c (patch) | |
| tree | 9bcd54eb15db10bfb73c54126edd3ba2e310da45 /src/lib | |
| parent | c46149123370939afc76276aebadf30adf815690 (diff) | |
| download | krb5-50fb5d3192e68abf02d2c1dbebe51b4eb268972c.tar.gz krb5-50fb5d3192e68abf02d2c1dbebe51b4eb268972c.tar.xz krb5-50fb5d3192e68abf02d2c1dbebe51b4eb268972c.zip | |
Fix memory leaks in FAST TGS support
krb5int_fast_prep_req remove tgs from request->padata and needs to
free it. get_creds.c needs to use a fresh FAST state for each TGS
request to avoid leaking armor keys.
ticket: 7026
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25535 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/fast.c | 4 | ||||
| -rw-r--r-- | src/lib/krb5/krb/get_creds.c | 12 |
2 files changed, 12 insertions, 4 deletions
diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index ec660563aa..7de338b122 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -320,6 +320,10 @@ krb5int_fast_prep_req(krb5_context context, krb5_free_data(context, encoded_fast_req); if (local_encoded_result) krb5_free_data(context, local_encoded_result); + if (tgs) { + free(tgs->contents); + free(tgs); + } state->fast_outer_request.padata = NULL; return retval; } diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index d1439586cb..b009e6100b 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -152,7 +152,6 @@ struct _krb5_tkt_creds_context { krb5_flags req_options; /* Caller-requested KRB5_GC_* options */ krb5_flags req_kdcopt; /* Caller-requested options as KDC options */ krb5_authdata **authdata; /* Caller-requested authdata */ - struct krb5int_fast_request_state *fast_state; /* The following fields are used in multiple steps. */ krb5_creds *cur_tgt; /* TGT to be used for next query */ @@ -168,6 +167,7 @@ struct _krb5_tkt_creds_context { int kdcopt; /* KDC options of request */ krb5_keyblock *subkey; /* subkey of request */ krb5_data previous_request; /* Encoded request (for TCP retransmission) */ + struct krb5int_fast_request_state *fast_state; /* The following fields are used when acquiring foreign TGTs. */ krb5_data *realm_path; /* Path from client to server realm */ @@ -268,6 +268,13 @@ make_request(krb5_context context, krb5_tkt_creds_context ctx, if (!krb5_c_valid_enctype(ctx->cur_tgt->keyblock.enctype)) return KRB5_PROG_ETYPE_NOSUPP; + /* Create a new FAST state structure to store this request's armor key. */ + krb5int_fast_free_state(context, ctx->fast_state); + ctx->fast_state = NULL; + code = krb5int_fast_make_state(context, &ctx->fast_state); + if (code) + return code; + code = krb5int_make_tgs_request(context, ctx->fast_state, ctx->cur_tgt, ctx->kdcopt, ctx->cur_tgt->addresses, NULL, @@ -1047,9 +1054,6 @@ krb5_tkt_creds_init(krb5_context context, krb5_ccache ccache, ctx = k5alloc(sizeof(*ctx), &code); if (ctx == NULL) goto cleanup; - code = krb5int_fast_make_state(context, &ctx->fast_state); - if (code) - goto cleanup; ctx->req_options = options; ctx->req_kdcopt = 0; |