summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/gssapi/krb5/ChangeLog6
-rw-r--r--src/lib/gssapi/krb5/init_sec_context.c1
-rw-r--r--src/lib/gssapi/krb5/k5unseal.c2
3 files changed, 9 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 10f85ad88d..9cccd9d349 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -2,6 +2,12 @@
* init_sec_context.c (make_ap_req_v1): Free checksum_data if
needed, to avoid leaking memory. Found by Kent Wu.
+ (krb5_gss_init_sec_context): Free default_enctypes to avoid
+ leaking returned value from krb5_get_tgs_ktypes.
+
+ * k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if
+ token.length == 0, to avoid spurious uninitialized memory
+ references when calling memcpy() with a zero length.
2003-05-13 Tom Yu <tlyu@mit.edu>
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index a95d3048ac..0d3ddc9689 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -539,6 +539,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
if (!is_duplicate_enctype)
requested_enctypes[i++] = e;
}
+ krb5_free_ktypes(context, default_enctypes);
requested_enctypes[i++] = 0;
if ((code = get_credentials(context, cred, ctx->there, now,
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index 347d6b8524..e678311f9a 100644
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -224,6 +224,8 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
return(GSS_S_FAILURE);
}
memcpy(token.value, plain+conflen, token.length);
+ } else {
+ token.value = NULL;
}
} else if (toktype == KG_TOK_SIGN_MSG) {
token = *message_buffer;
generated by cgit (git 2.34.1) at 2024-06-30 03:43:56 +0000