diff options
| -rw-r--r-- | src/kdc/do_as_req.c | 6 | ||||
| -rw-r--r-- | src/kdc/do_tgs_req.c | 5 | ||||
| -rw-r--r-- | src/kdc/kdc_preauth.c | 8 | ||||
| -rw-r--r-- | src/kdc/kdc_util.c | 2 | ||||
| -rw-r--r-- | src/kdc/kdc_util.h | 2 |
5 files changed, 14 insertions, 9 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index a5b7100430..b183dcfc7b 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -133,6 +133,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, server_keyblock.contents = NULL; client_keyblock.contents = NULL; reply.padata = 0; + reply_encpart.enc_padata = 0; memset(&reply, 0, sizeof(reply)); session_key.contents = 0; @@ -623,7 +624,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, goto errout; } errcode = return_enc_padata(kdc_context, req_pkt, request, - as_encrypting_key, &server, &reply_encpart, FALSE); + as_encrypting_key, &server, &reply_encpart, + FALSE); if (errcode) { status = "KDC_RETURN_ENC_PADATA"; goto errout; @@ -689,6 +691,8 @@ egress: krb5_free_keyblock_contents(kdc_context, &client_keyblock); if (reply.padata != NULL) krb5_free_pa_data(kdc_context, reply.padata); + if (reply_encpart.enc_padata) + krb5_free_pa_data(kdc_context, reply_encpart.enc_padata); if (cname != NULL) free(cname); diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 52256e7bd8..cb0496f9da 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -950,13 +950,14 @@ tgt_again: } errcode = return_enc_padata(kdc_context, pkt, request, reply_key, &server, &reply_encpart, - is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)); + is_referral && + isflagset(s_flags, + KRB5_KDB_FLAG_CANONICALIZE)); if (errcode) { status = "KDC_RETURN_ENC_PADATA"; goto cleanup; } - errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart, subkey ? 1 : 0, reply_key, diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 05df3940c5..00800aab05 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -3086,9 +3086,10 @@ include_pac_p(krb5_context context, krb5_kdc_req *request) static krb5_error_code return_referral_enc_padata( krb5_context context, - krb5_enc_kdc_rep_part *reply, krb5_db_entry *server) + krb5_enc_kdc_rep_part *reply, + krb5_db_entry *server) { - krb5_error_code code; + krb5_error_code code; krb5_tl_data tl_data; krb5_pa_data pa_data; @@ -3101,10 +3102,9 @@ return_referral_enc_padata( krb5_context context, pa_data.pa_type = KRB5_PADATA_SVR_REFERRAL_INFO; pa_data.length = tl_data.tl_data_length; pa_data.contents = tl_data.tl_data_contents; - return add_pa_data_element(context, &pa_data, &reply->enc_padata, FALSE); + return add_pa_data_element(context, &pa_data, &reply->enc_padata, TRUE); } - krb5_error_code return_enc_padata(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, krb5_keyblock *reply_key, diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 95f495a820..d63bba2532 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -2697,9 +2697,9 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request, pa.contents = (krb5_octet *) out->data; pa.length = out->length; retval = add_pa_data_element(kdc_context, &pa, out_enc_padata, FALSE); - out->data = NULL; if (retval) goto cleanup; + out->data = NULL; pa.magic = KV5M_PA_DATA; pa.pa_type = KRB5_PADATA_FX_FAST; pa.length = 0; diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index 4b81376f3d..03ecaf7c1c 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -259,7 +259,7 @@ return_enc_padata(krb5_context context, krb5_keyblock *reply_key, krb5_db_entry *server, krb5_enc_kdc_rep_part *reply_encpart, -krb5_boolean is_referral); + krb5_boolean is_referral); krb5_error_code sign_db_authdata (krb5_context context, |