diff options
-rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 6 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/init_sec_context.c | 1 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/k5unseal.c | 2 |
3 files changed, 9 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 10f85ad88d..9cccd9d349 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -2,6 +2,12 @@ * init_sec_context.c (make_ap_req_v1): Free checksum_data if needed, to avoid leaking memory. Found by Kent Wu. + (krb5_gss_init_sec_context): Free default_enctypes to avoid + leaking returned value from krb5_get_tgs_ktypes. + + * k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if + token.length == 0, to avoid spurious uninitialized memory + references when calling memcpy() with a zero length. 2003-05-13 Tom Yu <tlyu@mit.edu> diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index a95d3048ac..0d3ddc9689 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -539,6 +539,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if (!is_duplicate_enctype) requested_enctypes[i++] = e; } + krb5_free_ktypes(context, default_enctypes); requested_enctypes[i++] = 0; if ((code = get_credentials(context, cred, ctx->there, now, diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 347d6b8524..e678311f9a 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -224,6 +224,8 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, return(GSS_S_FAILURE); } memcpy(token.value, plain+conflen, token.length); + } else { + token.value = NULL; } } else if (toktype == KG_TOK_SIGN_MSG) { token = *message_buffer; |