diff options
| author | Sam Hartman <hartmans@mit.edu> | 2011-10-14 14:40:10 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2011-10-14 14:40:10 +0000 |
| commit | 800358b1790ef82710af0b6021c6ff2dca2b0de7 (patch) | |
| tree | 49f106379347bdf032708c5f8f13b6820ca220d3 /src | |
| parent | 3ab619b8ffa9337498e49caa8e75f6e03a56e71c (diff) | |
| download | krb5-800358b1790ef82710af0b6021c6ff2dca2b0de7.tar.gz krb5-800358b1790ef82710af0b6021c6ff2dca2b0de7.tar.xz krb5-800358b1790ef82710af0b6021c6ff2dca2b0de7.zip | |
Use gssalloc memory management where appropriate
gss_buffer_t may be freed in a different module from where they
are allocated so it is not safe to use strdup/malloc/calloc/free.
similarly, gss_OID_set need to use gssalloc functions.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25332 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/appl/gss-sample/gss-server.c | 87 | ||||
| -rw-r--r-- | src/lib/gssapi/generic/oid_ops.c | 20 | ||||
| -rw-r--r-- | src/lib/gssapi/generic/rel_buffer.c | 2 | ||||
| -rw-r--r-- | src/lib/gssapi/generic/rel_oid_set.c | 6 | ||||
| -rw-r--r-- | src/lib/gssapi/generic/util_buffer.c | 2 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 11 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/gssapi_krb5.c | 2 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/init_sec_context.c | 14 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/k5seal.c | 22 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/k5sealv3.c | 14 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/k5unseal.c | 22 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/util_crypt.c | 4 | ||||
| -rw-r--r-- | src/lib/gssapi/mechglue/g_dsp_status.c | 4 | ||||
| -rw-r--r-- | src/lib/gssapi/mechglue/g_glue.c | 2 | ||||
| -rw-r--r-- | src/lib/gssapi/mechglue/g_rel_buffer.c | 2 | ||||
| -rw-r--r-- | src/lib/gssapi/mechglue/g_rel_name.c | 2 | ||||
| -rw-r--r-- | src/lib/gssapi/mechglue/g_wrap_aead.c | 2 |
17 files changed, 112 insertions, 106 deletions
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index d914933127..2e56e06ab0 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -415,13 +415,14 @@ test_import_export_context(gss_ctx_id_t *context) static int sign_server(int s, gss_cred_id_t server_creds, int export) { - gss_buffer_desc client_name, xmit_buf, msg_buf; + gss_buffer_desc client_name, recv_buf, unwrap_buf, mic_buf, *msg_buf, *send_buf; gss_ctx_id_t context; OM_uint32 maj_stat, min_stat; int i, conf_state; OM_uint32 ret_flags; char *cp; int token_flags; + int send_flags; /* Establish a context with the client */ if (server_establish_context(s, server_creds, &context, @@ -444,22 +445,22 @@ sign_server(int s, gss_cred_id_t server_creds, int export) do { /* Receive the message token */ - if (recv_token(s, &token_flags, &xmit_buf) < 0) + if (recv_token(s, &token_flags, &recv_buf) < 0) return (-1); if (token_flags & TOKEN_NOOP) { if (logfile) fprintf(logfile, "NOOP token\n"); - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; + if (recv_buf.value) { + free(recv_buf.value); + recv_buf.value = 0; } break; } if (verbose && logfile) { fprintf(logfile, "Message token (flags=%d):\n", token_flags); - print_token(&xmit_buf); + print_token(&recv_buf); } if ((context == GSS_C_NO_CONTEXT) && @@ -468,77 +469,81 @@ sign_server(int s, gss_cred_id_t server_creds, int export) if (logfile) fprintf(logfile, "Unauthenticated client requested authenticated services!\n"); - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; + if (recv_buf.value) { + free(recv_buf.value); + recv_buf.value = 0; } return (-1); } if (token_flags & TOKEN_WRAPPED) { - maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, + maj_stat = gss_unwrap(&min_stat, context, &recv_buf, &unwrap_buf, &conf_state, (gss_qop_t *) NULL); if (maj_stat != GSS_S_COMPLETE) { display_status("unsealing message", maj_stat, min_stat); - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; + if (recv_buf.value) { + free(recv_buf.value); + recv_buf.value = 0; } return (-1); } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) { fprintf(stderr, "Warning! Message not encrypted.\n"); } - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; + if (recv_buf.value) { + free(recv_buf.value); + recv_buf.value = 0; } + msg_buf = &unwrap_buf; } else { - msg_buf = xmit_buf; + unwrap_buf.value = NULL; + unwrap_buf.length = 0; + msg_buf = &recv_buf; } if (logfile) { fprintf(logfile, "Received message: "); - cp = msg_buf.value; + cp = msg_buf->value; if ((isprint((int) cp[0]) || isspace((int) cp[0])) && (isprint((int) cp[1]) || isspace((int) cp[1]))) { - fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length, - (char *) msg_buf.value); + fprintf(logfile, "\"%.*s\"\n", (int) msg_buf->length, + (char *) msg_buf->value); } else { fprintf(logfile, "\n"); - print_token(&msg_buf); + print_token(msg_buf); } } if (token_flags & TOKEN_SEND_MIC) { /* Produce a signature block for the message */ maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, - &msg_buf, &xmit_buf); + msg_buf, &mic_buf); if (maj_stat != GSS_S_COMPLETE) { display_status("signing message", maj_stat, min_stat); return (-1); } + send_flags = TOKEN_MIC; + send_buf = &mic_buf; + } else { + mic_buf.value = NULL; + mic_buf.length = 0; + send_flags = TOKEN_NOOP; + send_buf = empty_token; + } + if (recv_buf.value) { + free(recv_buf.value); + recv_buf.value = NULL; + } + if (unwrap_buf.value) { + gss_release_buffer(&min_stat, &unwrap_buf); + } - if (msg_buf.value) { - free(msg_buf.value); - msg_buf.value = 0; - } - - /* Send the signature block to the client */ - if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) - return (-1); + /* Send the signature block or NOOP to the client */ + if (send_token(s, send_flags, send_buf) < 0) + return (-1); - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - } else { - if (msg_buf.value) { - free(msg_buf.value); - msg_buf.value = 0; - } - if (send_token(s, TOKEN_NOOP, empty_token) < 0) - return (-1); + if (mic_buf.value) { + gss_release_buffer(&min_stat, &mic_buf); } } while (1 /* loop will break if NOOP received */ ); diff --git a/src/lib/gssapi/generic/oid_ops.c b/src/lib/gssapi/generic/oid_ops.c index c423542951..f507ccdc1e 100644 --- a/src/lib/gssapi/generic/oid_ops.c +++ b/src/lib/gssapi/generic/oid_ops.c @@ -129,7 +129,7 @@ generic_gss_create_empty_oid_set(OM_uint32 *minor_status, gss_OID_set *oid_set) { *minor_status = 0; - if ((*oid_set = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)))) { + if ((*oid_set = (gss_OID_set) gssalloc_malloc(sizeof(gss_OID_set_desc)))) { memset(*oid_set, 0, sizeof(gss_OID_set_desc)); return(GSS_S_COMPLETE); } @@ -155,7 +155,7 @@ generic_gss_add_oid_set_member(OM_uint32 *minor_status, elist = (*oid_set)->elements; /* Get an enlarged copy of the array */ - if (((*oid_set)->elements = (gss_OID) malloc(((*oid_set)->count+1) * + if (((*oid_set)->elements = (gss_OID) gssalloc_malloc(((*oid_set)->count+1) * sizeof(gss_OID_desc)))) { /* Copy in the old junk */ if (elist) @@ -166,7 +166,7 @@ generic_gss_add_oid_set_member(OM_uint32 *minor_status, /* Duplicate the input element */ lastel = &(*oid_set)->elements[(*oid_set)->count]; if ((lastel->elements = - (void *) malloc((size_t) member_oid->length))) { + (void *) gssalloc_malloc((size_t) member_oid->length))) { /* Success - copy elements */ memcpy(lastel->elements, member_oid->elements, (size_t) member_oid->length); @@ -176,12 +176,12 @@ generic_gss_add_oid_set_member(OM_uint32 *minor_status, /* Update count */ (*oid_set)->count++; if (elist) - free(elist); + gssalloc_free(elist); *minor_status = 0; return(GSS_S_COMPLETE); } else - free((*oid_set)->elements); + gssalloc_free((*oid_set)->elements); } /* Failure - restore old contents of list */ (*oid_set)->elements = elist; @@ -270,9 +270,7 @@ generic_gss_oid_to_str(OM_uint32 *minor_status, *minor_status = ENOMEM; return(GSS_S_FAILURE); } - oid_str->length = krb5int_buf_len(&buf)+1; - oid_str->value = (void *) bp; - return(GSS_S_COMPLETE); + return k5buf_to_gss(minor_status, &buf, oid_str); } OM_uint32 @@ -517,13 +515,13 @@ generic_gss_copy_oid_set(OM_uint32 *minor_status, if (new_oidset == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); - if ((copy = (gss_OID_set_desc *) calloc(1, sizeof (*copy))) == NULL) { + if ((copy = (gss_OID_set_desc *) gssalloc_calloc(1, sizeof (*copy))) == NULL) { major = GSS_S_FAILURE; goto done; } if ((copy->elements = (gss_OID_desc *) - calloc(oidset->count, sizeof (*copy->elements))) == NULL) { + gssalloc_calloc(oidset->count, sizeof (*copy->elements))) == NULL) { major = GSS_S_FAILURE; goto done; } @@ -533,7 +531,7 @@ generic_gss_copy_oid_set(OM_uint32 *minor_status, gss_OID_desc *out = ©->elements[i]; gss_OID_desc *in = &oidset->elements[i]; - if ((out->elements = (void *) malloc(in->length)) == NULL) { + if ((out->elements = (void *) gssalloc_malloc(in->length)) == NULL) { major = GSS_S_FAILURE; goto done; } diff --git a/src/lib/gssapi/generic/rel_buffer.c b/src/lib/gssapi/generic/rel_buffer.c index fb67123630..44dc98157b 100644 --- a/src/lib/gssapi/generic/rel_buffer.c +++ b/src/lib/gssapi/generic/rel_buffer.c @@ -48,7 +48,7 @@ generic_gss_release_buffer( return(GSS_S_COMPLETE); if (buffer->value) { - free(buffer->value); + gssalloc_free(buffer->value); buffer->length = 0; buffer->value = NULL; } diff --git a/src/lib/gssapi/generic/rel_oid_set.c b/src/lib/gssapi/generic/rel_oid_set.c index 61c15cdab0..954542e407 100644 --- a/src/lib/gssapi/generic/rel_oid_set.c +++ b/src/lib/gssapi/generic/rel_oid_set.c @@ -50,10 +50,10 @@ generic_gss_release_oid_set( return(GSS_S_COMPLETE); for (i=0; i<(*set)->count; i++) - free((*set)->elements[i].elements); + gssalloc_free((*set)->elements[i].elements); - free((*set)->elements); - free(*set); + gssalloc_free((*set)->elements); + gssalloc_free(*set); *set = GSS_C_NULL_OID_SET; diff --git a/src/lib/gssapi/generic/util_buffer.c b/src/lib/gssapi/generic/util_buffer.c index 81d86fc760..da2d832913 100644 --- a/src/lib/gssapi/generic/util_buffer.c +++ b/src/lib/gssapi/generic/util_buffer.c @@ -39,7 +39,7 @@ int g_make_string_buffer(const char *str, gss_buffer_t buffer) buffer->length = strlen(str); - if ((buffer->value = strdup(str)) == NULL) { + if ((buffer->value = gssalloc_strdup(str)) == NULL) { buffer->length = 0; return(0); } diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 40dfa8bd26..7dca130d53 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -1109,9 +1109,12 @@ kg_accept_krb5(minor_status, context_handle, /* in order to force acceptor subkey to be used, don't set PROT_READY */ /* Raw AP-REP is returned */ - output_token->length = ap_rep.length; - output_token->value = ap_rep.data; - ap_rep.data = NULL; /* don't double free */ + code = data_to_gss(&ap_rep, output_token); + if (code) + { + major_status = GSS_S_FAILURE; + goto fail; + } ctx->established = 0; @@ -1128,7 +1131,7 @@ kg_accept_krb5(minor_status, context_handle, token.length = g_token_size(mech_used, ap_rep.length); - if ((token.value = (unsigned char *) xmalloc(token.length)) + if ((token.value = (unsigned char *) gssalloc_malloc(token.length)) == NULL) { major_status = GSS_S_FAILURE; code = ENOMEM; diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index 48918b461b..068af434df 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -768,7 +768,7 @@ krb5_gss_localname(OM_uint32 *minor, krb5_free_context(context); - localname->value = strdup(lname); + localname->value = gssalloc_strdup(lname); localname->length = strlen(lname); return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE; diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 631840c8b2..1b8120c1d4 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -475,15 +475,14 @@ make_ap_req_v1(context, ctx, cred, k_cred, ad_context, * For DCE RPC, do not encapsulate the AP-REQ in the * typical GSS wrapping. */ - token->length = ap_req.length; - token->value = ap_req.data; - - ap_req.data = NULL; /* don't double free */ + code = data_to_gss(&ap_req, token); + if (code) + goto cleanup; } else { /* allocate space for the token */ tlen = g_token_size((gss_OID) mech_type, ap_req.length); - if ((t = (unsigned char *) xmalloc(tlen)) == NULL) { + if ((t = (unsigned char *) gssalloc_malloc(tlen)) == NULL) { code = ENOMEM; goto cleanup; } @@ -880,8 +879,9 @@ mutual_auth( if (code) goto fail; - output_token->value = outbuf.data; - output_token->length = outbuf.length; + code = data_to_gss(&outbuf, output_token); + if (code) + goto fail; } /* set established */ diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index ad2a3cf9b8..41604dc4ed 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -112,7 +112,7 @@ make_seal_token_v1 (krb5_context context, } tlen = g_token_size((gss_OID) oid, 14+cksum_size+tmsglen); - if ((t = (unsigned char *) xmalloc(tlen)) == NULL) + if ((t = (unsigned char *) gssalloc_malloc(tlen)) == NULL) return(ENOMEM); /*** fill in the token */ @@ -159,14 +159,14 @@ make_seal_token_v1 (krb5_context context, code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); if (code) { - xfree(t); + gssalloc_free(t); return(code); } md5cksum.length = sumlen; if ((plain = (unsigned char *) xmalloc(msglen ? msglen : 1)) == NULL) { - xfree(t); + gssalloc_free(t); return(ENOMEM); } @@ -174,7 +174,7 @@ make_seal_token_v1 (krb5_context context, if ((code = kg_make_confounder(context, enc->keyblock.enctype, plain))) { xfree(plain); - xfree(t); + gssalloc_free(t); return(code); } } @@ -188,7 +188,7 @@ make_seal_token_v1 (krb5_context context, if (! (data_ptr = (char *) xmalloc(8 + (bigend ? text->length : msglen)))) { xfree(plain); - xfree(t); + gssalloc_free(t); return(ENOMEM); } (void) memcpy(data_ptr, ptr-2, 8); @@ -204,7 +204,7 @@ make_seal_token_v1 (krb5_context context, if (code) { xfree(plain); - xfree(t); + gssalloc_free(t); return(code); } switch(signalg) { @@ -218,7 +218,7 @@ make_seal_token_v1 (krb5_context context, if (code) { krb5_free_checksum_contents(context, &md5cksum); xfree (plain); - xfree(t); + gssalloc_free(t); return code; } @@ -249,7 +249,7 @@ make_seal_token_v1 (krb5_context context, if ((code = kg_make_seq_num(context, seq, direction?0:0xff, (krb5_ui_4)*seqnum, ptr+14, ptr+6))) { xfree (plain); - xfree(t); + gssalloc_free(t); return(code); } @@ -265,7 +265,7 @@ make_seal_token_v1 (krb5_context context, if (code) { xfree(plain); - xfree(t); + gssalloc_free(t); return(code); } assert (enc_key->length == 16); @@ -279,7 +279,7 @@ make_seal_token_v1 (krb5_context context, if (code) { xfree(plain); - xfree(t); + gssalloc_free(t); return(code); } } @@ -290,7 +290,7 @@ make_seal_token_v1 (krb5_context context, (krb5_pointer) (ptr+cksum_size+14), tmsglen))) { xfree(plain); - xfree(t); + gssalloc_free(t); return(code); } } diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c index f050f6deab..ac3d44d8f3 100644 --- a/src/lib/gssapi/krb5/k5sealv3.c +++ b/src/lib/gssapi/krb5/k5sealv3.c @@ -136,7 +136,7 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, /* Get size of ciphertext. */ bufsize = 16 + krb5_encrypt_size (plain.length, key->keyblock.enctype); /* Allocate space for header plus encrypted data. */ - outbuf = malloc(bufsize); + outbuf = gssalloc_malloc(bufsize); if (outbuf == NULL) { free(plain.data); return ENOMEM; @@ -204,7 +204,7 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, assert(cksumsize <= 0xffff); bufsize = 16 + message2->length + cksumsize; - outbuf = malloc(bufsize); + outbuf = gssalloc_malloc(bufsize); if (outbuf == NULL) { free(plain.data); plain.data = 0; @@ -290,7 +290,7 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, return 0; error: - free(outbuf); + gssalloc_free(outbuf); token->value = NULL; token->length = 0; return err; @@ -401,13 +401,13 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, cipher.ciphertext.length = bodysize - 16; cipher.ciphertext.data = (char *)ptr + 16; plain.length = bodysize - 16; - plain.data = malloc(plain.length); + plain.data = gssalloc_malloc(plain.length); if (plain.data == NULL) goto no_mem; err = krb5_k_decrypt(context, key, key_usage, 0, &cipher, &plain); if (err) { - free(plain.data); + gssalloc_free(plain.data); goto error; } /* Don't use bodysize here! Use the fact that @@ -424,7 +424,7 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, message_buffer->value = plain.data; message_buffer->length = plain.length - ec - 16; if(message_buffer->length == 0) { - free(message_buffer->value); + gssalloc_free(message_buffer->value); message_buffer->value = NULL; } } else { @@ -467,7 +467,7 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, return GSS_S_BAD_SIG; } message_buffer->length = plain.length - 16; - message_buffer->value = malloc(message_buffer->length); + message_buffer->value = gssalloc_malloc(message_buffer->length); if (message_buffer->value == NULL) goto no_mem; memcpy(message_buffer->value, plain.data, message_buffer->length); diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index f864cc5ca3..935198054d 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -214,7 +214,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, } if (token.length) { - if ((token.value = (void *) xmalloc(token.length)) == NULL) { + if ((token.value = (void *) gssalloc_malloc(token.length)) == NULL) { if (sealalg != 0xffff) xfree(plain); *minor_status = ENOMEM; @@ -272,7 +272,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if (sealalg != 0xffff) xfree(plain); if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); + gssalloc_free(token.value); *minor_status = ENOMEM; return(GSS_S_FAILURE); } @@ -293,7 +293,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if (code) { if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); + gssalloc_free(token.value); *minor_status = code; return(GSS_S_FAILURE); } @@ -306,7 +306,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if (code) { krb5_free_checksum_contents(context, &md5cksum); if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); + gssalloc_free(token.value); *minor_status = code; return GSS_S_FAILURE; } @@ -327,7 +327,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if (sealalg != 0xffff) xfree(plain); if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); + gssalloc_free(token.value); *minor_status = code; return GSS_S_FAILURE; } @@ -339,7 +339,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if (sealalg == 0) xfree(plain); if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); + gssalloc_free(token.value); *minor_status = ENOMEM; return(GSS_S_FAILURE); } @@ -364,7 +364,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if (sealalg == 0) xfree(plain); if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); + gssalloc_free(token.value); *minor_status = code; return(GSS_S_FAILURE); } @@ -387,7 +387,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if (sealalg != 0xffff) xfree(plain); if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); + gssalloc_free(token.value); *minor_status = ENOMEM; return(GSS_S_FAILURE); } @@ -408,7 +408,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if (code) { if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); + gssalloc_free(token.value); *minor_status = code; return(GSS_S_FAILURE); } @@ -425,7 +425,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if (code) { if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); + gssalloc_free(token.value); *minor_status = 0; return(GSS_S_BAD_SIG); } @@ -447,7 +447,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { if (toktype == KG_TOK_SEAL_MSG) { - xfree(token.value); + gssalloc_free(token.value); message_buffer->value = NULL; message_buffer->length = 0; } diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c index 0063817796..b7b4a0a605 100644 --- a/src/lib/gssapi/krb5/util_crypt.c +++ b/src/lib/gssapi/krb5/util_crypt.c @@ -661,7 +661,7 @@ kg_release_iov(gss_iov_buffer_desc *iov, int iov_count) for (i = 0; i < iov_count; i++) { if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) { - free(iov[i].buffer.value); + gssalloc_free(iov[i].buffer.value); iov[i].buffer.length = 0; iov[i].buffer.value = NULL; iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED); @@ -761,7 +761,7 @@ kg_allocate_iov(gss_iov_buffer_t iov, size_t size) assert(iov->type & GSS_IOV_BUFFER_FLAG_ALLOCATE); iov->buffer.length = size; - iov->buffer.value = xmalloc(size); + iov->buffer.value = gssalloc_malloc(size); if (iov->buffer.value == NULL) { iov->buffer.length = 0; return ENOMEM; diff --git a/src/lib/gssapi/mechglue/g_dsp_status.c b/src/lib/gssapi/mechglue/g_dsp_status.c index 13f104bea8..0df34be16f 100644 --- a/src/lib/gssapi/mechglue/g_dsp_status.c +++ b/src/lib/gssapi/mechglue/g_dsp_status.c @@ -84,7 +84,7 @@ gss_buffer_t status_string; mapped to a flat numbering space. Look up the value we got passed. If it's not found, complain. */ if (status_value == 0) { - status_string->value = strdup("Unknown error"); + status_string->value = gssalloc_strdup("Unknown error"); if (status_string->value == NULL) { *minor_status = ENOMEM; map_errcode(minor_status); @@ -353,7 +353,7 @@ gss_buffer_t outStr; /* now copy the status code and return to caller */ outStr->length = strlen(errStr); - outStr->value = strdup(errStr); + outStr->value = gssalloc_strdup(errStr); if (outStr->value == NULL) { outStr->length = 0; return (GSS_S_FAILURE); diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c index 90febd5b9b..20485239e1 100644 --- a/src/lib/gssapi/mechglue/g_glue.c +++ b/src/lib/gssapi/mechglue/g_glue.c @@ -724,7 +724,7 @@ gssint_create_copy_buffer(srcBuf, destBuf, addNullChar) else len = srcBuf->length; - if (!(aBuf->value = (void*)malloc(len))) { + if (!(aBuf->value = (void*)gssalloc_malloc(len))) { free(aBuf); return (GSS_S_FAILURE); } diff --git a/src/lib/gssapi/mechglue/g_rel_buffer.c b/src/lib/gssapi/mechglue/g_rel_buffer.c index c1104fd8ae..8c3328acc5 100644 --- a/src/lib/gssapi/mechglue/g_rel_buffer.c +++ b/src/lib/gssapi/mechglue/g_rel_buffer.c @@ -49,7 +49,7 @@ gss_buffer_t buffer; if ((buffer->length) && (buffer->value)) { - free(buffer->value); + gssalloc_free(buffer->value); buffer->length = 0; buffer->value = NULL; } diff --git a/src/lib/gssapi/mechglue/g_rel_name.c b/src/lib/gssapi/mechglue/g_rel_name.c index e8ac6c34a4..e008692383 100644 --- a/src/lib/gssapi/mechglue/g_rel_name.c +++ b/src/lib/gssapi/mechglue/g_rel_name.c @@ -70,7 +70,7 @@ gss_name_t * input_name; if (union_name->external_name != GSS_C_NO_BUFFER) { if (union_name->external_name->value != NULL) - free(union_name->external_name->value); + gssalloc_free(union_name->external_name->value); free(union_name->external_name); } diff --git a/src/lib/gssapi/mechglue/g_wrap_aead.c b/src/lib/gssapi/mechglue/g_wrap_aead.c index 7c059b4691..ca1ef122e6 100644 --- a/src/lib/gssapi/mechglue/g_wrap_aead.c +++ b/src/lib/gssapi/mechglue/g_wrap_aead.c @@ -125,7 +125,7 @@ gssint_wrap_aead_iov_shim(gss_mechanism mech, output_message_buffer->length += iov[i].buffer.length; } - output_message_buffer->value = malloc(output_message_buffer->length); + output_message_buffer->value = gssalloc_malloc(output_message_buffer->length); if (output_message_buffer->value == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; |